Commit 426ca794 authored by Douwe Maan's avatar Douwe Maan

Reduce duplication to satisfy Flay

parent 77dcfee2
...@@ -3,55 +3,19 @@ module EE ...@@ -3,55 +3,19 @@ module EE
module Auth module Auth
module LDAP module LDAP
module Sync module Sync
class AdminUsers class AdminUsers < Sync::Users
attr_reader :provider, :proxy private
def self.execute(proxy)
self.new(proxy).update_permissions
end
def initialize(proxy) def attribute
@provider = proxy.provider :admin
@proxy = proxy
end end
def update_permissions def member_dns
return if admin_group.empty? return [] if admin_group.empty?
admin_group_member_dns = proxy.dns_for_group_cn(admin_group)
current_admin_users = ::User.admins.with_provider(provider)
verified_admin_users = []
# Verify existing admin users and add new ones. proxy.dns_for_group_cn(admin_group)
admin_group_member_dns.each do |member_dn|
user = ::Gitlab::Auth::LDAP::User.find_by_uid_and_provider(member_dn, provider)
if user.present?
user.admin = true
user.save
verified_admin_users << user
else
Rails.logger.debug do
<<-MSG.strip_heredoc.tr("\n", ' ')
#{self.class.name}: User with DN `#{member_dn}` should have admin
access but there is no user in GitLab with that identity.
Membership will be updated once the user signs in for the first time.
MSG
end
end
end
# Revoke the unverified admins.
current_admin_users.each do |user|
unless verified_admin_users.include?(user)
user.admin = false
user.save
end
end
end end
private
def admin_group def admin_group
proxy.adapter.config.admin_group proxy.adapter.config.admin_group
end end
......
...@@ -3,57 +3,19 @@ module EE ...@@ -3,57 +3,19 @@ module EE
module Auth module Auth
module LDAP module LDAP
module Sync module Sync
class ExternalUsers class ExternalUsers < Sync::Users
attr_reader :provider, :proxy private
def self.execute(proxy)
self.new(proxy).update_permissions
end
def initialize(proxy) def attribute
@provider = proxy.provider :external
@proxy = proxy
end end
def update_permissions def member_dns
return unless external_groups.any? external_groups.flat_map do |group|
proxy.dns_for_group_cn(group)
current_external_users = ::User.external.with_provider(provider) end.uniq
verified_external_users = []
external_groups.each do |group|
group_dns = proxy.dns_for_group_cn(group)
group_dns.each do |member_dn|
user = ::Gitlab::Auth::LDAP::User.find_by_uid_and_provider(member_dn, provider)
if user.present?
user.external = true
user.save
verified_external_users << user
else
Rails.logger.debug do
<<-MSG.strip_heredoc.tr("\n", ' ')
#{self.class.name}: User with DN `#{member_dn}` should be marked as
external but there is no user in GitLab with that identity.
Membership will be updated once the user signs in for the first time.
MSG
end
end
end
end
# Restore normal access to users no longer found in the external groups
current_external_users.each do |user|
unless verified_external_users.include?(user)
user.external = false
user.save
end
end
end end
private
def external_groups def external_groups
proxy.adapter.config.external_groups proxy.adapter.config.external_groups
end end
......
module EE
module Gitlab
module Auth
module LDAP
module Sync
class Users
attr_reader :provider, :proxy
def self.execute(proxy)
self.new(proxy).update_permissions
end
def initialize(proxy)
@provider = proxy.provider
@proxy = proxy
end
def update_permissions
dns = member_dns
return if dns.empty?
current_users_with_attribute = ::User.with_provider(provider).where(attribute => true)
verified_users_with_attribute = []
# Verify existing users and add new ones.
dns.each do |member_dn|
user = update_user_by_dn(member_dn)
verified_users_with_attribute << user if user
end
# Revoke the unverified users.
(current_users_with_attribute - verified_users_with_attribute).each do |user|
user[attribute] = false
user.save
end
end
private
def attribute
raise NotImplementedError
end
def member_dns
raise NotImplementedError
end
def update_user_by_dn(member_dn)
user = ::Gitlab::Auth::LDAP::User.find_by_uid_and_provider(member_dn, provider)
if user.present?
user[attribute] = true
user.save
user
else
Rails.logger.debug do
<<-MSG.strip_heredoc.tr("\n", ' ')
#{self.class.name}: User with DN `#{member_dn}` should be marked as
#{attribute} but there is no user in GitLab with that identity.
Membership will be updated once the user signs in for the first time.
MSG
end
nil
end
end
end
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment