Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Tatuya Kamada
gitlab-ce
Commits
228baa80
Commit
228baa80
authored
Apr 27, 2013
by
Friedrich Beckmann
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
LDAP Authentification with grack for https push - fixed password check
parent
df96c079
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
25 additions
and
1 deletion
+25
-1
lib/gitlab/backend/grack_auth.rb
lib/gitlab/backend/grack_auth.rb
+25
-1
No files found.
lib/gitlab/backend/grack_auth.rb
View file @
228baa80
require_relative
'shell_env'
require_relative
'shell_env'
require
'omniauth-ldap'
module
Grack
module
Grack
class
Auth
<
Rack
::
Auth
::
Basic
class
Auth
<
Rack
::
Auth
::
Basic
...
@@ -32,8 +33,14 @@ module Grack
...
@@ -32,8 +33,14 @@ module Grack
# Authentication with username and password
# Authentication with username and password
login
,
password
=
@auth
.
credentials
login
,
password
=
@auth
.
credentials
self
.
user
=
User
.
find_by_email
(
login
)
||
User
.
find_by_username
(
login
)
self
.
user
=
User
.
find_by_email
(
login
)
||
User
.
find_by_username
(
login
)
return
false
unless
user
.
try
(
:valid_password?
,
password
)
if
user
.
nil?
ldap_auth
(
login
,
password
)
return
false
unless
!
user
.
nil?
else
return
false
unless
user
.
valid_password?
(
password
);
end
Gitlab
::
ShellEnv
.
set_env
(
user
)
Gitlab
::
ShellEnv
.
set_env
(
user
)
end
end
...
@@ -47,6 +54,23 @@ module Grack
...
@@ -47,6 +54,23 @@ module Grack
end
end
end
end
def
ldap_auth
(
login
,
password
)
# Check user against LDAP backend if user is not authenticated
# Only check with valid login and password to prevent anonymous bind results
gl
=
Gitlab
.
config
if
gl
.
ldap
.
enabled
&&
!
login
.
blank?
&&
!
password
.
blank?
ldap
=
OmniAuth
::
LDAP
::
Adaptor
.
new
(
gl
.
ldap
)
ldap_user
=
ldap
.
bind_as
(
filter:
Net
::
LDAP
::
Filter
.
eq
(
ldap
.
uid
,
login
),
size:
1
,
password:
password
)
if
ldap_user
self
.
user
=
User
.
find_by_extern_uid_and_provider
(
ldap_user
.
dn
,
'ldap'
)
end
end
end
def
validate_get_request
def
validate_get_request
project
.
public
||
can?
(
user
,
:download_code
,
project
)
project
.
public
||
can?
(
user
,
:download_code
,
project
)
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment