Commit 559e83d30004e0c41a30f4ce3463f695eb7e26a1
1 parent
a6cfb54c
Exists in
master
and in
4 other branches
Add LDAP support to /api/session
Showing
3 changed files
with
24 additions
and
21 deletions
Show diff stats
lib/api/session.rb
| @@ -3,18 +3,19 @@ module API | @@ -3,18 +3,19 @@ module API | ||
| 3 | class Session < Grape::API | 3 | class Session < Grape::API |
| 4 | # Login to get token | 4 | # Login to get token |
| 5 | # | 5 | # |
| 6 | + # Parameters: | ||
| 7 | + # login (*required) - user login | ||
| 8 | + # email (*required) - user email | ||
| 9 | + # password (required) - user password | ||
| 10 | + # | ||
| 6 | # Example Request: | 11 | # Example Request: |
| 7 | # POST /session | 12 | # POST /session |
| 8 | post "/session" do | 13 | post "/session" do |
| 9 | - resource = User.find_for_database_authentication(email: params[:email]) | ||
| 10 | - | ||
| 11 | - return unauthorized! unless resource | 14 | + auth = Gitlab::Auth.new |
| 15 | + user = auth.find(params[:email] || params[:login], params[:password]) | ||
| 12 | 16 | ||
| 13 | - if resource.valid_password?(params[:password]) | ||
| 14 | - present resource, with: Entities::UserLogin | ||
| 15 | - else | ||
| 16 | - unauthorized! | ||
| 17 | - end | 17 | + return unauthorized! unless user |
| 18 | + present user, with: Entities::UserLogin | ||
| 18 | end | 19 | end |
| 19 | end | 20 | end |
| 20 | end | 21 | end |
lib/gitlab/auth.rb
| 1 | module Gitlab | 1 | module Gitlab |
| 2 | class Auth | 2 | class Auth |
| 3 | + def find(login, password) | ||
| 4 | + user = User.find_by_email(login) || User.find_by_username(login) | ||
| 5 | + | ||
| 6 | + if user.nil? || user.ldap_user? | ||
| 7 | + # Second chance - try LDAP authentication | ||
| 8 | + return nil unless ldap_conf.enabled | ||
| 9 | + | ||
| 10 | + ldap_auth(login, password) | ||
| 11 | + else | ||
| 12 | + user if user.valid_password?(password) | ||
| 13 | + end | ||
| 14 | + end | ||
| 15 | + | ||
| 3 | def find_for_ldap_auth(auth, signed_in_resource = nil) | 16 | def find_for_ldap_auth(auth, signed_in_resource = nil) |
| 4 | uid = auth.info.uid | 17 | uid = auth.info.uid |
| 5 | provider = auth.provider | 18 | provider = auth.provider |
lib/gitlab/backend/grack_auth.rb
| @@ -64,19 +64,8 @@ module Grack | @@ -64,19 +64,8 @@ module Grack | ||
| 64 | end | 64 | end |
| 65 | 65 | ||
| 66 | def authenticate_user(login, password) | 66 | def authenticate_user(login, password) |
| 67 | - user = User.find_by_email(login) || User.find_by_username(login) | ||
| 68 | - | ||
| 69 | - # If the provided login was not a known email or username | ||
| 70 | - # then user is nil | ||
| 71 | - if user.nil? || user.ldap_user? | ||
| 72 | - # Second chance - try LDAP authentication | ||
| 73 | - return nil unless ldap_conf.enabled | ||
| 74 | - | ||
| 75 | - auth = Gitlab::Auth.new | ||
| 76 | - auth.ldap_auth(login, password) | ||
| 77 | - else | ||
| 78 | - return user if user.valid_password?(password) | ||
| 79 | - end | 67 | + auth = Gitlab::Auth.new |
| 68 | + auth.find(login, password) | ||
| 80 | end | 69 | end |
| 81 | 70 | ||
| 82 | def authorize_request(service) | 71 | def authorize_request(service) |