Download as
Browse Code »

Commit 64f026b254a9492bc22cdbad45ceb4743949f406

Authored by Dmitriy Zaporozhets
2 parents 40eec08c 048d47e6
Exists in master and in 4 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb, spb-stable

Merge branch 'funglaub-master'

Showing 23 changed files with 381 additions and 82 deletions   Show diff stats
@@ -16,6 +16,10 @@ gem "mysql2" @@ -16,6 +16,10 @@ gem "mysql2"
16 16
17 # Auth 17 # Auth
18 gem "devise", "~> 2.1.0" 18 gem "devise", "~> 2.1.0"
  19 +gem 'omniauth'
  20 +gem 'omniauth-google-oauth2'
  21 +gem 'omniauth-twitter'
  22 +gem 'omniauth-github'
19 23
20 # GITLAB patched libs 24 # GITLAB patched libs
21 gem "grit", :git => "https://github.com/gitlabhq/grit.git", :ref => "7f35cb98ff17d534a07e3ce6ec3d580f67402837" 25 gem "grit", :git => "https://github.com/gitlabhq/grit.git", :ref => "7f35cb98ff17d534a07e3ce6ec3d580f67402837"
@@ -158,6 +158,8 @@ GEM @@ -158,6 +158,8 @@ GEM
158 factory_girl_rails (4.0.0) 158 factory_girl_rails (4.0.0)
159 factory_girl (~> 4.0.0) 159 factory_girl (~> 4.0.0)
160 railties (>= 3.0.0) 160 railties (>= 3.0.0)
  161 + faraday (0.8.4)
  162 + multipart-post (~> 1.1)
161 ffaker (1.14.0) 163 ffaker (1.14.0)
162 ffi (1.0.11) 164 ffi (1.0.11)
163 foreman (0.47.0) 165 foreman (0.47.0)
@@ -194,6 +196,7 @@ GEM @@ -194,6 +196,7 @@ GEM
194 httparty (0.8.3) 196 httparty (0.8.3)
195 multi_json (~> 1.0) 197 multi_json (~> 1.0)
196 multi_xml 198 multi_xml
  199 + httpauth (0.1)
197 i18n (0.6.1) 200 i18n (0.6.1)
198 journey (1.0.4) 201 journey (1.0.4)
199 jquery-rails (2.0.2) 202 jquery-rails (2.0.2)
@@ -203,6 +206,8 @@ GEM @@ -203,6 +206,8 @@ GEM
203 jquery-rails 206 jquery-rails
204 railties (>= 3.1.0) 207 railties (>= 3.1.0)
205 json (1.7.5) 208 json (1.7.5)
  209 + jwt (0.1.5)
  210 + multi_json (>= 1.0)
206 kaminari (0.14.0) 211 kaminari (0.14.0)
207 actionpack (>= 3.0.0) 212 actionpack (>= 3.0.0)
208 activesupport (>= 3.0.0) 213 activesupport (>= 3.0.0)
@@ -225,12 +230,35 @@ GEM @@ -225,12 +230,35 @@ GEM
225 sprockets (~> 2.0) 230 sprockets (~> 2.0)
226 multi_json (1.3.6) 231 multi_json (1.3.6)
227 multi_xml (0.5.1) 232 multi_xml (0.5.1)
  233 + multipart-post (1.1.5)
228 mysql2 (0.3.11) 234 mysql2 (0.3.11)
229 net-ldap (0.2.2) 235 net-ldap (0.2.2)
230 nokogiri (1.5.3) 236 nokogiri (1.5.3)
  237 + oauth (0.4.7)
  238 + oauth2 (0.8.0)
  239 + faraday (~> 0.8)
  240 + httpauth (~> 0.1)
  241 + jwt (~> 0.1.4)
  242 + multi_json (~> 1.0)
  243 + rack (~> 1.2)
231 omniauth (1.1.0) 244 omniauth (1.1.0)
232 hashie (~> 1.2) 245 hashie (~> 1.2)
233 rack 246 rack
  247 + omniauth-github (1.0.3)
  248 + omniauth (~> 1.0)
  249 + omniauth-oauth2 (~> 1.1)
  250 + omniauth-google-oauth2 (0.1.13)
  251 + omniauth (~> 1.0)
  252 + omniauth-oauth2
  253 + omniauth-oauth (1.0.1)
  254 + oauth
  255 + omniauth (~> 1.0)
  256 + omniauth-oauth2 (1.1.0)
  257 + oauth2 (~> 0.8.0)
  258 + omniauth (~> 1.0)
  259 + omniauth-twitter (0.0.13)
  260 + multi_json (~> 1.3)
  261 + omniauth-oauth (~> 1.0)
234 orm_adapter (0.3.0) 262 orm_adapter (0.3.0)
235 polyglot (0.3.3) 263 polyglot (0.3.3)
236 posix-spawn (0.3.6) 264 posix-spawn (0.3.6)
@@ -420,7 +448,11 @@ DEPENDENCIES @@ -420,7 +448,11 @@ DEPENDENCIES
420 linguist (~> 1.0.0)! 448 linguist (~> 1.0.0)!
421 modernizr (= 2.5.3) 449 modernizr (= 2.5.3)
422 mysql2 450 mysql2
  451 + omniauth
  452 + omniauth-github
  453 + omniauth-google-oauth2
423 omniauth-ldap! 454 omniauth-ldap!
  455 + omniauth-twitter
424 pry 456 pry
425 pygments.rb! 457 pygments.rb!
426 rack-mini-profiler 458 rack-mini-profiler
app/assets/stylesheets/gitlab_bootstrap/blocks.scss
  Diff comments   View file @64f026b
@@ -142,4 +142,8 @@ @@ -142,4 +142,8 @@
142 border:none; 142 border:none;
143 } 143 }
144 } 144 }
  145 +
  146 + .ui-box-body {
  147 + padding:10px;
  148 + }
145 } 149 }
app/assets/stylesheets/main.scss
  Diff comments   View file @64f026b
@@ -135,7 +135,6 @@ $hover: #fdf5d9; @@ -135,7 +135,6 @@ $hover: #fdf5d9;
135 */ 135 */
136 @import "common.scss"; 136 @import "common.scss";
137 137
138 -  
139 /** 138 /**
140 * Styles related to specific part of app 139 * Styles related to specific part of app
141 */ 140 */
app/controllers/omniauth_callbacks_controller.rb
  Diff comments   View file @64f026b
1 class OmniauthCallbacksController < Devise::OmniauthCallbacksController 1 class OmniauthCallbacksController < Devise::OmniauthCallbacksController
  2 + Gitlab.config.omniauth_providers.each do |provider|
  3 + define_method provider['name'] do
  4 + handle_omniauth
  5 + end
  6 + end
2 7
3 # Extend the standard message generation to accept our custom exception 8 # Extend the standard message generation to accept our custom exception
4 def failure_message 9 def failure_message
@@ -9,7 +14,7 @@ class OmniauthCallbacksController &lt; Devise::OmniauthCallbacksController @@ -9,7 +14,7 @@ class OmniauthCallbacksController &lt; Devise::OmniauthCallbacksController
9 error ||= env["omniauth.error.type"].to_s 14 error ||= env["omniauth.error.type"].to_s
10 error.to_s.humanize if error 15 error.to_s.humanize if error
11 end 16 end
12 - 17 +
13 def ldap 18 def ldap
14 # We only find ourselves here if the authentication to LDAP was successful. 19 # We only find ourselves here if the authentication to LDAP was successful.
15 @user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user) 20 @user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user)
@@ -19,4 +24,27 @@ class OmniauthCallbacksController &lt; Devise::OmniauthCallbacksController @@ -19,4 +24,27 @@ class OmniauthCallbacksController &lt; Devise::OmniauthCallbacksController
19 sign_in_and_redirect @user 24 sign_in_and_redirect @user
20 end 25 end
21 26
  27 + private
  28 +
  29 + def handle_omniauth
  30 + oauth = request.env['omniauth.auth']
  31 + provider, uid = oauth['provider'], oauth['uid']
  32 +
  33 + if current_user
  34 + # Change a logged-in user's authentication method:
  35 + current_user.extern_uid = uid
  36 + current_user.provider = provider
  37 + current_user.save
  38 + redirect_to profile_path
  39 + else
  40 + @user = User.find_or_new_for_omniauth(oauth)
  41 +
  42 + if @user
  43 + sign_in_and_redirect @user
  44 + else
  45 + flash[:notice] = "There's no such user!"
  46 + redirect_to new_user_session_path
  47 + end
  48 + end
  49 + end
22 end 50 end
app/helpers/application_helper.rb
  Diff comments   View file @64f026b
@@ -135,4 +135,10 @@ module ApplicationHelper @@ -135,4 +135,10 @@ module ApplicationHelper
135 "Never" 135 "Never"
136 end 136 end
137 end 137 end
  138 +
  139 + def authbutton(provider, size = 64)
  140 + file_name = "#{provider.to_s.split('_').first}_#{size}.png"
  141 + image_tag("authbuttons/#{file_name}",
  142 + alt: "Sign in with #{provider.to_s.titleize}")
  143 + end
138 end 144 end
app/models/user.rb
  Diff comments   View file @64f026b
@@ -86,33 +86,20 @@ class User &lt; ActiveRecord::Base @@ -86,33 +86,20 @@ class User &lt; ActiveRecord::Base
86 where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') 86 where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)')
87 end 87 end
88 88
89 - def self.find_for_ldap_auth(auth, signed_in_resource=nil)  
90 - uid = auth.info.uid  
91 - provider = auth.provider  
92 - name = auth.info.name.force_encoding("utf-8")  
93 - email = auth.info.email.downcase unless auth.info.email.nil?  
94 - raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil?  
95 -  
96 - if @user = User.find_by_extern_uid_and_provider(uid, provider)  
97 - @user  
98 - # workaround for backward compatibility  
99 - elsif @user = User.find_by_email(email)  
100 - logger.info "Updating legacy LDAP user #{email} with extern_uid => #{uid}"  
101 - @user.update_attributes(:extern_uid => uid, :provider => provider)  
102 - @user  
103 - else  
104 - logger.info "Creating user from LDAP login {uid => #{uid}, name => #{name}, email => #{email}}"  
105 - password = Devise.friendly_token[0, 8].downcase  
106 - @user = User.create(  
107 - :extern_uid => uid,  
108 - :provider => provider,  
109 - :name => name,  
110 - :email => email,  
111 - :password => password,  
112 - :password_confirmation => password,  
113 - :projects_limit => Gitlab.config.default_projects_limit  
114 - )  
115 - end 89 + def self.create_from_omniauth(auth, ldap = false)
  90 + gitlab_auth.create_from_omniauth(auth, ldap)
  91 + end
  92 +
  93 + def self.find_or_new_for_omniauth(auth)
  94 + gitlab_auth.find_or_new_for_omniauth(auth)
  95 + end
  96 +
  97 + def self.find_for_ldap_auth(auth, signed_in_resource = nil)
  98 + gitlab_auth.find_for_ldap_auth(auth, signed_in_resource)
  99 + end
  100 +
  101 + def self.gitlab_auth
  102 + Gitlab::Auth.new
116 end 103 end
117 104
118 def self.search query 105 def self.search query
@@ -148,4 +135,3 @@ end @@ -148,4 +135,3 @@ end
148 # bio :string(255) 135 # bio :string(255)
149 # blocked :boolean(1) default(FALSE), not null 136 # blocked :boolean(1) default(FALSE), not null
150 # 137 #
151 -  
app/views/devise/sessions/new.html.haml
  Diff comments   View file @64f026b
@@ -15,7 +15,8 @@ @@ -15,7 +15,8 @@
15 .right 15 .right
16 = render :partial => "devise/shared/links" 16 = render :partial => "devise/shared/links"
17 - if devise_mapping.omniauthable? 17 - if devise_mapping.omniauthable?
18 - - resource_class.omniauth_providers.each do |provider|  
19 - %hr/  
20 - = link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider), :class => "btn primary"  
21 - %br/ 18 + %hr/
  19 + %ul.unstyled
  20 + - resource_class.omniauth_providers.each do |provider|
  21 + %li
  22 + = link_to authbutton(provider, 32), omniauth_authorize_path(resource_name, provider)
app/views/layouts/profile.html.haml
  Diff comments   View file @64f026b
@@ -10,7 +10,7 @@ @@ -10,7 +10,7 @@
10 = link_to "Profile", profile_path 10 = link_to "Profile", profile_path
11 11
12 %li{class: tab_class(:password)} 12 %li{class: tab_class(:password)}
13 - = link_to "Password", profile_password_path 13 + = link_to "Authentication", profile_password_path
14 14
15 %li{class: tab_class(:ssh_keys)} 15 %li{class: tab_class(:ssh_keys)}
16 = link_to keys_path do 16 = link_to keys_path do
app/views/profile/password.html.haml
  Diff comments   View file @64f026b
1 %h3.page_title Password 1 %h3.page_title Password
2 %hr 2 %hr
  3 +
3 = form_for @user, url: profile_password_path, method: :put do |f| 4 = form_for @user, url: profile_password_path, method: :put do |f|
4 - .data  
5 - %p.slead After successful password update you will be redirected to login page where you should login with new password  
6 - -if @user.errors.any?  
7 - .alert-message.block-message.error  
8 - %ul  
9 - - @user.errors.full_messages.each do |msg|  
10 - %li= msg 5 + .row
  6 + .span7
  7 + .data
  8 + %p.slead After successful password update you will be redirected to login page where you should login with new password
  9 + -if @user.errors.any?
  10 + .alert-message.block-message.error
  11 + %ul
  12 + - @user.errors.full_messages.each do |msg|
  13 + %li= msg
  14 +
  15 + .clearfix
  16 + = f.label :password
  17 + .input= f.password_field :password
  18 + .clearfix
  19 + = f.label :password_confirmation
  20 + .input= f.password_field :password_confirmation
11 21
12 - .clearfix  
13 - = f.label :password  
14 - .input= f.password_field :password  
15 - .clearfix  
16 - = f.label :password_confirmation  
17 - .input= f.password_field :password_confirmation 22 + - if Gitlab.config.omniauth_enabled?
  23 + .span5.right
  24 + .alert.alert-info
  25 + %strong Tip: Use one of the following sites to login
  26 + %ul.unstyled
  27 + - User.omniauth_providers.each do |provider|
  28 + %li= link_to authbutton(provider), |
  29 + omniauth_authorize_path(User, provider) |
18 .actions 30 .actions
19 = f.submit 'Save', class: "btn save-btn" 31 = f.submit 'Save', class: "btn save-btn"
app/views/profile/show.html.haml
  Diff comments   View file @64f026b
@@ -50,21 +50,34 @@ @@ -50,21 +50,34 @@
50 %strong Tip: 50 %strong Tip:
51 You can change your avatar at gravatar.com 51 You can change your avatar at gravatar.com
52 52
53 - %h4  
54 - Personal projects:  
55 - %small.right  
56 - %span= current_user.my_own_projects.count  
57 - of  
58 - %span= current_user.projects_limit  
59 - .progress  
60 - .bar{style: "width: #{current_user.projects_limit_percent}%;"} 53 + - @user.provider = 'twitter'
  54 + - if Gitlab.config.omniauth_enabled? && @user.provider?
  55 + .ui-box
  56 + .ui-box-body
  57 + %h4
  58 + Omniauth Providers:
  59 + = link_to "Change", profile_password_path, class: "btn small right"
  60 + You can login through #{@user.provider.titleize}!
  61 + = authbutton(@user.provider, 32)
61 62
62 - %h4  
63 - SSH public keys:  
64 - %small.right  
65 - %span= link_to current_user.keys.count, keys_path 63 + .ui-box
  64 + .ui-box-body
  65 + %h4
  66 + Personal projects:
  67 + %small.right
  68 + %span= current_user.my_own_projects.count
  69 + of
  70 + %span= current_user.projects_limit
  71 + .progress
  72 + .bar{style: "width: #{current_user.projects_limit_percent}%;"}
66 73
67 - = link_to "Add Public Key", new_key_path, class: "btn small right" 74 + .ui-box
  75 + .ui-box-body
  76 + %h4
  77 + SSH public keys:
  78 + %strong.right= link_to current_user.keys.count, keys_path
  79 +
  80 + = link_to "Add Public Key", new_key_path, class: "btn small"
68 81
69 .form-actions 82 .form-actions
70 = f.submit 'Save', class: "btn save-btn" 83 = f.submit 'Save', class: "btn save-btn"
config/gitlab.yml.example
  Diff comments   View file @64f026b
@@ -25,8 +25,45 @@ app: @@ -25,8 +25,45 @@ app:
25 # backup_keep_time: 604800 # default: 0 (forever) (in seconds) 25 # backup_keep_time: 604800 # default: 0 (forever) (in seconds)
26 # disable_gravatar: true # default: false - Disable user avatars from Gravatar.com 26 # disable_gravatar: true # default: false - Disable user avatars from Gravatar.com
27 27
  28 +
  29 +
  30 +
  31 +#
  32 +# 2. Auth settings
  33 +# ==========================
  34 +ldap:
  35 + enabled: false
  36 + host: '_your_ldap_server'
  37 + base: '_the_base_where_you_search_for_users'
  38 + port: 636
  39 + uid: 'sAMAccountName'
  40 + method: 'ssl' # plain
  41 + bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
  42 + password: '_the_password_of_the_bind_user'
  43 +
  44 +omniauth:
  45 + # Enable ability for users
  46 + # to login via twitter, google ..
  47 + enabled: true
  48 +
  49 + # IMPORTANT!
  50 + # It allows user to login without having user account
  51 + allow_single_sign_on: false
  52 + block_auto_created_users: true
  53 +
  54 + # Auth providers
  55 + providers:
  56 + # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
  57 + # app_secret: 'YOUR APP SECRET',
  58 + # args: { access_type: 'offline', approval_prompt: '' } }
  59 + # - { name: 'twitter', app_id: 'YOUR APP ID',
  60 + # app_secret: 'YOUR APP SECRET'}
  61 + # - { name: 'github', app_id: 'YOUR APP ID',
  62 + # app_secret: 'YOUR APP SECRET' }
  63 +
  64 +
28 # 65 #
29 -# 2. Advanced settings: 66 +# 3. Advanced settings:
30 # ========================== 67 # ==========================
31 68
32 # Git Hosting configuration 69 # Git Hosting configuration
config/initializers/1_settings.rb
  Diff comments   View file @64f026b
@@ -6,7 +6,7 @@ class Settings &lt; Settingslogic @@ -6,7 +6,7 @@ class Settings &lt; Settingslogic
6 self.web['protocol'] ||= web.https ? "https" : "http" 6 self.web['protocol'] ||= web.https ? "https" : "http"
7 end 7 end
8 8
9 - def web_host 9 + def web_host
10 self.web['host'] ||= 'localhost' 10 self.web['host'] ||= 'localhost'
11 end 11 end
12 12
@@ -14,11 +14,11 @@ class Settings &lt; Settingslogic @@ -14,11 +14,11 @@ class Settings &lt; Settingslogic
14 self.email['from'] ||= ("notify@" + web_host) 14 self.email['from'] ||= ("notify@" + web_host)
15 end 15 end
16 16
17 - def url 17 + def url
18 self['url'] ||= build_url 18 self['url'] ||= build_url
19 - end 19 + end
20 20
21 - def web_port 21 + def web_port
22 if web.https 22 if web.https
23 web['port'] = 443 23 web['port'] = 443
24 else 24 else
@@ -36,7 +36,7 @@ class Settings &lt; Settingslogic @@ -36,7 +36,7 @@ class Settings &lt; Settingslogic
36 raw_url << web_host 36 raw_url << web_host
37 37
38 if web_custom_port? 38 if web_custom_port?
39 - raw_url << ":#{web_port}" 39 + raw_url << ":#{web_port}"
40 end 40 end
41 41
42 raw_url 42 raw_url
@@ -120,6 +120,22 @@ class Settings &lt; Settingslogic @@ -120,6 +120,22 @@ class Settings &lt; Settingslogic
120 app['backup_keep_time'] || 0 120 app['backup_keep_time'] || 0
121 end 121 end
122 122
  123 + def ldap_enabled?
  124 + ldap['enabled']
  125 + rescue
  126 + false
  127 + end
  128 +
  129 + def omniauth_enabled?
  130 + omniauth && omniauth['enabled']
  131 + rescue
  132 + false
  133 + end
  134 +
  135 + def omniauth_providers
  136 + omniauth['providers'] || []
  137 + end
  138 +
123 def disable_gravatar? 139 def disable_gravatar?
124 app['disable_gravatar'] || false 140 app['disable_gravatar'] || false
125 end 141 end
config/initializers/devise.rb
  Diff comments   View file @64f026b
@@ -204,4 +204,21 @@ Devise.setup do |config| @@ -204,4 +204,21 @@ Devise.setup do |config|
204 # manager.intercept_401 = false 204 # manager.intercept_401 = false
205 # manager.default_strategies(:scope => :user).unshift :some_external_strategy 205 # manager.default_strategies(:scope => :user).unshift :some_external_strategy
206 # end 206 # end
  207 +
  208 + gl = Gitlab.config
  209 +
  210 + if gl.ldap_enabled?
  211 + config.omniauth :ldap,
  212 + :host => gl.ldap['host'],
  213 + :base => gl.ldap['base'],
  214 + :uid => gl.ldap['uid'],
  215 + :port => gl.ldap['port'],
  216 + :method => gl.ldap['method'],
  217 + :bind_dn => gl.ldap['bind_dn'],
  218 + :password => gl.ldap['password']
  219 + end
  220 +
  221 + gl.omniauth_providers.each do |gl_provider|
  222 + config.omniauth gl_provider['name'].to_sym, gl_provider['app_id'], gl_provider['app_secret']
  223 + end
207 end 224 end
config/initializers/omniauth.rb.sample
View file @40eec08
@@ -1,15 +0,0 @@ @@ -1,15 +0,0 @@
1 -# Copy this file to 'omniauth.rb' and configure it as necessary.  
2 -# The wiki has further details on configuring each provider.  
3 -  
4 -Devise.setup do |config|  
5 - # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'  
6 -  
7 - # config.omniauth :ldap,  
8 - # :host => 'YOUR_LDAP_SERVER',  
9 - # :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',  
10 - # :uid => 'sAMAccountName',  
11 - # :port => 389,  
12 - # :method => :plain,  
13 - # :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',  
14 - # :password => 'THE_PASSWORD_OF_THE_BIND_USER'  
15 -end  
lib/gitlab/auth.rb 0 → 100644
  Diff comments   View file @64f026b
@@ -0,0 +1,66 @@ @@ -0,0 +1,66 @@
  1 +module Gitlab
  2 + class Auth
  3 + def find_for_ldap_auth(auth, signed_in_resource = nil)
  4 + uid = auth.info.uid
  5 + provider = auth.provider
  6 + email = auth.info.email.downcase unless auth.info.email.nil?
  7 + raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil?
  8 +
  9 + if @user = User.find_by_extern_uid_and_provider(uid, provider)
  10 + @user
  11 + elsif @user = User.find_by_email(email)
  12 + log.info "Updating legacy LDAP user #{email} with extern_uid => #{uid}"
  13 + @user.update_attributes(:extern_uid => uid, :provider => provider)
  14 + @user
  15 + else
  16 + create_from_omniauth(auth, true)
  17 + end
  18 + end
  19 +
  20 + def create_from_omniauth auth, ldap = false
  21 + provider = auth.provider
  22 + uid = auth.info.uid || auth.uid
  23 + name = auth.info.name.force_encoding("utf-8")
  24 + email = auth.info.email.downcase unless auth.info.email.nil?
  25 +
  26 + ldap_prefix = ldap ? '(LDAP) ' : ''
  27 + raise OmniAuth::Error, "#{ldap_prefix}#{provider} does not provide an email"\
  28 + " address" if auth.info.email.blank?
  29 +
  30 + log.info "#{ldap_prefix}Creating user from #{provider} login"\
  31 + " {uid => #{uid}, name => #{name}, email => #{email}}"
  32 + password = Devise.friendly_token[0, 8].downcase
  33 + @user = User.new(
  34 + extern_uid: uid,
  35 + provider: provider,
  36 + name: name,
  37 + email: email,
  38 + password: password,
  39 + password_confirmation: password,
  40 + projects_limit: Gitlab.config.default_projects_limit,
  41 + )
  42 + if Gitlab.config.omniauth.block_auto_created_users && !ldap
  43 + @user.blocked = true
  44 + end
  45 + @user.save!
  46 + @user
  47 + end
  48 +
  49 + def find_or_new_for_omniauth(auth)
  50 + provider, uid = auth.provider, auth.uid
  51 +
  52 + if @user = User.find_by_provider_and_extern_uid(provider, uid)
  53 + @user
  54 + else
  55 + if Gitlab.config.omniauth.allow_single_sign_on
  56 + @user = create_from_omniauth(auth)
  57 + @user
  58 + end
  59 + end
  60 + end
  61 +
  62 + def log
  63 + Gitlab::AppLogger
  64 + end
  65 + end
  66 +end
spec/lib/auth_spec.rb 0 → 100644
  Diff comments   View file @64f026b
@@ -0,0 +1,93 @@ @@ -0,0 +1,93 @@
  1 +require 'spec_helper'
  2 +
  3 +describe Gitlab::Auth do
  4 + let(:gl_auth) { Gitlab::Auth.new }
  5 +
  6 + before do
  7 + @info = mock(
  8 + uid: '12djsak321',
  9 + name: 'John',
  10 + email: 'john@mail.com'
  11 + )
  12 + end
  13 +
  14 + describe :find_for_ldap_auth do
  15 + before do
  16 + @auth = mock(
  17 + uid: '12djsak321',
  18 + info: @info,
  19 + provider: 'ldap'
  20 + )
  21 + end
  22 +
  23 + it "should find by uid & provider" do
  24 + User.should_receive :find_by_extern_uid_and_provider
  25 + gl_auth.find_for_ldap_auth(@auth)
  26 + end
  27 +
  28 + it "should update credentials by email if missing uid" do
  29 + user = double('User')
  30 + User.stub find_by_extern_uid_and_provider: nil
  31 + User.stub find_by_email: user
  32 + user.should_receive :update_attributes
  33 + gl_auth.find_for_ldap_auth(@auth)
  34 + end
  35 +
  36 +
  37 + it "should create from auth if user doesnot exist"do
  38 + User.stub find_by_extern_uid_and_provider: nil
  39 + User.stub find_by_email: nil
  40 + gl_auth.should_receive :create_from_omniauth
  41 + gl_auth.find_for_ldap_auth(@auth)
  42 + end
  43 + end
  44 +
  45 + describe :find_or_new_for_omniauth do
  46 + before do
  47 + @auth = mock(
  48 + info: @info,
  49 + provider: 'twitter',
  50 + uid: '12djsak321',
  51 + )
  52 + end
  53 +
  54 + it "should find user"do
  55 + User.should_receive :find_by_provider_and_extern_uid
  56 + gl_auth.should_not_receive :create_from_omniauth
  57 + gl_auth.find_or_new_for_omniauth(@auth)
  58 + end
  59 +
  60 + it "should not create user"do
  61 + User.stub find_by_provider_and_extern_uid: nil
  62 + gl_auth.should_not_receive :create_from_omniauth
  63 + gl_auth.find_or_new_for_omniauth(@auth)
  64 + end
  65 +
  66 + it "should create user if single_sing_on"do
  67 + Gitlab.config.omniauth.stub allow_single_sign_on: true
  68 + User.stub find_by_provider_and_extern_uid: nil
  69 + gl_auth.should_receive :create_from_omniauth
  70 + gl_auth.find_or_new_for_omniauth(@auth)
  71 + end
  72 + end
  73 +
  74 + describe :create_from_omniauth do
  75 + it "should create user from LDAP" do
  76 + @auth = mock(info: @info, provider: 'ldap')
  77 + user = gl_auth.create_from_omniauth(@auth, true)
  78 +
  79 + user.should be_valid
  80 + user.extern_uid.should == @info.uid
  81 + user.provider.should == 'ldap'
  82 + end
  83 +
  84 + it "should create user from Omniauth" do
  85 + @auth = mock(info: @info, provider: 'twitter')
  86 + user = gl_auth.create_from_omniauth(@auth, false)
  87 +
  88 + user.should be_valid
  89 + user.extern_uid.should == @info.uid
  90 + user.provider.should == 'twitter'
  91 + end
  92 + end
  93 +end
vendor/assets/images/authbuttons/github_32.png 0 → 100644
View file @64f026b

1.89 KB
vendor/assets/images/authbuttons/github_64.png 0 → 100644
View file @64f026b

4.34 KB
vendor/assets/images/authbuttons/google_32.png 0 → 100644
View file @64f026b

1.58 KB
vendor/assets/images/authbuttons/google_64.png 0 → 100644
View file @64f026b

3.37 KB
vendor/assets/images/authbuttons/twitter_32.png 0 → 100644
View file @64f026b

1.41 KB
vendor/assets/images/authbuttons/twitter_64.png 0 → 100644
View file @64f026b

3.3 KB