Commit 71abf70458ca1f6d85bc828b215931eaf3639b5d
1 parent
6bf117c6
Exists in
master
and in
4 other branches
Move ldap auth to LDAP::User. Removed unused code
Showing
3 changed files
with
28 additions
and
40 deletions
Show diff stats
lib/gitlab/auth.rb
| ... | ... | @@ -66,23 +66,12 @@ module Gitlab |
| 66 | 66 | Gitlab::AppLogger |
| 67 | 67 | end |
| 68 | 68 | |
| 69 | - def ldap_auth(login, password) | |
| 70 | - # Check user against LDAP backend if user is not authenticated | |
| 71 | - # Only check with valid login and password to prevent anonymous bind results | |
| 72 | - return nil unless ldap_conf.enabled && !login.blank? && !password.blank? | |
| 73 | - | |
| 74 | - ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf) | |
| 75 | - ldap_user = ldap.bind_as( | |
| 76 | - filter: Net::LDAP::Filter.eq(ldap.uid, login), | |
| 77 | - size: 1, | |
| 78 | - password: password | |
| 79 | - ) | |
| 80 | - | |
| 81 | - User.find_by_extern_uid_and_provider(ldap_user.dn, 'ldap') if ldap_user | |
| 82 | - end | |
| 83 | - | |
| 84 | 69 | def ldap_conf |
| 85 | 70 | @ldap_conf ||= Gitlab.config.ldap |
| 86 | 71 | end |
| 72 | + | |
| 73 | + def ldap_auth(login, password) | |
| 74 | + Gitlab::LDAP::User.auth(login, password) | |
| 75 | + end | |
| 87 | 76 | end |
| 88 | 77 | end | ... | ... |
lib/gitlab/backend/grack_ldap.rb
| ... | ... | @@ -1,24 +0,0 @@ |
| 1 | -require 'omniauth-ldap' | |
| 2 | - | |
| 3 | -module Grack | |
| 4 | - module LDAP | |
| 5 | - def ldap_auth(login, password) | |
| 6 | - # Check user against LDAP backend if user is not authenticated | |
| 7 | - # Only check with valid login and password to prevent anonymous bind results | |
| 8 | - return nil unless ldap_conf.enabled && !login.blank? && !password.blank? | |
| 9 | - | |
| 10 | - ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf) | |
| 11 | - ldap_user = ldap.bind_as( | |
| 12 | - filter: Net::LDAP::Filter.eq(ldap.uid, login), | |
| 13 | - size: 1, | |
| 14 | - password: password | |
| 15 | - ) | |
| 16 | - | |
| 17 | - User.find_by_extern_uid_and_provider(ldap_user.dn, 'ldap') if ldap_user | |
| 18 | - end | |
| 19 | - | |
| 20 | - def ldap_conf | |
| 21 | - @ldap_conf ||= Gitlab.config.ldap | |
| 22 | - end | |
| 23 | - end | |
| 24 | -end |
lib/gitlab/ldap/user.rb
| ... | ... | @@ -9,7 +9,7 @@ module Gitlab |
| 9 | 9 | class << self |
| 10 | 10 | def find(uid, email) |
| 11 | 11 | # Look for user with ldap provider and same uid |
| 12 | - user = model.ldap.where(extern_uid: uid).last | |
| 12 | + user = find_by_uid(uid) | |
| 13 | 13 | return user if user |
| 14 | 14 | |
| 15 | 15 | # Look for user with same emails |
| ... | ... | @@ -61,6 +61,25 @@ module Gitlab |
| 61 | 61 | user |
| 62 | 62 | end |
| 63 | 63 | |
| 64 | + def find_by_uid(uid) | |
| 65 | + model.ldap.where(extern_uid: uid).last | |
| 66 | + end | |
| 67 | + | |
| 68 | + def auth(login, password) | |
| 69 | + # Check user against LDAP backend if user is not authenticated | |
| 70 | + # Only check with valid login and password to prevent anonymous bind results | |
| 71 | + return nil unless ldap_conf.enabled && login.present? && password.present? | |
| 72 | + | |
| 73 | + ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf) | |
| 74 | + ldap_user = ldap.bind_as( | |
| 75 | + filter: Net::LDAP::Filter.eq(ldap.uid, login), | |
| 76 | + size: 1, | |
| 77 | + password: password | |
| 78 | + ) | |
| 79 | + | |
| 80 | + find_by_uid(ldap_user.dn) if ldap_user | |
| 81 | + end | |
| 82 | + | |
| 64 | 83 | private |
| 65 | 84 | |
| 66 | 85 | def uid(auth) |
| ... | ... | @@ -86,6 +105,10 @@ module Gitlab |
| 86 | 105 | def model |
| 87 | 106 | ::User |
| 88 | 107 | end |
| 108 | + | |
| 109 | + def ldap_conf | |
| 110 | + Gitlab.config.ldap | |
| 111 | + end | |
| 89 | 112 | end |
| 90 | 113 | end |
| 91 | 114 | end | ... | ... |