Commit 64f026b254a9492bc22cdbad45ceb4743949f406
Exists in
master
and in
4 other branches
Merge branch 'funglaub-master'
Showing
23 changed files
with
381 additions
and
82 deletions
Show diff stats
Gemfile
| ... | ... | @@ -16,6 +16,10 @@ gem "mysql2" |
| 16 | 16 | |
| 17 | 17 | # Auth |
| 18 | 18 | gem "devise", "~> 2.1.0" |
| 19 | +gem 'omniauth' | |
| 20 | +gem 'omniauth-google-oauth2' | |
| 21 | +gem 'omniauth-twitter' | |
| 22 | +gem 'omniauth-github' | |
| 19 | 23 | |
| 20 | 24 | # GITLAB patched libs |
| 21 | 25 | gem "grit", :git => "https://github.com/gitlabhq/grit.git", :ref => "7f35cb98ff17d534a07e3ce6ec3d580f67402837" | ... | ... |
Gemfile.lock
| ... | ... | @@ -158,6 +158,8 @@ GEM |
| 158 | 158 | factory_girl_rails (4.0.0) |
| 159 | 159 | factory_girl (~> 4.0.0) |
| 160 | 160 | railties (>= 3.0.0) |
| 161 | + faraday (0.8.4) | |
| 162 | + multipart-post (~> 1.1) | |
| 161 | 163 | ffaker (1.14.0) |
| 162 | 164 | ffi (1.0.11) |
| 163 | 165 | foreman (0.47.0) |
| ... | ... | @@ -194,6 +196,7 @@ GEM |
| 194 | 196 | httparty (0.8.3) |
| 195 | 197 | multi_json (~> 1.0) |
| 196 | 198 | multi_xml |
| 199 | + httpauth (0.1) | |
| 197 | 200 | i18n (0.6.1) |
| 198 | 201 | journey (1.0.4) |
| 199 | 202 | jquery-rails (2.0.2) |
| ... | ... | @@ -203,6 +206,8 @@ GEM |
| 203 | 206 | jquery-rails |
| 204 | 207 | railties (>= 3.1.0) |
| 205 | 208 | json (1.7.5) |
| 209 | + jwt (0.1.5) | |
| 210 | + multi_json (>= 1.0) | |
| 206 | 211 | kaminari (0.14.0) |
| 207 | 212 | actionpack (>= 3.0.0) |
| 208 | 213 | activesupport (>= 3.0.0) |
| ... | ... | @@ -225,12 +230,35 @@ GEM |
| 225 | 230 | sprockets (~> 2.0) |
| 226 | 231 | multi_json (1.3.6) |
| 227 | 232 | multi_xml (0.5.1) |
| 233 | + multipart-post (1.1.5) | |
| 228 | 234 | mysql2 (0.3.11) |
| 229 | 235 | net-ldap (0.2.2) |
| 230 | 236 | nokogiri (1.5.3) |
| 237 | + oauth (0.4.7) | |
| 238 | + oauth2 (0.8.0) | |
| 239 | + faraday (~> 0.8) | |
| 240 | + httpauth (~> 0.1) | |
| 241 | + jwt (~> 0.1.4) | |
| 242 | + multi_json (~> 1.0) | |
| 243 | + rack (~> 1.2) | |
| 231 | 244 | omniauth (1.1.0) |
| 232 | 245 | hashie (~> 1.2) |
| 233 | 246 | rack |
| 247 | + omniauth-github (1.0.3) | |
| 248 | + omniauth (~> 1.0) | |
| 249 | + omniauth-oauth2 (~> 1.1) | |
| 250 | + omniauth-google-oauth2 (0.1.13) | |
| 251 | + omniauth (~> 1.0) | |
| 252 | + omniauth-oauth2 | |
| 253 | + omniauth-oauth (1.0.1) | |
| 254 | + oauth | |
| 255 | + omniauth (~> 1.0) | |
| 256 | + omniauth-oauth2 (1.1.0) | |
| 257 | + oauth2 (~> 0.8.0) | |
| 258 | + omniauth (~> 1.0) | |
| 259 | + omniauth-twitter (0.0.13) | |
| 260 | + multi_json (~> 1.3) | |
| 261 | + omniauth-oauth (~> 1.0) | |
| 234 | 262 | orm_adapter (0.3.0) |
| 235 | 263 | polyglot (0.3.3) |
| 236 | 264 | posix-spawn (0.3.6) |
| ... | ... | @@ -420,7 +448,11 @@ DEPENDENCIES |
| 420 | 448 | linguist (~> 1.0.0)! |
| 421 | 449 | modernizr (= 2.5.3) |
| 422 | 450 | mysql2 |
| 451 | + omniauth | |
| 452 | + omniauth-github | |
| 453 | + omniauth-google-oauth2 | |
| 423 | 454 | omniauth-ldap! |
| 455 | + omniauth-twitter | |
| 424 | 456 | pry |
| 425 | 457 | pygments.rb! |
| 426 | 458 | rack-mini-profiler | ... | ... |
app/assets/stylesheets/gitlab_bootstrap/blocks.scss
app/assets/stylesheets/main.scss
app/controllers/omniauth_callbacks_controller.rb
| 1 | 1 | class OmniauthCallbacksController < Devise::OmniauthCallbacksController |
| 2 | + Gitlab.config.omniauth_providers.each do |provider| | |
| 3 | + define_method provider['name'] do | |
| 4 | + handle_omniauth | |
| 5 | + end | |
| 6 | + end | |
| 2 | 7 | |
| 3 | 8 | # Extend the standard message generation to accept our custom exception |
| 4 | 9 | def failure_message |
| ... | ... | @@ -9,7 +14,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController |
| 9 | 14 | error ||= env["omniauth.error.type"].to_s |
| 10 | 15 | error.to_s.humanize if error |
| 11 | 16 | end |
| 12 | - | |
| 17 | + | |
| 13 | 18 | def ldap |
| 14 | 19 | # We only find ourselves here if the authentication to LDAP was successful. |
| 15 | 20 | @user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user) |
| ... | ... | @@ -19,4 +24,27 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController |
| 19 | 24 | sign_in_and_redirect @user |
| 20 | 25 | end |
| 21 | 26 | |
| 27 | + private | |
| 28 | + | |
| 29 | + def handle_omniauth | |
| 30 | + oauth = request.env['omniauth.auth'] | |
| 31 | + provider, uid = oauth['provider'], oauth['uid'] | |
| 32 | + | |
| 33 | + if current_user | |
| 34 | + # Change a logged-in user's authentication method: | |
| 35 | + current_user.extern_uid = uid | |
| 36 | + current_user.provider = provider | |
| 37 | + current_user.save | |
| 38 | + redirect_to profile_path | |
| 39 | + else | |
| 40 | + @user = User.find_or_new_for_omniauth(oauth) | |
| 41 | + | |
| 42 | + if @user | |
| 43 | + sign_in_and_redirect @user | |
| 44 | + else | |
| 45 | + flash[:notice] = "There's no such user!" | |
| 46 | + redirect_to new_user_session_path | |
| 47 | + end | |
| 48 | + end | |
| 49 | + end | |
| 22 | 50 | end | ... | ... |
app/helpers/application_helper.rb
| ... | ... | @@ -135,4 +135,10 @@ module ApplicationHelper |
| 135 | 135 | "Never" |
| 136 | 136 | end |
| 137 | 137 | end |
| 138 | + | |
| 139 | + def authbutton(provider, size = 64) | |
| 140 | + file_name = "#{provider.to_s.split('_').first}_#{size}.png" | |
| 141 | + image_tag("authbuttons/#{file_name}", | |
| 142 | + alt: "Sign in with #{provider.to_s.titleize}") | |
| 143 | + end | |
| 138 | 144 | end | ... | ... |
app/models/user.rb
| ... | ... | @@ -86,33 +86,20 @@ class User < ActiveRecord::Base |
| 86 | 86 | where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') |
| 87 | 87 | end |
| 88 | 88 | |
| 89 | - def self.find_for_ldap_auth(auth, signed_in_resource=nil) | |
| 90 | - uid = auth.info.uid | |
| 91 | - provider = auth.provider | |
| 92 | - name = auth.info.name.force_encoding("utf-8") | |
| 93 | - email = auth.info.email.downcase unless auth.info.email.nil? | |
| 94 | - raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil? | |
| 95 | - | |
| 96 | - if @user = User.find_by_extern_uid_and_provider(uid, provider) | |
| 97 | - @user | |
| 98 | - # workaround for backward compatibility | |
| 99 | - elsif @user = User.find_by_email(email) | |
| 100 | - logger.info "Updating legacy LDAP user #{email} with extern_uid => #{uid}" | |
| 101 | - @user.update_attributes(:extern_uid => uid, :provider => provider) | |
| 102 | - @user | |
| 103 | - else | |
| 104 | - logger.info "Creating user from LDAP login {uid => #{uid}, name => #{name}, email => #{email}}" | |
| 105 | - password = Devise.friendly_token[0, 8].downcase | |
| 106 | - @user = User.create( | |
| 107 | - :extern_uid => uid, | |
| 108 | - :provider => provider, | |
| 109 | - :name => name, | |
| 110 | - :email => email, | |
| 111 | - :password => password, | |
| 112 | - :password_confirmation => password, | |
| 113 | - :projects_limit => Gitlab.config.default_projects_limit | |
| 114 | - ) | |
| 115 | - end | |
| 89 | + def self.create_from_omniauth(auth, ldap = false) | |
| 90 | + gitlab_auth.create_from_omniauth(auth, ldap) | |
| 91 | + end | |
| 92 | + | |
| 93 | + def self.find_or_new_for_omniauth(auth) | |
| 94 | + gitlab_auth.find_or_new_for_omniauth(auth) | |
| 95 | + end | |
| 96 | + | |
| 97 | + def self.find_for_ldap_auth(auth, signed_in_resource = nil) | |
| 98 | + gitlab_auth.find_for_ldap_auth(auth, signed_in_resource) | |
| 99 | + end | |
| 100 | + | |
| 101 | + def self.gitlab_auth | |
| 102 | + Gitlab::Auth.new | |
| 116 | 103 | end |
| 117 | 104 | |
| 118 | 105 | def self.search query |
| ... | ... | @@ -148,4 +135,3 @@ end |
| 148 | 135 | # bio :string(255) |
| 149 | 136 | # blocked :boolean(1) default(FALSE), not null |
| 150 | 137 | # |
| 151 | - | ... | ... |
app/views/devise/sessions/new.html.haml
| ... | ... | @@ -15,7 +15,8 @@ |
| 15 | 15 | .right |
| 16 | 16 | = render :partial => "devise/shared/links" |
| 17 | 17 | - if devise_mapping.omniauthable? |
| 18 | - - resource_class.omniauth_providers.each do |provider| | |
| 19 | - %hr/ | |
| 20 | - = link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider), :class => "btn primary" | |
| 21 | - %br/ | |
| 18 | + %hr/ | |
| 19 | + %ul.unstyled | |
| 20 | + - resource_class.omniauth_providers.each do |provider| | |
| 21 | + %li | |
| 22 | + = link_to authbutton(provider, 32), omniauth_authorize_path(resource_name, provider) | ... | ... |
app/views/layouts/profile.html.haml
app/views/profile/password.html.haml
| 1 | 1 | %h3.page_title Password |
| 2 | 2 | %hr |
| 3 | + | |
| 3 | 4 | = form_for @user, url: profile_password_path, method: :put do |f| |
| 4 | - .data | |
| 5 | - %p.slead After successful password update you will be redirected to login page where you should login with new password | |
| 6 | - -if @user.errors.any? | |
| 7 | - .alert-message.block-message.error | |
| 8 | - %ul | |
| 9 | - - @user.errors.full_messages.each do |msg| | |
| 10 | - %li= msg | |
| 5 | + .row | |
| 6 | + .span7 | |
| 7 | + .data | |
| 8 | + %p.slead After successful password update you will be redirected to login page where you should login with new password | |
| 9 | + -if @user.errors.any? | |
| 10 | + .alert-message.block-message.error | |
| 11 | + %ul | |
| 12 | + - @user.errors.full_messages.each do |msg| | |
| 13 | + %li= msg | |
| 14 | + | |
| 15 | + .clearfix | |
| 16 | + = f.label :password | |
| 17 | + .input= f.password_field :password | |
| 18 | + .clearfix | |
| 19 | + = f.label :password_confirmation | |
| 20 | + .input= f.password_field :password_confirmation | |
| 11 | 21 | |
| 12 | - .clearfix | |
| 13 | - = f.label :password | |
| 14 | - .input= f.password_field :password | |
| 15 | - .clearfix | |
| 16 | - = f.label :password_confirmation | |
| 17 | - .input= f.password_field :password_confirmation | |
| 22 | + - if Gitlab.config.omniauth_enabled? | |
| 23 | + .span5.right | |
| 24 | + .alert.alert-info | |
| 25 | + %strong Tip: Use one of the following sites to login | |
| 26 | + %ul.unstyled | |
| 27 | + - User.omniauth_providers.each do |provider| | |
| 28 | + %li= link_to authbutton(provider), | | |
| 29 | + omniauth_authorize_path(User, provider) | | |
| 18 | 30 | .actions |
| 19 | 31 | = f.submit 'Save', class: "btn save-btn" | ... | ... |
app/views/profile/show.html.haml
| ... | ... | @@ -50,21 +50,34 @@ |
| 50 | 50 | %strong Tip: |
| 51 | 51 | You can change your avatar at gravatar.com |
| 52 | 52 | |
| 53 | - %h4 | |
| 54 | - Personal projects: | |
| 55 | - %small.right | |
| 56 | - %span= current_user.my_own_projects.count | |
| 57 | - of | |
| 58 | - %span= current_user.projects_limit | |
| 59 | - .progress | |
| 60 | - .bar{style: "width: #{current_user.projects_limit_percent}%;"} | |
| 53 | + - @user.provider = 'twitter' | |
| 54 | + - if Gitlab.config.omniauth_enabled? && @user.provider? | |
| 55 | + .ui-box | |
| 56 | + .ui-box-body | |
| 57 | + %h4 | |
| 58 | + Omniauth Providers: | |
| 59 | + = link_to "Change", profile_password_path, class: "btn small right" | |
| 60 | + You can login through #{@user.provider.titleize}! | |
| 61 | + = authbutton(@user.provider, 32) | |
| 61 | 62 | |
| 62 | - %h4 | |
| 63 | - SSH public keys: | |
| 64 | - %small.right | |
| 65 | - %span= link_to current_user.keys.count, keys_path | |
| 63 | + .ui-box | |
| 64 | + .ui-box-body | |
| 65 | + %h4 | |
| 66 | + Personal projects: | |
| 67 | + %small.right | |
| 68 | + %span= current_user.my_own_projects.count | |
| 69 | + of | |
| 70 | + %span= current_user.projects_limit | |
| 71 | + .progress | |
| 72 | + .bar{style: "width: #{current_user.projects_limit_percent}%;"} | |
| 66 | 73 | |
| 67 | - = link_to "Add Public Key", new_key_path, class: "btn small right" | |
| 74 | + .ui-box | |
| 75 | + .ui-box-body | |
| 76 | + %h4 | |
| 77 | + SSH public keys: | |
| 78 | + %strong.right= link_to current_user.keys.count, keys_path | |
| 79 | + | |
| 80 | + = link_to "Add Public Key", new_key_path, class: "btn small" | |
| 68 | 81 | |
| 69 | 82 | .form-actions |
| 70 | 83 | = f.submit 'Save', class: "btn save-btn" | ... | ... |
config/gitlab.yml.example
| ... | ... | @@ -25,8 +25,45 @@ app: |
| 25 | 25 | # backup_keep_time: 604800 # default: 0 (forever) (in seconds) |
| 26 | 26 | # disable_gravatar: true # default: false - Disable user avatars from Gravatar.com |
| 27 | 27 | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | +# | |
| 32 | +# 2. Auth settings | |
| 33 | +# ========================== | |
| 34 | +ldap: | |
| 35 | + enabled: false | |
| 36 | + host: '_your_ldap_server' | |
| 37 | + base: '_the_base_where_you_search_for_users' | |
| 38 | + port: 636 | |
| 39 | + uid: 'sAMAccountName' | |
| 40 | + method: 'ssl' # plain | |
| 41 | + bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' | |
| 42 | + password: '_the_password_of_the_bind_user' | |
| 43 | + | |
| 44 | +omniauth: | |
| 45 | + # Enable ability for users | |
| 46 | + # to login via twitter, google .. | |
| 47 | + enabled: true | |
| 48 | + | |
| 49 | + # IMPORTANT! | |
| 50 | + # It allows user to login without having user account | |
| 51 | + allow_single_sign_on: false | |
| 52 | + block_auto_created_users: true | |
| 53 | + | |
| 54 | + # Auth providers | |
| 55 | + providers: | |
| 56 | + # - { name: 'google_oauth2', app_id: 'YOUR APP ID', | |
| 57 | + # app_secret: 'YOUR APP SECRET', | |
| 58 | + # args: { access_type: 'offline', approval_prompt: '' } } | |
| 59 | + # - { name: 'twitter', app_id: 'YOUR APP ID', | |
| 60 | + # app_secret: 'YOUR APP SECRET'} | |
| 61 | + # - { name: 'github', app_id: 'YOUR APP ID', | |
| 62 | + # app_secret: 'YOUR APP SECRET' } | |
| 63 | + | |
| 64 | + | |
| 28 | 65 | # |
| 29 | -# 2. Advanced settings: | |
| 66 | +# 3. Advanced settings: | |
| 30 | 67 | # ========================== |
| 31 | 68 | |
| 32 | 69 | # Git Hosting configuration | ... | ... |
config/initializers/1_settings.rb
| ... | ... | @@ -6,7 +6,7 @@ class Settings < Settingslogic |
| 6 | 6 | self.web['protocol'] ||= web.https ? "https" : "http" |
| 7 | 7 | end |
| 8 | 8 | |
| 9 | - def web_host | |
| 9 | + def web_host | |
| 10 | 10 | self.web['host'] ||= 'localhost' |
| 11 | 11 | end |
| 12 | 12 | |
| ... | ... | @@ -14,11 +14,11 @@ class Settings < Settingslogic |
| 14 | 14 | self.email['from'] ||= ("notify@" + web_host) |
| 15 | 15 | end |
| 16 | 16 | |
| 17 | - def url | |
| 17 | + def url | |
| 18 | 18 | self['url'] ||= build_url |
| 19 | - end | |
| 19 | + end | |
| 20 | 20 | |
| 21 | - def web_port | |
| 21 | + def web_port | |
| 22 | 22 | if web.https |
| 23 | 23 | web['port'] = 443 |
| 24 | 24 | else |
| ... | ... | @@ -36,7 +36,7 @@ class Settings < Settingslogic |
| 36 | 36 | raw_url << web_host |
| 37 | 37 | |
| 38 | 38 | if web_custom_port? |
| 39 | - raw_url << ":#{web_port}" | |
| 39 | + raw_url << ":#{web_port}" | |
| 40 | 40 | end |
| 41 | 41 | |
| 42 | 42 | raw_url |
| ... | ... | @@ -120,6 +120,22 @@ class Settings < Settingslogic |
| 120 | 120 | app['backup_keep_time'] || 0 |
| 121 | 121 | end |
| 122 | 122 | |
| 123 | + def ldap_enabled? | |
| 124 | + ldap['enabled'] | |
| 125 | + rescue | |
| 126 | + false | |
| 127 | + end | |
| 128 | + | |
| 129 | + def omniauth_enabled? | |
| 130 | + omniauth && omniauth['enabled'] | |
| 131 | + rescue | |
| 132 | + false | |
| 133 | + end | |
| 134 | + | |
| 135 | + def omniauth_providers | |
| 136 | + omniauth['providers'] || [] | |
| 137 | + end | |
| 138 | + | |
| 123 | 139 | def disable_gravatar? |
| 124 | 140 | app['disable_gravatar'] || false |
| 125 | 141 | end | ... | ... |
config/initializers/devise.rb
| ... | ... | @@ -204,4 +204,21 @@ Devise.setup do |config| |
| 204 | 204 | # manager.intercept_401 = false |
| 205 | 205 | # manager.default_strategies(:scope => :user).unshift :some_external_strategy |
| 206 | 206 | # end |
| 207 | + | |
| 208 | + gl = Gitlab.config | |
| 209 | + | |
| 210 | + if gl.ldap_enabled? | |
| 211 | + config.omniauth :ldap, | |
| 212 | + :host => gl.ldap['host'], | |
| 213 | + :base => gl.ldap['base'], | |
| 214 | + :uid => gl.ldap['uid'], | |
| 215 | + :port => gl.ldap['port'], | |
| 216 | + :method => gl.ldap['method'], | |
| 217 | + :bind_dn => gl.ldap['bind_dn'], | |
| 218 | + :password => gl.ldap['password'] | |
| 219 | + end | |
| 220 | + | |
| 221 | + gl.omniauth_providers.each do |gl_provider| | |
| 222 | + config.omniauth gl_provider['name'].to_sym, gl_provider['app_id'], gl_provider['app_secret'] | |
| 223 | + end | |
| 207 | 224 | end | ... | ... |
config/initializers/omniauth.rb.sample
| ... | ... | @@ -1,15 +0,0 @@ |
| 1 | -# Copy this file to 'omniauth.rb' and configure it as necessary. | |
| 2 | -# The wiki has further details on configuring each provider. | |
| 3 | - | |
| 4 | -Devise.setup do |config| | |
| 5 | - # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo' | |
| 6 | - | |
| 7 | - # config.omniauth :ldap, | |
| 8 | - # :host => 'YOUR_LDAP_SERVER', | |
| 9 | - # :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS', | |
| 10 | - # :uid => 'sAMAccountName', | |
| 11 | - # :port => 389, | |
| 12 | - # :method => :plain, | |
| 13 | - # :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH', | |
| 14 | - # :password => 'THE_PASSWORD_OF_THE_BIND_USER' | |
| 15 | -end |
| ... | ... | @@ -0,0 +1,66 @@ |
| 1 | +module Gitlab | |
| 2 | + class Auth | |
| 3 | + def find_for_ldap_auth(auth, signed_in_resource = nil) | |
| 4 | + uid = auth.info.uid | |
| 5 | + provider = auth.provider | |
| 6 | + email = auth.info.email.downcase unless auth.info.email.nil? | |
| 7 | + raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil? | |
| 8 | + | |
| 9 | + if @user = User.find_by_extern_uid_and_provider(uid, provider) | |
| 10 | + @user | |
| 11 | + elsif @user = User.find_by_email(email) | |
| 12 | + log.info "Updating legacy LDAP user #{email} with extern_uid => #{uid}" | |
| 13 | + @user.update_attributes(:extern_uid => uid, :provider => provider) | |
| 14 | + @user | |
| 15 | + else | |
| 16 | + create_from_omniauth(auth, true) | |
| 17 | + end | |
| 18 | + end | |
| 19 | + | |
| 20 | + def create_from_omniauth auth, ldap = false | |
| 21 | + provider = auth.provider | |
| 22 | + uid = auth.info.uid || auth.uid | |
| 23 | + name = auth.info.name.force_encoding("utf-8") | |
| 24 | + email = auth.info.email.downcase unless auth.info.email.nil? | |
| 25 | + | |
| 26 | + ldap_prefix = ldap ? '(LDAP) ' : '' | |
| 27 | + raise OmniAuth::Error, "#{ldap_prefix}#{provider} does not provide an email"\ | |
| 28 | + " address" if auth.info.email.blank? | |
| 29 | + | |
| 30 | + log.info "#{ldap_prefix}Creating user from #{provider} login"\ | |
| 31 | + " {uid => #{uid}, name => #{name}, email => #{email}}" | |
| 32 | + password = Devise.friendly_token[0, 8].downcase | |
| 33 | + @user = User.new( | |
| 34 | + extern_uid: uid, | |
| 35 | + provider: provider, | |
| 36 | + name: name, | |
| 37 | + email: email, | |
| 38 | + password: password, | |
| 39 | + password_confirmation: password, | |
| 40 | + projects_limit: Gitlab.config.default_projects_limit, | |
| 41 | + ) | |
| 42 | + if Gitlab.config.omniauth.block_auto_created_users && !ldap | |
| 43 | + @user.blocked = true | |
| 44 | + end | |
| 45 | + @user.save! | |
| 46 | + @user | |
| 47 | + end | |
| 48 | + | |
| 49 | + def find_or_new_for_omniauth(auth) | |
| 50 | + provider, uid = auth.provider, auth.uid | |
| 51 | + | |
| 52 | + if @user = User.find_by_provider_and_extern_uid(provider, uid) | |
| 53 | + @user | |
| 54 | + else | |
| 55 | + if Gitlab.config.omniauth.allow_single_sign_on | |
| 56 | + @user = create_from_omniauth(auth) | |
| 57 | + @user | |
| 58 | + end | |
| 59 | + end | |
| 60 | + end | |
| 61 | + | |
| 62 | + def log | |
| 63 | + Gitlab::AppLogger | |
| 64 | + end | |
| 65 | + end | |
| 66 | +end | ... | ... |
| ... | ... | @@ -0,0 +1,93 @@ |
| 1 | +require 'spec_helper' | |
| 2 | + | |
| 3 | +describe Gitlab::Auth do | |
| 4 | + let(:gl_auth) { Gitlab::Auth.new } | |
| 5 | + | |
| 6 | + before do | |
| 7 | + @info = mock( | |
| 8 | + uid: '12djsak321', | |
| 9 | + name: 'John', | |
| 10 | + email: 'john@mail.com' | |
| 11 | + ) | |
| 12 | + end | |
| 13 | + | |
| 14 | + describe :find_for_ldap_auth do | |
| 15 | + before do | |
| 16 | + @auth = mock( | |
| 17 | + uid: '12djsak321', | |
| 18 | + info: @info, | |
| 19 | + provider: 'ldap' | |
| 20 | + ) | |
| 21 | + end | |
| 22 | + | |
| 23 | + it "should find by uid & provider" do | |
| 24 | + User.should_receive :find_by_extern_uid_and_provider | |
| 25 | + gl_auth.find_for_ldap_auth(@auth) | |
| 26 | + end | |
| 27 | + | |
| 28 | + it "should update credentials by email if missing uid" do | |
| 29 | + user = double('User') | |
| 30 | + User.stub find_by_extern_uid_and_provider: nil | |
| 31 | + User.stub find_by_email: user | |
| 32 | + user.should_receive :update_attributes | |
| 33 | + gl_auth.find_for_ldap_auth(@auth) | |
| 34 | + end | |
| 35 | + | |
| 36 | + | |
| 37 | + it "should create from auth if user doesnot exist"do | |
| 38 | + User.stub find_by_extern_uid_and_provider: nil | |
| 39 | + User.stub find_by_email: nil | |
| 40 | + gl_auth.should_receive :create_from_omniauth | |
| 41 | + gl_auth.find_for_ldap_auth(@auth) | |
| 42 | + end | |
| 43 | + end | |
| 44 | + | |
| 45 | + describe :find_or_new_for_omniauth do | |
| 46 | + before do | |
| 47 | + @auth = mock( | |
| 48 | + info: @info, | |
| 49 | + provider: 'twitter', | |
| 50 | + uid: '12djsak321', | |
| 51 | + ) | |
| 52 | + end | |
| 53 | + | |
| 54 | + it "should find user"do | |
| 55 | + User.should_receive :find_by_provider_and_extern_uid | |
| 56 | + gl_auth.should_not_receive :create_from_omniauth | |
| 57 | + gl_auth.find_or_new_for_omniauth(@auth) | |
| 58 | + end | |
| 59 | + | |
| 60 | + it "should not create user"do | |
| 61 | + User.stub find_by_provider_and_extern_uid: nil | |
| 62 | + gl_auth.should_not_receive :create_from_omniauth | |
| 63 | + gl_auth.find_or_new_for_omniauth(@auth) | |
| 64 | + end | |
| 65 | + | |
| 66 | + it "should create user if single_sing_on"do | |
| 67 | + Gitlab.config.omniauth.stub allow_single_sign_on: true | |
| 68 | + User.stub find_by_provider_and_extern_uid: nil | |
| 69 | + gl_auth.should_receive :create_from_omniauth | |
| 70 | + gl_auth.find_or_new_for_omniauth(@auth) | |
| 71 | + end | |
| 72 | + end | |
| 73 | + | |
| 74 | + describe :create_from_omniauth do | |
| 75 | + it "should create user from LDAP" do | |
| 76 | + @auth = mock(info: @info, provider: 'ldap') | |
| 77 | + user = gl_auth.create_from_omniauth(@auth, true) | |
| 78 | + | |
| 79 | + user.should be_valid | |
| 80 | + user.extern_uid.should == @info.uid | |
| 81 | + user.provider.should == 'ldap' | |
| 82 | + end | |
| 83 | + | |
| 84 | + it "should create user from Omniauth" do | |
| 85 | + @auth = mock(info: @info, provider: 'twitter') | |
| 86 | + user = gl_auth.create_from_omniauth(@auth, false) | |
| 87 | + | |
| 88 | + user.should be_valid | |
| 89 | + user.extern_uid.should == @info.uid | |
| 90 | + user.provider.should == 'twitter' | |
| 91 | + end | |
| 92 | + end | |
| 93 | +end | ... | ... |
1.89 KB
4.34 KB
1.58 KB
3.37 KB
1.41 KB
3.3 KB