Add LDAP support to /api/session

Dmitriy Zaporozhets
1 parent a6cfb54c
Showing 3 changed files with 24 additions and 21 deletions Show diff stats
lib/api/session.rb
lib/gitlab/auth.rb
lib/gitlab/backend/grack_auth.rb
@@ -3,18 +3,19 @@ module API
   class Session < Grape::API
     # Login to get token
     #
+    # Parameters:
+    #   login (*required) - user login
+    #   email (*required) - user email
+    #   password (required) - user password
+    #
     # Example Request:
     #  POST /session
     post "/session" do
-      resource = User.find_for_database_authentication(email: params[:email])
-
-      return unauthorized! unless resource
+      auth = Gitlab::Auth.new
+      user = auth.find(params[:email] || params[:login], params[:password])
  
-      if resource.valid_password?(params[:password])
-        present resource, with: Entities::UserLogin
-      else
-        unauthorized!
-      end
+      return unauthorized! unless user
+      present user, with: Entities::UserLogin
     end
   end
 end
 module Gitlab
   class Auth
+    def find(login, password)
+      user = User.find_by_email(login) || User.find_by_username(login)
+
+      if user.nil? || user.ldap_user?
+        # Second chance - try LDAP authentication
+        return nil unless ldap_conf.enabled
+
+        ldap_auth(login, password)
+      else
+        user if user.valid_password?(password)
+      end
+    end
+
     def find_for_ldap_auth(auth, signed_in_resource = nil)
       uid = auth.info.uid
       provider = auth.provider
@@ -64,19 +64,8 @@ module Grack
     end
  
     def authenticate_user(login, password)
-      user = User.find_by_email(login) || User.find_by_username(login)
-
-      # If the provided login was not a known email or username
-      # then user is nil
-      if user.nil? || user.ldap_user?
-        # Second chance - try LDAP authentication
-        return nil unless ldap_conf.enabled
-
-        auth = Gitlab::Auth.new
-        auth.ldap_auth(login, password)
-      else
-        return user if user.valid_password?(password)
-      end
+      auth = Gitlab::Auth.new
+      auth.find(login, password)
     end
  
     def authorize_request(service)
...	...	@@ -3,18 +3,19 @@ module API
3	3	class Session < Grape::API
4	4	# Login to get token
5	5	#
	6	+ # Parameters:
	7	+ # login (*required) - user login
	8	+ # email (*required) - user email
	9	+ # password (required) - user password
	10	+ #
6	11	# Example Request:
7	12	# POST /session
8	13	post "/session" do
9		- resource = User.find_for_database_authentication(email: params[:email])
10		-
11		- return unauthorized! unless resource
	14	+ auth = Gitlab::Auth.new
	15	+ user = auth.find(params[:email] \|\| params[:login], params[:password])
12	16
13		- if resource.valid_password?(params[:password])
14		- present resource, with: Entities::UserLogin
15		- else
16		- unauthorized!
17		- end
	17	+ return unauthorized! unless user
	18	+ present user, with: Entities::UserLogin
18	19	end
19	20	end
20	21	end
...	...
1	1	module Gitlab
2	2	class Auth
	3	+ def find(login, password)
	4	+ user = User.find_by_email(login) \|\| User.find_by_username(login)
	5	+
	6	+ if user.nil? \|\| user.ldap_user?
	7	+ # Second chance - try LDAP authentication
	8	+ return nil unless ldap_conf.enabled
	9	+
	10	+ ldap_auth(login, password)
	11	+ else
	12	+ user if user.valid_password?(password)
	13	+ end
	14	+ end
	15	+
3	16	def find_for_ldap_auth(auth, signed_in_resource = nil)
4	17	uid = auth.info.uid
5	18	provider = auth.provider
...	...
...	...	@@ -64,19 +64,8 @@ module Grack
64	64	end
65	65
66	66	def authenticate_user(login, password)
67		- user = User.find_by_email(login) \|\| User.find_by_username(login)
68		-
69		- # If the provided login was not a known email or username
70		- # then user is nil
71		- if user.nil? \|\| user.ldap_user?
72		- # Second chance - try LDAP authentication
73		- return nil unless ldap_conf.enabled
74		-
75		- auth = Gitlab::Auth.new
76		- auth.ldap_auth(login, password)
77		- else
78		- return user if user.valid_password?(password)
79		- end
	67	+ auth = Gitlab::Auth.new
	68	+ auth.find(login, password)
80	69	end
81	70
82	71	def authorize_request(service)
...	...