Download as
Browse Code »

Commit 6d6c7a17ea2d2a61d4f251d6d746ebe9438405ca

Authored by Florian Unglaub
1 parent 36ffdf36
Exists in master and in 4 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb, spb-stable

Allow single-sign-on with Omniauth

Showing 3 changed files with 37 additions and 3 deletions   Show diff stats
app/controllers/omniauth_callbacks_controller.rb
  Diff comments   View file @6d6c7a1
... ... @@ -38,7 +38,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
38 38 current_user.save
39 39 redirect_to profile_path
40 40 else
41   - @user = User.find_by_provider_and_extern_uid(provider, uid)
  41 + @user = User.find_or_new_for_omniauth(oauth)
  42 + @user.save! if @user.try('new_record?')
42 43  
43 44 if @user
44 45 sign_in_and_redirect @user
... ... @@ -48,5 +49,4 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
48 49 end
49 50 end
50 51 end
51   -
52 52 end
... ...
app/models/user.rb
  Diff comments   View file @6d6c7a1
... ... @@ -86,6 +86,39 @@ class User < ActiveRecord::Base
86 86 where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)')
87 87 end
88 88  
  89 + def self.find_or_new_for_omniauth(oauth)
  90 + provider, uid = oauth['provider'], oauth['uid']
  91 +
  92 + if @user = User.find_by_provider_and_extern_uid(provider, uid)
  93 + @user
  94 + else
  95 + if Gitlab.config.omniauth.allow_single_sign_on
  96 + # Ensure here that all required attributes were passed along with the
  97 + # oauth request:
  98 + %w(first_name last_name email).each do |attr|
  99 + unless oauth[:info][attr].present?
  100 + raise OmniAuth::Error,
  101 + "#{provider} does not provide the required field #{attr}"
  102 + end
  103 + end
  104 +
  105 + password = Devise.friendly_token[0, 8].downcase
  106 + @user = User.new(
  107 + extern_uid: uid,
  108 + provider: provider,
  109 + name: "#{oauth[:info][:first_name]} #{oauth[:info][:last_name]}",
  110 + email: oauth[:info][:email],
  111 + password: password,
  112 + password_confirmation: password,
  113 + projects_limit: Gitlab.config.default_projects_limit,
  114 + )
  115 +
  116 + @user.blocked = true if Gitlab.config.omniauth.block_auto_created_users
  117 + @user
  118 + end
  119 + end
  120 + end
  121 +
89 122 def self.find_for_ldap_auth(auth, signed_in_resource=nil)
90 123 uid = auth.info.uid
91 124 provider = auth.provider
... ... @@ -148,4 +181,3 @@ end
148 181 # bio :string(255)
149 182 # blocked :boolean(1) default(FALSE), not null
150 183 #
151   -
... ...
config/gitlab.yml.example
  Diff comments   View file @6d6c7a1
... ... @@ -53,6 +53,8 @@ git:
53 53 omniauth:
54 54 enabled: false
55 55 providers:
  56 + allow_single_sign_on: false
  57 + block_auto_created_users: true
56 58  
57 59 # omniauth:
58 60 # enabled: true
... ...