Download as
Browse Code »

Commit 486de8c3f412df3e71c9045faf250941c03c8c00

Authored by Dmitriy Zaporozhets
1 parent 621affec
Exists in master and in 4 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb, spb-stable

Refactoring auth

Showing 7 changed files with 91 additions and 69 deletions   Show diff stats
Gemfile.lock
  Diff comments   View file @486de8c
... ... @@ -158,6 +158,8 @@ GEM
158 158 factory_girl_rails (4.0.0)
159 159 factory_girl (~> 4.0.0)
160 160 railties (>= 3.0.0)
  161 + faraday (0.8.4)
  162 + multipart-post (~> 1.1)
161 163 ffaker (1.14.0)
162 164 ffi (1.0.11)
163 165 foreman (0.47.0)
... ... @@ -194,6 +196,7 @@ GEM
194 196 httparty (0.8.3)
195 197 multi_json (~> 1.0)
196 198 multi_xml
  199 + httpauth (0.1)
197 200 i18n (0.6.1)
198 201 journey (1.0.4)
199 202 jquery-rails (2.0.2)
... ... @@ -203,6 +206,8 @@ GEM
203 206 jquery-rails
204 207 railties (>= 3.1.0)
205 208 json (1.7.5)
  209 + jwt (0.1.5)
  210 + multi_json (>= 1.0)
206 211 kaminari (0.14.0)
207 212 actionpack (>= 3.0.0)
208 213 activesupport (>= 3.0.0)
... ... @@ -225,12 +230,35 @@ GEM
225 230 sprockets (~> 2.0)
226 231 multi_json (1.3.6)
227 232 multi_xml (0.5.1)
  233 + multipart-post (1.1.5)
228 234 mysql2 (0.3.11)
229 235 net-ldap (0.2.2)
230 236 nokogiri (1.5.3)
  237 + oauth (0.4.7)
  238 + oauth2 (0.8.0)
  239 + faraday (~> 0.8)
  240 + httpauth (~> 0.1)
  241 + jwt (~> 0.1.4)
  242 + multi_json (~> 1.0)
  243 + rack (~> 1.2)
231 244 omniauth (1.1.0)
232 245 hashie (~> 1.2)
233 246 rack
  247 + omniauth-github (1.0.3)
  248 + omniauth (~> 1.0)
  249 + omniauth-oauth2 (~> 1.1)
  250 + omniauth-google-oauth2 (0.1.13)
  251 + omniauth (~> 1.0)
  252 + omniauth-oauth2
  253 + omniauth-oauth (1.0.1)
  254 + oauth
  255 + omniauth (~> 1.0)
  256 + omniauth-oauth2 (1.1.0)
  257 + oauth2 (~> 0.8.0)
  258 + omniauth (~> 1.0)
  259 + omniauth-twitter (0.0.13)
  260 + multi_json (~> 1.3)
  261 + omniauth-oauth (~> 1.0)
234 262 orm_adapter (0.3.0)
235 263 polyglot (0.3.3)
236 264 posix-spawn (0.3.6)
... ... @@ -420,7 +448,11 @@ DEPENDENCIES
420 448 linguist (~> 1.0.0)!
421 449 modernizr (= 2.5.3)
422 450 mysql2
  451 + omniauth
  452 + omniauth-github
  453 + omniauth-google-oauth2
423 454 omniauth-ldap!
  455 + omniauth-twitter
424 456 pry
425 457 pygments.rb!
426 458 rack-mini-profiler
... ...
app/assets/stylesheets/auth_methods.scss
  Diff comments   View file @486de8c
1 1 .auth_methods {
2   - &ul {
  2 + ul {
3 3 margin: 0;
4 4 text-align:center;
5 5 padding: 5px;
6   - &li {
  6 + li {
7 7 display: inline;
8 8 }
9 9 }
... ...
app/views/devise/sessions/new.html.erb
View file @621affe
... ... @@ -1,32 +0,0 @@
1   -<% unless ldap_enable? -%>
2   -
3   - <%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => { :class => "login-box" }) do |f| %>
4   - <%= image_tag "login-logo.png", :width => "304", :height => "66", :class => "login-logo", :alt => "Login Logo" %>
5   -
6   - <%= f.text_field :email, :class => "text top", :placeholder => "Email" %>
7   - <%= f.password_field :password, :class => "text bottom", :placeholder => "Password" %>
8   -
9   - <% if devise_mapping.rememberable? -%>
10   - <div class="clearfix inputs-list"> <label class="checkbox remember_me" for="user_remember_me"><%= f.check_box :remember_me %><span>Remember me</span></label></div>
11   - <% end -%>
12   - <br/>
13   - <%= f.submit "Sign in", :class => "primary btn" %>
14   - <div class="right"> <%= render :partial => "devise/shared/links" %></div>
15   -
16   - <%- if devise_mapping.omniauthable? %>
17   - <hr/>
18   - <div class="auth_methods">
19   - <ul>
20   - <%- resource_class.omniauth_providers.each do |provider| %>
21   - <li><%= link_to authbutton(provider),
22   - omniauth_authorize_path(resource_name, provider) %></li>
23   - <% end -%>
24   - </ul>
25   - </div>
26   - <% end -%>
27   -
28   - <% end %>
29   -
30   -<% else %>
31   - <%= render :partial => 'devise/sessions/new_ldap' %>
32   -<% end %>
config/gitlab.yml.example
  Diff comments   View file @486de8c
... ... @@ -25,8 +25,38 @@ app:
25 25 # backup_keep_time: 604800 # default: 0 (forever) (in seconds)
26 26 # disable_gravatar: true # default: false - Disable user avatars from Gravatar.com
27 27  
  28 +
  29 +
  30 +
28 31 #
29   -# 2. Advanced settings:
  32 +# 2. Auth settings
  33 +# ==========================
  34 +ldap:
  35 + enabled: false
  36 + host: '_your_ldap_server'
  37 + base: '_the_base_where_you_search_for_users'
  38 + port: 636
  39 + uid: 'sAMAccountName'
  40 + method: 'ssl' # plain
  41 + bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
  42 + password: '_the_password_of_the_bind_user'
  43 +
  44 +omniauth:
  45 + enabled: false
  46 + allow_single_sign_on: false
  47 + block_auto_created_users: true
  48 + providers:
  49 + # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
  50 + # app_secret: 'YOUR APP SECRET',
  51 + # args: { access_type: 'offline', approval_prompt: '' } }
  52 + # - { name: 'twitter', app_id: 'YOUR APP ID',
  53 + # app_secret: 'YOUR APP SECRET'}
  54 + # - { name: 'github', app_id: 'YOUR APP ID',
  55 + # app_secret: 'YOUR APP SECRET' }
  56 +
  57 +
  58 +#
  59 +# 3. Advanced settings:
30 60 # ==========================
31 61  
32 62 # Git Hosting configuration
... ... @@ -50,21 +80,3 @@ git:
50 80 git_max_size: 5242880 # 5.megabytes
51 81 # Git timeout to read commit, in seconds
52 82 git_timeout: 10
53   -
54   -# Omniauth configuration
55   -omniauth:
56   - enabled: false
57   - providers:
58   - allow_single_sign_on: false
59   - block_auto_created_users: true
60   -
61   -# omniauth:
62   -# enabled: true
63   -# providers:
64   -# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
65   -# app_secret: 'YOUR APP SECRET',
66   -# args: { access_type: 'offline', approval_prompt: '' } }
67   -# - { name: 'twitter', app_id: 'YOUR APP ID',
68   -# app_secret: 'YOUR APP SECRET'}
69   -# - { name: 'github', app_id: 'YOUR APP ID',
70   -# app_secret: 'YOUR APP SECRET' }
... ...
config/initializers/1_settings.rb
  Diff comments   View file @486de8c
... ... @@ -120,8 +120,16 @@ class Settings &lt; Settingslogic
120 120 app['backup_keep_time'] || 0
121 121 end
122 122  
  123 + def ldap_enabled?
  124 + ldap['enabled']
  125 + rescue
  126 + false
  127 + end
  128 +
123 129 def omniauth_enabled?
124   - omniauth['enabled'] || false
  130 + omniauth && omniauth['enabled']
  131 + rescue
  132 + false
125 133 end
126 134  
127 135 def omniauth_providers
... ...
config/initializers/devise.rb
  Diff comments   View file @486de8c
... ... @@ -204,4 +204,21 @@ Devise.setup do |config|
204 204 # manager.intercept_401 = false
205 205 # manager.default_strategies(:scope => :user).unshift :some_external_strategy
206 206 # end
  207 +
  208 + gl = Gitlab.config
  209 +
  210 + if gl.ldap_enabled?
  211 + config.omniauth :ldap,
  212 + :host => gl.ldap['host'],
  213 + :base => gl.ldap['base'],
  214 + :uid => gl.ldap['uid'],
  215 + :port => gl.ldap['port'],
  216 + :method => gl.ldap['method'],
  217 + :bind_dn => gl.ldap['bind_dn'],
  218 + :password => gl.ldap['password']
  219 + end
  220 +
  221 + gl.omniauth_providers.each do |gl_provider|
  222 + config.omniauth gl_provider['name'].to_sym, gl_provider['app_id'], gl_provider['app_secret']
  223 + end
207 224 end
... ...
config/initializers/omniauth.rb.sample
View file @621affe
... ... @@ -1,15 +0,0 @@
1   -# Copy this file to 'omniauth.rb' and configure it as necessary.
2   -# The wiki has further details on configuring each provider.
3   -
4   -Devise.setup do |config|
5   - # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
6   -
7   - # config.omniauth :ldap,
8   - # :host => 'YOUR_LDAP_SERVER',
9   - # :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
10   - # :uid => 'sAMAccountName',
11   - # :port => 389,
12   - # :method => :plain,
13   - # :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
14   - # :password => 'THE_PASSWORD_OF_THE_BIND_USER'
15   -end