Download as
Browse Code »

Commit 6d6c7a17ea2d2a61d4f251d6d746ebe9438405ca

Authored by Florian Unglaub
1 parent 36ffdf36
Exists in master and in 4 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb, spb-stable

Allow single-sign-on with Omniauth

Showing 3 changed files with 37 additions and 3 deletions   Show diff stats
app/controllers/omniauth_callbacks_controller.rb
  Diff comments   View file @6d6c7a1
@@ -38,7 +38,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController @@ -38,7 +38,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
38 current_user.save 38 current_user.save
39 redirect_to profile_path 39 redirect_to profile_path
40 else 40 else
41 - @user = User.find_by_provider_and_extern_uid(provider, uid) 41 + @user = User.find_or_new_for_omniauth(oauth)
  42 + @user.save! if @user.try('new_record?')
42 43
43 if @user 44 if @user
44 sign_in_and_redirect @user 45 sign_in_and_redirect @user
@@ -48,5 +49,4 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController @@ -48,5 +49,4 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
48 end 49 end
49 end 50 end
50 end 51 end
51 -  
52 end 52 end
app/models/user.rb
  Diff comments   View file @6d6c7a1
@@ -86,6 +86,39 @@ class User < ActiveRecord::Base @@ -86,6 +86,39 @@ class User < ActiveRecord::Base
86 where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') 86 where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)')
87 end 87 end
88 88
  89 + def self.find_or_new_for_omniauth(oauth)
  90 + provider, uid = oauth['provider'], oauth['uid']
  91 +
  92 + if @user = User.find_by_provider_and_extern_uid(provider, uid)
  93 + @user
  94 + else
  95 + if Gitlab.config.omniauth.allow_single_sign_on
  96 + # Ensure here that all required attributes were passed along with the
  97 + # oauth request:
  98 + %w(first_name last_name email).each do |attr|
  99 + unless oauth[:info][attr].present?
  100 + raise OmniAuth::Error,
  101 + "#{provider} does not provide the required field #{attr}"
  102 + end
  103 + end
  104 +
  105 + password = Devise.friendly_token[0, 8].downcase
  106 + @user = User.new(
  107 + extern_uid: uid,
  108 + provider: provider,
  109 + name: "#{oauth[:info][:first_name]} #{oauth[:info][:last_name]}",
  110 + email: oauth[:info][:email],
  111 + password: password,
  112 + password_confirmation: password,
  113 + projects_limit: Gitlab.config.default_projects_limit,
  114 + )
  115 +
  116 + @user.blocked = true if Gitlab.config.omniauth.block_auto_created_users
  117 + @user
  118 + end
  119 + end
  120 + end
  121 +
89 def self.find_for_ldap_auth(auth, signed_in_resource=nil) 122 def self.find_for_ldap_auth(auth, signed_in_resource=nil)
90 uid = auth.info.uid 123 uid = auth.info.uid
91 provider = auth.provider 124 provider = auth.provider
@@ -148,4 +181,3 @@ end @@ -148,4 +181,3 @@ end
148 # bio :string(255) 181 # bio :string(255)
149 # blocked :boolean(1) default(FALSE), not null 182 # blocked :boolean(1) default(FALSE), not null
150 # 183 #
151 -  
config/gitlab.yml.example
  Diff comments   View file @6d6c7a1
@@ -53,6 +53,8 @@ git: @@ -53,6 +53,8 @@ git:
53 omniauth: 53 omniauth:
54 enabled: false 54 enabled: false
55 providers: 55 providers:
  56 + allow_single_sign_on: false
  57 + block_auto_created_users: true
56 58
57 # omniauth: 59 # omniauth:
58 # enabled: true 60 # enabled: true