Download as
Browse Code »

Commit 048d47e6266b5b078a169f1657d07883e86f169b

Authored by Dmitriy Zaporozhets
1 parent fa4150d4
Exists in master and in 4 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb, spb-stable

Refactorn oauth & ldap

Showing 4 changed files with 176 additions and 55 deletions   Show diff stats
app/models/user.rb
  Diff comments   View file @048d47e
@@ -87,62 +87,19 @@ class User < ActiveRecord::Base @@ -87,62 +87,19 @@ class User < ActiveRecord::Base
87 end 87 end
88 88
89 def self.create_from_omniauth(auth, ldap = false) 89 def self.create_from_omniauth(auth, ldap = false)
90 - provider, uid = auth.provider, auth.uid  
91 - name = auth.info.name.force_encoding("utf-8")  
92 - email = auth.info.email.downcase unless auth.info.email.nil?  
93 -  
94 - ldap_prefix = ldap ? '(LDAP) ' : ''  
95 - raise OmniAuth::Error, "#{ldap_prefix}#{provider} does not provide an email"\  
96 - " address" if auth.info.email.blank?  
97 -  
98 - logger.info "#{ldap_prefix}Creating user from #{provider} login"\  
99 - " {uid => #{uid}, name => #{name}, email => #{email}}"  
100 - password = Devise.friendly_token[0, 8].downcase  
101 - @user = User.new(  
102 - extern_uid: uid,  
103 - provider: provider,  
104 - name: name,  
105 - email: email,  
106 - password: password,  
107 - password_confirmation: password,  
108 - projects_limit: Gitlab.config.default_projects_limit,  
109 - )  
110 - if Gitlab.config.omniauth.block_auto_created_users && !ldap  
111 - @user.blocked = true  
112 - end  
113 - @user.save!  
114 - @user 90 + gitlab_auth.create_from_omniauth(auth, ldap)
115 end 91 end
116 92
117 def self.find_or_new_for_omniauth(auth) 93 def self.find_or_new_for_omniauth(auth)
118 - provider, uid = auth.provider, auth.uid 94 + gitlab_auth.find_or_new_for_omniauth(auth)
  95 + end
119 96
120 - if @user = User.find_by_provider_and_extern_uid(provider, uid)  
121 - @user  
122 - else  
123 - if Gitlab.config.omniauth.allow_single_sign_on  
124 - @user = User.create_from_omniauth(auth)  
125 - @user  
126 - end  
127 - end 97 + def self.find_for_ldap_auth(auth, signed_in_resource = nil)
  98 + gitlab_auth.find_for_ldap_auth(auth, signed_in_resource)
128 end 99 end
129 100
130 - def self.find_for_ldap_auth(auth, signed_in_resource=nil)  
131 - uid = auth.info.uid  
132 - provider = auth.provider  
133 - email = auth.info.email.downcase unless auth.info.email.nil?  
134 - raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil?  
135 -  
136 - if @user = User.find_by_extern_uid_and_provider(uid, provider)  
137 - @user  
138 - # workaround for backward compatibility  
139 - elsif @user = User.find_by_email(email)  
140 - logger.info "Updating legacy LDAP user #{email} with extern_uid => #{uid}"  
141 - @user.update_attributes(:extern_uid => uid, :provider => provider)  
142 - @user  
143 - else  
144 - create_from_omniauth(auth)  
145 - end 101 + def self.gitlab_auth
  102 + Gitlab::Auth.new
146 end 103 end
147 104
148 def self.search query 105 def self.search query
config/gitlab.yml.example
  Diff comments   View file @048d47e
@@ -42,7 +42,16 @@ ldap: @@ -42,7 +42,16 @@ ldap:
42 password: '_the_password_of_the_bind_user' 42 password: '_the_password_of_the_bind_user'
43 43
44 omniauth: 44 omniauth:
45 - enabled: false 45 + # Enable ability for users
  46 + # to login via twitter, google ..
  47 + enabled: true
  48 +
  49 + # IMPORTANT!
  50 + # It allows user to login without having user account
  51 + allow_single_sign_on: false
  52 + block_auto_created_users: true
  53 +
  54 + # Auth providers
46 providers: 55 providers:
47 # - { name: 'google_oauth2', app_id: 'YOUR APP ID', 56 # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
48 # app_secret: 'YOUR APP SECRET', 57 # app_secret: 'YOUR APP SECRET',
@@ -51,10 +60,6 @@ omniauth: @@ -51,10 +60,6 @@ omniauth:
51 # app_secret: 'YOUR APP SECRET'} 60 # app_secret: 'YOUR APP SECRET'}
52 # - { name: 'github', app_id: 'YOUR APP ID', 61 # - { name: 'github', app_id: 'YOUR APP ID',
53 # app_secret: 'YOUR APP SECRET' } 62 # app_secret: 'YOUR APP SECRET' }
54 - # IMPORTANT!  
55 - # It allows user to login without having user account  
56 - allow_single_sign_on: false  
57 - block_auto_created_users: true  
58 63
59 64
60 # 65 #
lib/gitlab/auth.rb 0 → 100644
  Diff comments   View file @048d47e
@@ -0,0 +1,66 @@ @@ -0,0 +1,66 @@
  1 +module Gitlab
  2 + class Auth
  3 + def find_for_ldap_auth(auth, signed_in_resource = nil)
  4 + uid = auth.info.uid
  5 + provider = auth.provider
  6 + email = auth.info.email.downcase unless auth.info.email.nil?
  7 + raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil?
  8 +
  9 + if @user = User.find_by_extern_uid_and_provider(uid, provider)
  10 + @user
  11 + elsif @user = User.find_by_email(email)
  12 + log.info "Updating legacy LDAP user #{email} with extern_uid => #{uid}"
  13 + @user.update_attributes(:extern_uid => uid, :provider => provider)
  14 + @user
  15 + else
  16 + create_from_omniauth(auth, true)
  17 + end
  18 + end
  19 +
  20 + def create_from_omniauth auth, ldap = false
  21 + provider = auth.provider
  22 + uid = auth.info.uid || auth.uid
  23 + name = auth.info.name.force_encoding("utf-8")
  24 + email = auth.info.email.downcase unless auth.info.email.nil?
  25 +
  26 + ldap_prefix = ldap ? '(LDAP) ' : ''
  27 + raise OmniAuth::Error, "#{ldap_prefix}#{provider} does not provide an email"\
  28 + " address" if auth.info.email.blank?
  29 +
  30 + log.info "#{ldap_prefix}Creating user from #{provider} login"\
  31 + " {uid => #{uid}, name => #{name}, email => #{email}}"
  32 + password = Devise.friendly_token[0, 8].downcase
  33 + @user = User.new(
  34 + extern_uid: uid,
  35 + provider: provider,
  36 + name: name,
  37 + email: email,
  38 + password: password,
  39 + password_confirmation: password,
  40 + projects_limit: Gitlab.config.default_projects_limit,
  41 + )
  42 + if Gitlab.config.omniauth.block_auto_created_users && !ldap
  43 + @user.blocked = true
  44 + end
  45 + @user.save!
  46 + @user
  47 + end
  48 +
  49 + def find_or_new_for_omniauth(auth)
  50 + provider, uid = auth.provider, auth.uid
  51 +
  52 + if @user = User.find_by_provider_and_extern_uid(provider, uid)
  53 + @user
  54 + else
  55 + if Gitlab.config.omniauth.allow_single_sign_on
  56 + @user = create_from_omniauth(auth)
  57 + @user
  58 + end
  59 + end
  60 + end
  61 +
  62 + def log
  63 + Gitlab::AppLogger
  64 + end
  65 + end
  66 +end
spec/lib/auth_spec.rb 0 → 100644
  Diff comments   View file @048d47e
@@ -0,0 +1,93 @@ @@ -0,0 +1,93 @@
  1 +require 'spec_helper'
  2 +
  3 +describe Gitlab::Auth do
  4 + let(:gl_auth) { Gitlab::Auth.new }
  5 +
  6 + before do
  7 + @info = mock(
  8 + uid: '12djsak321',
  9 + name: 'John',
  10 + email: 'john@mail.com'
  11 + )
  12 + end
  13 +
  14 + describe :find_for_ldap_auth do
  15 + before do
  16 + @auth = mock(
  17 + uid: '12djsak321',
  18 + info: @info,
  19 + provider: 'ldap'
  20 + )
  21 + end
  22 +
  23 + it "should find by uid & provider" do
  24 + User.should_receive :find_by_extern_uid_and_provider
  25 + gl_auth.find_for_ldap_auth(@auth)
  26 + end
  27 +
  28 + it "should update credentials by email if missing uid" do
  29 + user = double('User')
  30 + User.stub find_by_extern_uid_and_provider: nil
  31 + User.stub find_by_email: user
  32 + user.should_receive :update_attributes
  33 + gl_auth.find_for_ldap_auth(@auth)
  34 + end
  35 +
  36 +
  37 + it "should create from auth if user doesnot exist"do
  38 + User.stub find_by_extern_uid_and_provider: nil
  39 + User.stub find_by_email: nil
  40 + gl_auth.should_receive :create_from_omniauth
  41 + gl_auth.find_for_ldap_auth(@auth)
  42 + end
  43 + end
  44 +
  45 + describe :find_or_new_for_omniauth do
  46 + before do
  47 + @auth = mock(
  48 + info: @info,
  49 + provider: 'twitter',
  50 + uid: '12djsak321',
  51 + )
  52 + end
  53 +
  54 + it "should find user"do
  55 + User.should_receive :find_by_provider_and_extern_uid
  56 + gl_auth.should_not_receive :create_from_omniauth
  57 + gl_auth.find_or_new_for_omniauth(@auth)
  58 + end
  59 +
  60 + it "should not create user"do
  61 + User.stub find_by_provider_and_extern_uid: nil
  62 + gl_auth.should_not_receive :create_from_omniauth
  63 + gl_auth.find_or_new_for_omniauth(@auth)
  64 + end
  65 +
  66 + it "should create user if single_sing_on"do
  67 + Gitlab.config.omniauth.stub allow_single_sign_on: true
  68 + User.stub find_by_provider_and_extern_uid: nil
  69 + gl_auth.should_receive :create_from_omniauth
  70 + gl_auth.find_or_new_for_omniauth(@auth)
  71 + end
  72 + end
  73 +
  74 + describe :create_from_omniauth do
  75 + it "should create user from LDAP" do
  76 + @auth = mock(info: @info, provider: 'ldap')
  77 + user = gl_auth.create_from_omniauth(@auth, true)
  78 +
  79 + user.should be_valid
  80 + user.extern_uid.should == @info.uid
  81 + user.provider.should == 'ldap'
  82 + end
  83 +
  84 + it "should create user from Omniauth" do
  85 + @auth = mock(info: @info, provider: 'twitter')
  86 + user = gl_auth.create_from_omniauth(@auth, false)
  87 +
  88 + user.should be_valid
  89 + user.extern_uid.should == @info.uid
  90 + user.provider.should == 'twitter'
  91 + end
  92 + end
  93 +end