Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
564c4138
Commit
564c4138
authored
Oct 17, 2014
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' into '7-4-stable'
Merge master into 7-4-stable See merge request !1189
parents
4da88dbb
5a4a1a2f
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
117 additions
and
34 deletions
+117
-34
app/controllers/omniauth_callbacks_controller.rb
app/controllers/omniauth_callbacks_controller.rb
+14
-9
lib/gitlab/oauth/user.rb
lib/gitlab/oauth/user.rb
+36
-11
spec/lib/gitlab/oauth/user_spec.rb
spec/lib/gitlab/oauth/user_spec.rb
+67
-14
No files found.
app/controllers/omniauth_callbacks_controller.rb
View file @
564c4138
...
@@ -49,22 +49,27 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
...
@@ -49,22 +49,27 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
redirect_to
profile_path
redirect_to
profile_path
else
else
@user
=
Gitlab
::
OAuth
::
User
.
new
(
oauth
)
@user
=
Gitlab
::
OAuth
::
User
.
new
(
oauth
)
if
Gitlab
.
config
.
omniauth
[
'allow_single_sign_on'
]
&&
@user
.
new?
@user
.
save
@user
.
save
end
# Only allow properly saved users to login.
# Only allow properly saved users to login.
if
@user
.
persisted?
&&
@user
.
valid?
if
@user
.
persisted?
&&
@user
.
valid?
sign_in_and_redirect
(
@user
.
gl_user
)
sign_in_and_redirect
(
@user
.
gl_user
)
elsif
@user
.
gl_user
.
errors
.
any?
error_message
=
@user
.
gl_user
.
errors
.
map
{
|
attribute
,
message
|
"
#{
attribute
}
#{
message
}
"
}.
join
(
", "
)
redirect_to
omniauth_error_path
(
oauth
[
'provider'
],
error:
error_message
)
and
return
else
else
flash
[
:notice
]
=
"There's no such user!"
error_message
=
redirect_to
new_user_session_path
if
@user
.
gl_user
.
errors
.
any?
@user
.
gl_user
.
errors
.
map
do
|
attribute
,
message
|
"
#{
attribute
}
#{
message
}
"
end
.
join
(
", "
)
else
''
end
redirect_to
omniauth_error_path
(
oauth
[
'provider'
],
error:
error_message
)
and
return
end
end
end
end
rescue
StandardError
flash
[
:notice
]
=
"There's no such user!"
redirect_to
new_user_session_path
end
end
def
oauth
def
oauth
...
...
lib/gitlab/oauth/user.rb
View file @
564c4138
...
@@ -13,22 +13,28 @@ module Gitlab
...
@@ -13,22 +13,28 @@ module Gitlab
end
end
def
persisted?
def
persisted?
gl_user
.
persisted?
gl_user
.
try
(
:persisted?
)
end
end
def
new?
def
new?
!
gl_user
.
persisted?
!
persisted?
end
end
def
valid?
def
valid?
gl_user
.
valid?
gl_user
.
try
(
:valid?
)
end
end
def
save
def
save
unauthorized_to_create
unless
gl_user
if
needs_blocking?
gl_user
.
save!
gl_user
.
save!
log
.
info
"(OAuth) saving user
#{
auth_hash
.
email
}
from login with extern_uid =>
#{
auth_hash
.
uid
}
"
gl_user
.
block
gl_user
.
block
if
needs_blocking?
else
gl_user
.
save!
end
log
.
info
"(OAuth) saving user
#{
auth_hash
.
email
}
from login with extern_uid =>
#{
auth_hash
.
uid
}
"
gl_user
gl_user
rescue
ActiveRecord
::
RecordInvalid
=>
e
rescue
ActiveRecord
::
RecordInvalid
=>
e
log
.
info
"(OAuth) Error saving user:
#{
gl_user
.
errors
.
full_messages
}
"
log
.
info
"(OAuth) Error saving user:
#{
gl_user
.
errors
.
full_messages
}
"
...
@@ -36,10 +42,29 @@ module Gitlab
...
@@ -36,10 +42,29 @@ module Gitlab
end
end
def
gl_user
def
gl_user
@user
||=
find_by_uid_and_provider
||
build_new_user
@user
||=
find_by_uid_and_provider
if
signup_enabled?
@user
||=
build_new_user
end
@user
end
end
protected
protected
def
needs_blocking?
new?
&&
block_after_signup?
end
def
signup_enabled?
Gitlab
.
config
.
omniauth
.
allow_single_sign_on
end
def
block_after_signup?
Gitlab
.
config
.
omniauth
.
block_auto_created_users
end
def
auth_hash
=
(
auth_hash
)
def
auth_hash
=
(
auth_hash
)
@auth_hash
=
AuthHash
.
new
(
auth_hash
)
@auth_hash
=
AuthHash
.
new
(
auth_hash
)
end
end
...
@@ -70,13 +95,13 @@ module Gitlab
...
@@ -70,13 +95,13 @@ module Gitlab
Gitlab
::
AppLogger
Gitlab
::
AppLogger
end
end
def
needs_blocking?
Gitlab
.
config
.
omniauth
[
'block_auto_created_users'
]
end
def
model
def
model
::
User
::
User
end
end
def
raise_unauthorized_to_create
raise
StandardError
.
new
(
"Unauthorized to create user, signup disabled for
#{
auth_hash
.
provider
}
"
)
end
end
end
end
end
end
end
spec/lib/gitlab/oauth/user_spec.rb
View file @
564c4138
...
@@ -29,26 +29,79 @@ describe Gitlab::OAuth::User do
...
@@ -29,26 +29,79 @@ describe Gitlab::OAuth::User do
end
end
describe
:save
do
describe
:save
do
context
"LDAP"
do
let
(
:provider
)
{
'twitter'
}
let
(
:provider
)
{
'ldap'
}
it
"creates a user from LDAP"
do
describe
'signup'
do
context
"with allow_single_sign_on enabled"
do
before
{
Gitlab
.
config
.
omniauth
.
stub
allow_single_sign_on:
true
}
it
"creates a user from Omniauth"
do
oauth_user
.
save
oauth_user
.
save
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
.
extern_uid
).
to
eql
uid
expect
(
gl_user
.
extern_uid
).
to
eql
uid
expect
(
gl_user
.
provider
).
to
eql
'ldap'
expect
(
gl_user
.
provider
).
to
eql
'twitter'
end
end
context
"with allow_single_sign_on disabled (Default)"
do
it
"throws an error"
do
expect
{
oauth_user
.
save
}.
to
raise_error
StandardError
end
end
end
end
end
context
"twitter"
do
describe
'blocking'
do
let
(
:provider
)
{
'twitter'
}
let
(
:provider
)
{
'twitter'
}
before
{
Gitlab
.
config
.
omniauth
.
stub
allow_single_sign_on:
true
}
it
"creates a user from Omniauth"
do
context
'signup'
do
context
'dont block on create'
do
before
{
Gitlab
.
config
.
omniauth
.
stub
block_auto_created_users:
false
}
it
do
oauth_user
.
save
oauth_user
.
save
gl_user
.
should
be_valid
gl_user
.
should_not
be_blocked
end
end
expect
(
gl_user
).
to
be_valid
context
'block on create'
do
expect
(
gl_user
.
extern_uid
).
to
eql
uid
before
{
Gitlab
.
config
.
omniauth
.
stub
block_auto_created_users:
true
}
expect
(
gl_user
.
provider
).
to
eql
'twitter'
it
do
oauth_user
.
save
gl_user
.
should
be_valid
gl_user
.
should
be_blocked
end
end
end
context
'sign-in'
do
before
do
oauth_user
.
save
oauth_user
.
gl_user
.
activate
end
context
'dont block on create'
do
before
{
Gitlab
.
config
.
omniauth
.
stub
block_auto_created_users:
false
}
it
do
oauth_user
.
save
gl_user
.
should
be_valid
gl_user
.
should_not
be_blocked
end
end
context
'block on create'
do
before
{
Gitlab
.
config
.
omniauth
.
stub
block_auto_created_users:
true
}
it
do
oauth_user
.
save
gl_user
.
should
be_valid
gl_user
.
should_not
be_blocked
end
end
end
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment