Refactoring auth

Dmitriy Zaporozhets
1 parent 621affec
Showing 7 changed files with 91 additions and 69 deletions Show diff stats
Gemfile.lock
app/assets/stylesheets/auth_methods.scss
app/views/devise/sessions/new.html.erb
config/gitlab.yml.example
config/initializers/1_settings.rb
config/initializers/devise.rb
config/initializers/omniauth.rb.sample
@@ -158,6 +158,8 @@ GEM
     factory_girl_rails (4.0.0)
       factory_girl (~> 4.0.0)
       railties (>= 3.0.0)
+    faraday (0.8.4)
+      multipart-post (~> 1.1)
     ffaker (1.14.0)
     ffi (1.0.11)
     foreman (0.47.0)
@@ -194,6 +196,7 @@ GEM
     httparty (0.8.3)
       multi_json (~> 1.0)
       multi_xml
+    httpauth (0.1)
     i18n (0.6.1)
     journey (1.0.4)
     jquery-rails (2.0.2)
@@ -203,6 +206,8 @@ GEM
       jquery-rails
       railties (>= 3.1.0)
     json (1.7.5)
+    jwt (0.1.5)
+      multi_json (>= 1.0)
     kaminari (0.14.0)
       actionpack (>= 3.0.0)
       activesupport (>= 3.0.0)
@@ -225,12 +230,35 @@ GEM
       sprockets (~> 2.0)
     multi_json (1.3.6)
     multi_xml (0.5.1)
+    multipart-post (1.1.5)
     mysql2 (0.3.11)
     net-ldap (0.2.2)
     nokogiri (1.5.3)
+    oauth (0.4.7)
+    oauth2 (0.8.0)
+      faraday (~> 0.8)
+      httpauth (~> 0.1)
+      jwt (~> 0.1.4)
+      multi_json (~> 1.0)
+      rack (~> 1.2)
     omniauth (1.1.0)
       hashie (~> 1.2)
       rack
+    omniauth-github (1.0.3)
+      omniauth (~> 1.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-google-oauth2 (0.1.13)
+      omniauth (~> 1.0)
+      omniauth-oauth2
+    omniauth-oauth (1.0.1)
+      oauth
+      omniauth (~> 1.0)
+    omniauth-oauth2 (1.1.0)
+      oauth2 (~> 0.8.0)
+      omniauth (~> 1.0)
+    omniauth-twitter (0.0.13)
+      multi_json (~> 1.3)
+      omniauth-oauth (~> 1.0)
     orm_adapter (0.3.0)
     polyglot (0.3.3)
     posix-spawn (0.3.6)
@@ -420,7 +448,11 @@ DEPENDENCIES
   linguist (~> 1.0.0)!
   modernizr (= 2.5.3)
   mysql2
+  omniauth
+  omniauth-github
+  omniauth-google-oauth2
   omniauth-ldap!
+  omniauth-twitter
   pry
   pygments.rb!
   rack-mini-profiler
 .auth_methods {
-  &ul {
+  ul {
     margin: 0;
     text-align:center;
     padding: 5px;
-    &li {
+    li {
       display: inline;
     }
   }
@@ -1,32 +0,0 @@
-<% unless ldap_enable? -%>
-
-  <%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => { :class => "login-box" }) do |f| %>
-    <%= image_tag "login-logo.png", :width => "304", :height => "66", :class => "login-logo", :alt => "Login Logo" %>
-
-    <%= f.text_field :email, :class => "text top", :placeholder => "Email" %>
-    <%= f.password_field :password, :class => "text bottom", :placeholder => "Password"  %>
-
-    <% if devise_mapping.rememberable? -%>
-      <div class="clearfix inputs-list"> <label class="checkbox remember_me" for="user_remember_me"><%= f.check_box :remember_me %><span>Remember me</span></label></div>
-    <% end -%>
-    <br/>
-    <%= f.submit "Sign in", :class => "primary btn" %>
-    <div class="right"> <%= render :partial => "devise/shared/links" %></div>
-
-    <%- if devise_mapping.omniauthable? %>
-      <hr/>
-      <div class="auth_methods">
-        <ul>
-          <%- resource_class.omniauth_providers.each do |provider| %>
-          <li><%= link_to authbutton(provider),
-                   omniauth_authorize_path(resource_name, provider) %></li>
-          <% end -%>
-        </ul>
-      </div>
-    <% end -%>
-
-  <% end %>
-
-<% else %>
-  <%= render :partial => 'devise/sessions/new_ldap' %>
-<% end %>
@@ -25,8 +25,38 @@ app:
   # backup_keep_time: 604800      # default: 0 (forever) (in seconds)
   # disable_gravatar: true        # default: false - Disable user avatars from Gravatar.com
+
+
+
 #
-# 2. Advanced settings:
+# 2. Auth settings
+# ==========================
+ldap: 
+  enabled: false
+  host: '_your_ldap_server'
+  base: '_the_base_where_you_search_for_users'
+  port: 636
+  uid: 'sAMAccountName'
+  method: 'ssl' # plain
+  bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+  password: '_the_password_of_the_bind_user'
+
+omniauth:
+  enabled: false
+  allow_single_sign_on: false
+  block_auto_created_users: true
+  providers:
+    # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
+    #     app_secret: 'YOUR APP SECRET',
+    #     args: { access_type: 'offline', approval_prompt: '' } }
+    # - { name: 'twitter', app_id: 'YOUR APP ID',
+    #     app_secret: 'YOUR APP SECRET'}
+    # - { name: 'github', app_id: 'YOUR APP ID',
+    #     app_secret: 'YOUR APP SECRET' }
+
+
+#
+# 3. Advanced settings:
 # ==========================
 # Git Hosting configuration
@@ -50,21 +80,3 @@ git:
   git_max_size: 5242880 # 5.megabytes
   # Git timeout to read commit, in seconds
   git_timeout: 10
-
-# Omniauth configuration
-omniauth:
-  enabled: false
-  providers:
-  allow_single_sign_on: false
-  block_auto_created_users: true
-
-# omniauth:
-#   enabled: true
-#   providers:
-#     - { name: 'google_oauth2', app_id: 'YOUR APP ID',
-#         app_secret: 'YOUR APP SECRET',
-#         args: { access_type: 'offline', approval_prompt: '' } }
-#     - { name: 'twitter', app_id: 'YOUR APP ID',
-#         app_secret: 'YOUR APP SECRET'}
-#     - { name: 'github', app_id: 'YOUR APP ID',
-#         app_secret: 'YOUR APP SECRET' }
@@ -120,8 +120,16 @@ class Settings &lt; Settingslogic
       app['backup_keep_time'] || 0
     end
+    def ldap_enabled?
+      ldap['enabled']
+    rescue
+      false
+    end
+
     def omniauth_enabled?
-      omniauth['enabled'] || false
+      omniauth && omniauth['enabled']
+    rescue
+      false
     end
     def omniauth_providers
@@ -204,4 +204,21 @@ Devise.setup do |config|
   #   manager.intercept_401 = false
   #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
   # end
+
+  gl = Gitlab.config
+
+  if gl.ldap_enabled?
+    config.omniauth :ldap,
+      :host     => gl.ldap['host'],
+      :base     => gl.ldap['base'],
+      :uid      => gl.ldap['uid'],
+      :port     => gl.ldap['port'],
+      :method   => gl.ldap['method'],
+      :bind_dn  => gl.ldap['bind_dn'],
+      :password => gl.ldap['password']
+  end
+
+  gl.omniauth_providers.each do |gl_provider|
+    config.omniauth gl_provider['name'].to_sym, gl_provider['app_id'], gl_provider['app_secret']
+  end
 end
@@ -1,15 +0,0 @@
-# Copy this file to 'omniauth.rb' and configure it as necessary.
-# The wiki has further details on configuring each provider.
-
-Devise.setup do |config|
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
-
-  # config.omniauth :ldap, 
-  #     :host => 'YOUR_LDAP_SERVER',
-  #     :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
-  #     :uid => 'sAMAccountName',
-  #     :port => 389,
-  #     :method => :plain,
-  #     :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
-  #     :password => 'THE_PASSWORD_OF_THE_BIND_USER'
-end
	@@ -158,6 +158,8 @@ GEM		@@ -158,6 +158,8 @@ GEM
158	factory_girl_rails (4.0.0)	158	factory_girl_rails (4.0.0)
159	factory_girl (~> 4.0.0)	159	factory_girl (~> 4.0.0)
160	railties (>= 3.0.0)	160	railties (>= 3.0.0)
		161	+ faraday (0.8.4)
		162	+ multipart-post (~> 1.1)
161	ffaker (1.14.0)	163	ffaker (1.14.0)
162	ffi (1.0.11)	164	ffi (1.0.11)
163	foreman (0.47.0)	165	foreman (0.47.0)
	@@ -194,6 +196,7 @@ GEM		@@ -194,6 +196,7 @@ GEM
194	httparty (0.8.3)	196	httparty (0.8.3)
195	multi_json (~> 1.0)	197	multi_json (~> 1.0)
196	multi_xml	198	multi_xml
		199	+ httpauth (0.1)
197	i18n (0.6.1)	200	i18n (0.6.1)
198	journey (1.0.4)	201	journey (1.0.4)
199	jquery-rails (2.0.2)	202	jquery-rails (2.0.2)
	@@ -203,6 +206,8 @@ GEM		@@ -203,6 +206,8 @@ GEM
203	jquery-rails	206	jquery-rails
204	railties (>= 3.1.0)	207	railties (>= 3.1.0)
205	json (1.7.5)	208	json (1.7.5)
		209	+ jwt (0.1.5)
		210	+ multi_json (>= 1.0)
206	kaminari (0.14.0)	211	kaminari (0.14.0)
207	actionpack (>= 3.0.0)	212	actionpack (>= 3.0.0)
208	activesupport (>= 3.0.0)	213	activesupport (>= 3.0.0)
	@@ -225,12 +230,35 @@ GEM		@@ -225,12 +230,35 @@ GEM
225	sprockets (~> 2.0)	230	sprockets (~> 2.0)
226	multi_json (1.3.6)	231	multi_json (1.3.6)
227	multi_xml (0.5.1)	232	multi_xml (0.5.1)
		233	+ multipart-post (1.1.5)
228	mysql2 (0.3.11)	234	mysql2 (0.3.11)
229	net-ldap (0.2.2)	235	net-ldap (0.2.2)
230	nokogiri (1.5.3)	236	nokogiri (1.5.3)
		237	+ oauth (0.4.7)
		238	+ oauth2 (0.8.0)
		239	+ faraday (~> 0.8)
		240	+ httpauth (~> 0.1)
		241	+ jwt (~> 0.1.4)
		242	+ multi_json (~> 1.0)
		243	+ rack (~> 1.2)
231	omniauth (1.1.0)	244	omniauth (1.1.0)
232	hashie (~> 1.2)	245	hashie (~> 1.2)
233	rack	246	rack
		247	+ omniauth-github (1.0.3)
		248	+ omniauth (~> 1.0)
		249	+ omniauth-oauth2 (~> 1.1)
		250	+ omniauth-google-oauth2 (0.1.13)
		251	+ omniauth (~> 1.0)
		252	+ omniauth-oauth2
		253	+ omniauth-oauth (1.0.1)
		254	+ oauth
		255	+ omniauth (~> 1.0)
		256	+ omniauth-oauth2 (1.1.0)
		257	+ oauth2 (~> 0.8.0)
		258	+ omniauth (~> 1.0)
		259	+ omniauth-twitter (0.0.13)
		260	+ multi_json (~> 1.3)
		261	+ omniauth-oauth (~> 1.0)
234	orm_adapter (0.3.0)	262	orm_adapter (0.3.0)
235	polyglot (0.3.3)	263	polyglot (0.3.3)
236	posix-spawn (0.3.6)	264	posix-spawn (0.3.6)
	@@ -420,7 +448,11 @@ DEPENDENCIES		@@ -420,7 +448,11 @@ DEPENDENCIES
420	linguist (~> 1.0.0)!	448	linguist (~> 1.0.0)!
421	modernizr (= 2.5.3)	449	modernizr (= 2.5.3)
422	mysql2	450	mysql2
		451	+ omniauth
		452	+ omniauth-github
		453	+ omniauth-google-oauth2
423	omniauth-ldap!	454	omniauth-ldap!
		455	+ omniauth-twitter
424	pry	456	pry
425	pygments.rb!	457	pygments.rb!
426	rack-mini-profiler	458	rack-mini-profiler
1	.auth_methods {	1	.auth_methods {
2	- &ul {	2	+ ul {
3	margin: 0;	3	margin: 0;
4	text-align:center;	4	text-align:center;
5	padding: 5px;	5	padding: 5px;
6	- &li {	6	+ li {
7	display: inline;	7	display: inline;
8	}	8	}
9	}	9	}
	@@ -1,32 +0,0 @@	@@ -1,32 +0,0 @@
1	-<% unless ldap_enable? -%>
2	-
3	- <%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => { :class => "login-box" }) do \|f\| %>
4	- <%= image_tag "login-logo.png", :width => "304", :height => "66", :class => "login-logo", :alt => "Login Logo" %>
5	-
6	- <%= f.text_field :email, :class => "text top", :placeholder => "Email" %>
7	- <%= f.password_field :password, :class => "text bottom", :placeholder => "Password" %>
8	-
9	- <% if devise_mapping.rememberable? -%>
10	- <div class="clearfix inputs-list"> <label class="checkbox remember_me" for="user_remember_me"><%= f.check_box :remember_me %><span>Remember me</span></label></div>
11	- <% end -%>
12	- <br/>
13	- <%= f.submit "Sign in", :class => "primary btn" %>
14	- <div class="right"> <%= render :partial => "devise/shared/links" %></div>
15	-
16	- <%- if devise_mapping.omniauthable? %>
17	- <hr/>
18	- <div class="auth_methods">
19	- <ul>
20	- <%- resource_class.omniauth_providers.each do \|provider\| %>
21	- <li><%= link_to authbutton(provider),
22	- omniauth_authorize_path(resource_name, provider) %></li>
23	- <% end -%>
24	- </ul>
25	- </div>
26	- <% end -%>
27	-
28	- <% end %>
29	-
30	-<% else %>
31	- <%= render :partial => 'devise/sessions/new_ldap' %>
32	-<% end %>
	@@ -25,8 +25,38 @@ app:		@@ -25,8 +25,38 @@ app:
25	# backup_keep_time: 604800 # default: 0 (forever) (in seconds)	25	# backup_keep_time: 604800 # default: 0 (forever) (in seconds)
26	# disable_gravatar: true # default: false - Disable user avatars from Gravatar.com	26	# disable_gravatar: true # default: false - Disable user avatars from Gravatar.com
27		27
		28	+
		29	+
		30	+
28	#	31	#
29	-# 2. Advanced settings:	32	+# 2. Auth settings
		33	+# ==========================
		34	+ldap:
		35	+ enabled: false
		36	+ host: '_your_ldap_server'
		37	+ base: '_the_base_where_you_search_for_users'
		38	+ port: 636
		39	+ uid: 'sAMAccountName'
		40	+ method: 'ssl' # plain
		41	+ bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
		42	+ password: '_the_password_of_the_bind_user'
		43	+
		44	+omniauth:
		45	+ enabled: false
		46	+ allow_single_sign_on: false
		47	+ block_auto_created_users: true
		48	+ providers:
		49	+ # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
		50	+ # app_secret: 'YOUR APP SECRET',
		51	+ # args: { access_type: 'offline', approval_prompt: '' } }
		52	+ # - { name: 'twitter', app_id: 'YOUR APP ID',
		53	+ # app_secret: 'YOUR APP SECRET'}
		54	+ # - { name: 'github', app_id: 'YOUR APP ID',
		55	+ # app_secret: 'YOUR APP SECRET' }
		56	+
		57	+
		58	+#
		59	+# 3. Advanced settings:
30	# ==========================	60	# ==========================
31		61
32	# Git Hosting configuration	62	# Git Hosting configuration
	@@ -50,21 +80,3 @@ git:		@@ -50,21 +80,3 @@ git:
50	git_max_size: 5242880 # 5.megabytes	80	git_max_size: 5242880 # 5.megabytes
51	# Git timeout to read commit, in seconds	81	# Git timeout to read commit, in seconds
52	git_timeout: 10	82	git_timeout: 10
53	-
54	-# Omniauth configuration
55	-omniauth:
56	- enabled: false
57	- providers:
58	- allow_single_sign_on: false
59	- block_auto_created_users: true
60	-
61	-# omniauth:
62	-# enabled: true
63	-# providers:
64	-# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
65	-# app_secret: 'YOUR APP SECRET',
66	-# args: { access_type: 'offline', approval_prompt: '' } }
67	-# - { name: 'twitter', app_id: 'YOUR APP ID',
68	-# app_secret: 'YOUR APP SECRET'}
69	-# - { name: 'github', app_id: 'YOUR APP ID',
70	-# app_secret: 'YOUR APP SECRET' }
	@@ -120,8 +120,16 @@ class Settings < Settingslogic		@@ -120,8 +120,16 @@ class Settings < Settingslogic
120	app['backup_keep_time'] \|\| 0	120	app['backup_keep_time'] \|\| 0
121	end	121	end
122		122
		123	+ def ldap_enabled?
		124	+ ldap['enabled']
		125	+ rescue
		126	+ false
		127	+ end
		128	+
123	def omniauth_enabled?	129	def omniauth_enabled?
124	- omniauth['enabled'] \|\| false	130	+ omniauth && omniauth['enabled']
		131	+ rescue
		132	+ false
125	end	133	end
126		134
127	def omniauth_providers	135	def omniauth_providers
	@@ -204,4 +204,21 @@ Devise.setup do \|config\|		@@ -204,4 +204,21 @@ Devise.setup do \|config\|
204	# manager.intercept_401 = false	204	# manager.intercept_401 = false
205	# manager.default_strategies(:scope => :user).unshift :some_external_strategy	205	# manager.default_strategies(:scope => :user).unshift :some_external_strategy
206	# end	206	# end
		207	+
		208	+ gl = Gitlab.config
		209	+
		210	+ if gl.ldap_enabled?
		211	+ config.omniauth :ldap,
		212	+ :host => gl.ldap['host'],
		213	+ :base => gl.ldap['base'],
		214	+ :uid => gl.ldap['uid'],
		215	+ :port => gl.ldap['port'],
		216	+ :method => gl.ldap['method'],
		217	+ :bind_dn => gl.ldap['bind_dn'],
		218	+ :password => gl.ldap['password']
		219	+ end
		220	+
		221	+ gl.omniauth_providers.each do \|gl_provider\|
		222	+ config.omniauth gl_provider['name'].to_sym, gl_provider['app_id'], gl_provider['app_secret']
		223	+ end
207	end	224	end
	@@ -1,15 +0,0 @@	@@ -1,15 +0,0 @@
1	-# Copy this file to 'omniauth.rb' and configure it as necessary.
2	-# The wiki has further details on configuring each provider.
3	-
4	-Devise.setup do \|config\|
5	- # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
6	-
7	- # config.omniauth :ldap,
8	- # :host => 'YOUR_LDAP_SERVER',
9	- # :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
10	- # :uid => 'sAMAccountName',
11	- # :port => 389,
12	- # :method => :plain,
13	- # :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
14	- # :password => 'THE_PASSWORD_OF_THE_BIND_USER'
15	-end