diff --git a/Gemfile b/Gemfile index d34603e..7b66fcf 100644 --- a/Gemfile +++ b/Gemfile @@ -133,6 +133,7 @@ gem "underscore-rails", "~> 1.4.4" # Sanitize user input gem "sanitize" +gem "omniauth-env", git: "https://github.com/colab-community/omniauth-env.git" # Protect against bruteforcing gem "rack-attack" diff --git a/Gemfile.lock b/Gemfile.lock index 7915602..84d5f9a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,49 +1,62 @@ +GIT + remote: https://github.com/colab-community/omniauth-env.git + revision: 3bdf3750a81f260063c3470ccc0d86070d01c552 + specs: + omniauth-env (0.0.1) + gitlab_omniauth-ldap (~> 1.0.3) + omniauth (~> 1.0) + GEM remote: https://rubygems.org/ specs: - actionmailer (4.0.2) - actionpack (= 4.0.2) + actionmailer (4.0.4) + actionpack (= 4.0.4) mail (~> 2.5.4) - actionpack (4.0.2) - activesupport (= 4.0.2) + actionpack (4.0.4) + activesupport (= 4.0.4) builder (~> 3.1.0) erubis (~> 2.7.0) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionpack-action_caching (1.1.0) + actionpack-action_caching (1.1.1) actionpack (>= 4.0.0, < 5.0) actionpack-page_caching (1.0.2) actionpack (>= 4.0.0, < 5) - activemodel (4.0.2) - activesupport (= 4.0.2) + activemodel (4.0.4) + activesupport (= 4.0.4) builder (~> 3.1.0) - activerecord (4.0.2) - activemodel (= 4.0.2) + activerecord (4.0.4) + activemodel (= 4.0.4) activerecord-deprecated_finders (~> 1.0.2) - activesupport (= 4.0.2) + activesupport (= 4.0.4) arel (~> 4.0.0) activerecord-deprecated_finders (1.0.3) - activesupport (4.0.2) - i18n (~> 0.6, >= 0.6.4) + activesupport (4.0.4) + i18n (~> 0.6, >= 0.6.9) minitest (~> 4.2) multi_json (~> 1.3) thread_safe (~> 0.1) tzinfo (~> 0.3.37) - acts-as-taggable-on (2.4.1) - rails (>= 3, < 5) - addressable (2.3.5) - annotate (2.6.0) + acts-as-taggable-on (3.1.0) + actionpack (>= 3, < 5) + activerecord (>= 3, < 5) + activesupport (>= 3, < 5) + addressable (2.3.6) + annotate (2.6.2) activerecord (>= 2.3.0) rake (>= 0.8.7) - arel (4.0.1) + arel (4.0.2) asciidoctor (0.1.4) - atomic (1.1.14) + atomic (1.1.16) awesome_print (1.2.0) - axiom-types (0.0.5) - descendants_tracker (~> 0.0.1) - ice_nine (~> 0.9) - bcrypt-ruby (3.1.2) - better_errors (1.0.1) + axiom-types (0.1.1) + descendants_tracker (~> 0.0.4) + ice_nine (~> 0.11.0) + thread_safe (~> 0.3, >= 0.3.1) + bcrypt (3.1.7) + bcrypt-ruby (3.1.5) + bcrypt (>= 3.1.3) + better_errors (1.1.0) coderay (>= 1.0.0) erubis (>= 2.6.6) binding_of_caller (0.7.2) @@ -57,21 +70,25 @@ GEM rack (>= 1.0.0) rack-test (>= 0.5.4) xpath (~> 2.0) - carrierwave (0.9.0) + carrierwave (0.10.0) activemodel (>= 3.2.0) activesupport (>= 3.2.0) json (>= 1.7) + mime-types (>= 1.16) celluloid (0.15.2) timers (~> 1.1.0) + celluloid-io (0.15.0) + celluloid (>= 0.15.0) + nio4r (>= 0.5.0) charlock_holmes (0.6.9.4) chosen-rails (1.0.1) coffee-rails (>= 3.2) compass-rails (>= 1.0) railties (>= 3.0) sass-rails (>= 3.2) - chunky_png (1.2.9) + chunky_png (1.3.0) cliver (0.2.2) - code_analyzer (0.4.3) + code_analyzer (0.4.5) sexp_processor coderay (1.1.0) coercible (1.0.0) @@ -82,30 +99,32 @@ GEM coffee-script (2.2.0) coffee-script-source execjs - coffee-script-source (1.6.3) + coffee-script-source (1.7.0) colored (1.2) colorize (0.5.8) - compass (0.12.2) + compass (0.12.4) chunky_png (~> 1.2) fssm (>= 0.2.7) - sass (~> 3.1) - compass-rails (1.1.1) + sass (~> 3.2.17) + compass-rails (1.1.7) compass (>= 0.12.2) - connection_pool (1.2.0) + sprockets (<= 2.11.0) + connection_pool (2.0.0) coveralls (0.7.0) multi_json (~> 1.3) rest-client simplecov (>= 0.7) term-ansicolor thor - crack (0.4.1) - safe_yaml (~> 0.9.0) + crack (0.4.2) + safe_yaml (~> 1.0.0) d3_rails (3.1.10) railties (>= 3.1.0) daemons (1.1.9) database_cleaner (1.2.0) debug_inspector (0.0.2) - descendants_tracker (0.0.3) + descendants_tracker (0.0.4) + thread_safe (~> 0.3, >= 0.3.1) devise (3.0.4) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) @@ -114,29 +133,29 @@ GEM devise-async (0.8.0) devise (>= 2.2, < 3.2) diff-lcs (1.2.5) - docile (1.1.1) - dotenv (0.9.0) + docile (1.1.3) + dotenv (0.10.0) email_spec (1.5.0) launchy (~> 2.1) mail (~> 2.2) - enumerize (0.7.0) + enumerize (0.8.0) activesupport (>= 3.2) - equalizer (0.0.8) + equalizer (0.0.9) erubis (2.7.0) escape_utils (0.2.4) eventmachine (1.0.3) excon (0.13.4) execjs (2.0.2) - factory_girl (4.3.0) + factory_girl (4.4.0) activesupport (>= 3.0.0) - factory_girl_rails (4.3.0) - factory_girl (~> 4.3.0) + factory_girl_rails (4.4.1) + factory_girl (~> 4.4.0) railties (>= 3.0.0) - faraday (0.8.8) + faraday (0.8.9) multipart-post (~> 1.2.0) faraday_middleware (0.9.0) faraday (>= 0.7.4, < 0.9) - ffaker (1.22.1) + ffaker (1.23.0) ffi (1.9.3) fog (1.3.1) builder @@ -173,7 +192,7 @@ GEM stringex (~> 1.5.1) gitlab-grack (2.0.0.pre) rack (~> 1.5.1) - gitlab-grit (2.6.3) + gitlab-grit (2.6.4) charlock_holmes (~> 0.6.9) diff-lcs (~> 1.1) mime-types (~> 1.15) @@ -186,7 +205,7 @@ GEM gitlab-pygments.rb (0.5.4) posix-spawn (~> 0.3.6) yajl-ruby (~> 1.1.0) - gitlab_git (4.0.0.pre) + gitlab_git (4.0.0) activesupport (~> 4.0.0) gitlab-grit (~> 2.6.1) gitlab-linguist (~> 2.9.5) @@ -197,7 +216,7 @@ GEM omniauth (~> 1.0) pyu-ruby-sasl (~> 0.0.3.1) rubyntlm (~> 0.1.1) - gon (5.0.0) + gon (5.0.4) actionpack (>= 2.3.0) json grape (0.6.1) @@ -214,70 +233,71 @@ GEM activesupport multi_json (>= 1.3.2) growl (1.0.3) - guard (2.2.4) + guard (2.6.0) formatador (>= 0.2.4) - listen (~> 2.1) + listen (~> 2.7) lumberjack (~> 1.0) pry (>= 0.9.12) thor (>= 0.18.1) - guard-rspec (4.2.0) - guard (>= 2.1.1) + guard-rspec (4.2.8) + guard (~> 2.1) rspec (>= 2.14, < 4.0) - guard-spinach (0.0.2) + guard-spinach (0.0.3) guard (>= 1.1) spinach - haml (4.0.4) + haml (4.0.5) tilt - haml-rails (0.5.1) - actionpack (~> 4.0.0) - activesupport (~> 4.0.0) + haml-rails (0.5.3) + actionpack (>= 4.0.1) + activesupport (>= 4.0.1) haml (>= 3.1, < 5.0) - railties (~> 4.0.0) + railties (>= 4.0.1) hashie (2.0.5) hike (1.2.3) hipchat (0.9.0) httparty httparty http_parser.rb (0.5.3) - httparty (0.12.0) + httparty (0.13.0) json (~> 1.8) multi_xml (>= 0.5.2) - httpauth (0.2.0) + httpauth (0.2.1) i18n (0.6.9) - ice_nine (0.10.0) + ice_nine (0.11.0) jasmine (2.0.0.rc5) jasmine-core (~> 2.0.0.rc5) phantomjs rack (>= 1.2.1) rake - jasmine-core (2.0.0.rc5) + jasmine-core (2.0.0) jquery-atwho-rails (0.3.3) jquery-rails (2.1.3) railties (>= 3.1.0, < 5.0) thor (~> 0.14) - jquery-turbolinks (2.0.1) + jquery-turbolinks (2.0.2) railties (>= 3.1.0) turbolinks jquery-ui-rails (2.0.2) jquery-rails railties (>= 3.1.0) json (1.8.1) - jwt (0.1.8) + jwt (0.1.11) multi_json (>= 1.5) kaminari (0.14.1) actionpack (>= 3.0.0) activesupport (>= 3.0.0) - kgio (2.8.1) + kgio (2.9.2) launchy (2.4.2) addressable (~> 2.3) - letter_opener (1.1.2) + letter_opener (1.2.0) launchy (~> 2.2) libv8 (3.16.14.3) - listen (2.3.1) + listen (2.7.1) celluloid (>= 0.15.2) + celluloid-io (>= 0.15.0) rb-fsevent (>= 0.9.3) rb-inotify (>= 0.9) - lumberjack (1.0.4) + lumberjack (1.0.5) mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) @@ -286,15 +306,16 @@ GEM minitest (4.7.5) modernizr (2.6.2) sprockets (~> 2.0) - multi_json (1.8.2) + multi_json (1.9.2) multi_xml (0.5.5) multipart-post (1.2.0) - mysql2 (0.3.11) + mysql2 (0.3.15) net-ldap (0.3.1) net-scp (1.0.4) net-ssh (>= 1.99.1) - net-ssh (2.7.0) - nokogiri (1.5.10) + net-ssh (2.8.0) + nio4r (1.0.0) + nokogiri (1.5.11) oauth (0.4.7) oauth2 (0.8.1) faraday (~> 0.8) @@ -308,7 +329,7 @@ GEM omniauth-github (1.1.1) omniauth (~> 1.0) omniauth-oauth2 (~> 1.1) - omniauth-google-oauth2 (0.2.1) + omniauth-google-oauth2 (0.2.2) omniauth (~> 1.0) omniauth-oauth2 omniauth-oauth (1.0.1) @@ -321,50 +342,50 @@ GEM multi_json (~> 1.3) omniauth-oauth (~> 1.0) orm_adapter (0.5.0) - pg (0.15.1) - phantomjs (1.9.2.0) + pg (0.17.1) + phantomjs (1.9.7.0) poltergeist (1.4.1) capybara (~> 2.1.0) cliver (~> 0.2.1) multi_json (~> 1.0) websocket-driver (>= 0.2.0) - polyglot (0.3.3) - posix-spawn (0.3.6) - protected_attributes (1.0.5) + polyglot (0.3.4) + posix-spawn (0.3.8) + protected_attributes (1.0.7) activemodel (>= 4.0.1, < 5.0) - pry (0.9.12.4) + pry (0.9.12.6) coderay (~> 1.0) method_source (~> 0.8) slop (~> 3.4) pyu-ruby-sasl (0.0.3.3) quiet_assets (1.0.2) railties (>= 3.1, < 5.0) - racc (1.4.10) + racc (1.4.11) rack (1.5.2) rack-accept (0.4.5) rack (>= 0.4) - rack-attack (2.3.0) + rack-attack (3.0.0) rack rack-cors (0.2.9) - rack-mini-profiler (0.1.31) + rack-mini-profiler (0.9.1) rack (>= 1.1.3) rack-mount (0.8.3) rack (>= 1.0.0) - rack-protection (1.5.1) + rack-protection (1.5.2) rack rack-test (0.6.2) rack (>= 1.0) - rails (4.0.2) - actionmailer (= 4.0.2) - actionpack (= 4.0.2) - activerecord (= 4.0.2) - activesupport (= 4.0.2) + rails (4.0.4) + actionmailer (= 4.0.4) + actionpack (= 4.0.4) + activerecord (= 4.0.4) + activesupport (= 4.0.4) bundler (>= 1.3.0, < 2.0) - railties (= 4.0.2) + railties (= 4.0.4) sprockets-rails (~> 2.0.0) rails-observers (0.1.2) activemodel (~> 4.0) - rails_best_practices (1.14.4) + rails_best_practices (1.15.2) activesupport awesome_print code_analyzer (>= 0.4.3) @@ -373,21 +394,21 @@ GEM i18n require_all ruby-progressbar - railties (4.0.2) - actionpack (= 4.0.2) - activesupport (= 4.0.2) + railties (4.0.4) + actionpack (= 4.0.4) + activesupport (= 4.0.4) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - raindrops (0.12.0) - rake (10.1.0) + raindrops (0.13.0) + rake (10.2.2) raphael-rails (2.1.2) - rb-fsevent (0.9.3) - rb-inotify (0.9.2) + rb-fsevent (0.9.4) + rb-inotify (0.9.3) ffi (>= 0.5.0) - rdoc (3.12.2) + rdoc (4.1.1) json (~> 1.4) redcarpet (2.2.2) - redis (3.0.6) + redis (3.0.7) redis-actionpack (4.0.0) actionpack (~> 4) redis-rack (~> 1.5.0) @@ -414,45 +435,47 @@ GEM rspec-core (~> 2.14.0) rspec-expectations (~> 2.14.0) rspec-mocks (~> 2.14.0) - rspec-core (2.14.7) - rspec-expectations (2.14.4) + rspec-core (2.14.8) + rspec-expectations (2.14.5) diff-lcs (>= 1.1.3, < 2.0) - rspec-mocks (2.14.4) - rspec-rails (2.14.0) + rspec-mocks (2.14.6) + rspec-rails (2.14.2) actionpack (>= 3.0) + activemodel (>= 3.0) activesupport (>= 3.0) railties (>= 3.0) rspec-core (~> 2.14.0) rspec-expectations (~> 2.14.0) rspec-mocks (~> 2.14.0) ruby-hmac (0.4.0) - ruby-progressbar (1.2.0) + ruby-progressbar (1.4.2) rubyntlm (0.1.1) - safe_yaml (0.9.7) + safe_yaml (1.0.1) sanitize (2.0.6) nokogiri (>= 1.4.4) - sass (3.2.12) - sass-rails (4.0.1) + sass (3.2.18) + sass-rails (4.0.2) railties (>= 4.0.0, < 5.0) - sass (>= 3.1.10) + sass (~> 3.2.0) + sprockets (~> 2.8, <= 2.11.0) sprockets-rails (~> 2.0.0) - sdoc (0.3.20) - json (>= 1.1.3) - rdoc (~> 3.10) + sdoc (0.4.0) + json (~> 1.8) + rdoc (~> 4.0, < 5.0) seed-fu (2.3.0) activerecord (>= 3.1, < 4.1) activesupport (>= 3.1, < 4.1) - select2-rails (3.5.2) + select2-rails (3.5.4) thor (~> 0.14) settingslogic (2.0.9) - sexp_processor (4.4.0) + sexp_processor (4.4.3) shoulda-matchers (2.1.0) activesupport (>= 3.0.0) - sidekiq (2.17.0) + sidekiq (3.0.0) celluloid (>= 0.15.2) - connection_pool (>= 1.0.0) + connection_pool (>= 2.0.0) json - redis (>= 3.0.4) + redis (>= 3.0.6) redis-namespace (>= 1.3.1) simple_oauth (0.1.9) simplecov (0.8.2) @@ -468,7 +491,7 @@ GEM slim (2.0.2) temple (~> 0.6.6) tilt (>= 1.3.3, < 2.1) - slop (3.4.7) + slop (3.5.0) spinach (0.8.7) colorize (= 0.5.8) gherkin-ruby (>= 0.3.1) @@ -477,7 +500,7 @@ GEM railties (>= 3) spinach (>= 0.4) spork (1.0.0rc4) - sprockets (2.10.1) + sprockets (2.11.0) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) @@ -490,42 +513,42 @@ GEM state_machine (1.2.0) stringex (1.5.1) temple (0.6.7) - term-ansicolor (1.2.2) - tins (~> 0.8) - test_after_commit (0.2.2) - therubyracer (0.12.0) + term-ansicolor (1.3.0) + tins (~> 1.0) + test_after_commit (0.2.3) + therubyracer (0.12.1) libv8 (~> 3.16.14.0) ref - thin (1.6.1) + thin (1.6.2) daemons (>= 1.0.9) eventmachine (>= 1.0.0) rack (>= 1.0.0) - thor (0.18.1) - thread_safe (0.1.3) - atomic + thor (0.19.1) + thread_safe (0.3.1) + atomic (>= 1.1.7, < 2) tilt (1.4.1) timers (1.1.0) - tinder (1.9.3) + tinder (1.9.4) eventmachine (~> 1.0) - faraday (~> 0.8) + faraday (~> 0.8.9) faraday_middleware (~> 0.9) hashie (>= 1.0, < 3) json (~> 1.8.0) mime-types (~> 1.19) multi_json (~> 1.7) twitter-stream (~> 0.1) - tins (0.13.1) + tins (1.0.1) treetop (1.4.15) polyglot polyglot (>= 0.3.1) - turbolinks (2.0.0) + turbolinks (2.2.1) coffee-rails twitter-stream (0.1.16) eventmachine (>= 0.12.8) http_parser.rb (~> 0.5.1) simple_oauth (~> 0.1.4) - tzinfo (0.3.38) - uglifier (2.3.2) + tzinfo (0.3.39) + uglifier (2.5.0) execjs (>= 0.3.0) json (>= 1.8.0) underscore-rails (1.4.4) @@ -535,17 +558,17 @@ GEM raindrops (~> 0.7) unicorn-worker-killer (0.4.2) unicorn (~> 4) - virtus (1.0.1) - axiom-types (~> 0.0.5) + virtus (1.0.2) + axiom-types (~> 0.1) coercible (~> 1.0) - descendants_tracker (~> 0.0.1) - equalizer (~> 0.0.7) + descendants_tracker (~> 0.0.3) + equalizer (~> 0.0.9) warden (1.2.3) rack (>= 1.0) - webmock (1.16.0) + webmock (1.17.4) addressable (>= 2.2.7) crack (>= 0.3.2) - websocket-driver (0.3.1) + websocket-driver (0.3.2) xpath (2.0.0) nokogiri (~> 1.3) yajl-ruby (1.1.0) @@ -612,6 +635,7 @@ DEPENDENCIES modernizr (= 2.6.2) mysql2 omniauth (~> 1.1.3) + omniauth-env! omniauth-github omniauth-google-oauth2 omniauth-twitter diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 7131e0f..5d508f3 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -23,6 +23,10 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController sign_in_and_redirect(@user) end + def env + handle_omniauth + end + private def handle_omniauth diff --git a/app/helpers/oauth_helper.rb b/app/helpers/oauth_helper.rb index c0177da..8aa8208 100644 --- a/app/helpers/oauth_helper.rb +++ b/app/helpers/oauth_helper.rb @@ -11,6 +11,10 @@ module OauthHelper Devise.omniauth_providers end + def env_enabled? + Devise.omniauth_providers.include?(:env) + end + def enabled_social_providers enabled_oauth_providers.select do |name| [:twitter, :github, :google_oauth2].include?(name.to_sym) diff --git a/app/views/devise/sessions/_new_env.html.haml b/app/views/devise/sessions/_new_env.html.haml new file mode 100644 index 0000000..827c6b8 --- /dev/null +++ b/app/views/devise/sessions/_new_env.html.haml @@ -0,0 +1,2 @@ +%script + window.location.href = '/gitlab/users/auth/env' diff --git a/app/views/devise/sessions/new.html.haml b/app/views/devise/sessions/new.html.haml index bb87d9e..40e6745 100644 --- a/app/views/devise/sessions/new.html.haml +++ b/app/views/devise/sessions/new.html.haml @@ -1,3 +1,5 @@ += render 'devise/sessions/new_env' if env_enabled? + .login-box %h3.page-title Sign in - if ldap_enabled? diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index 2bc984c..608ccce 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -129,17 +129,24 @@ production: &base password: '_the_password_of_the_bind_user' allow_username_or_email_login: true + env: + enabled: true + database_name: 'colab' + host: 'localhost' + user: 'colab' + password: 'colab' + ## OmniAuth settings omniauth: # Allow login via Twitter, Google, etc. using OmniAuth providers - enabled: false + enabled: true # CAUTION! # This allows users to login without having a user account first (default: false). # User accounts will be created automatically when authentication was successful. - allow_single_sign_on: false + allow_single_sign_on: true # Locks down those users until they have been cleared by the admin (default: true). - block_auto_created_users: true + block_auto_created_users: false ## Auth providers # Uncomment the following lines and fill in the data of the auth provider you want to use diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index ea391ca..4750404 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -67,6 +67,9 @@ Settings['omniauth'] ||= Settingslogic.new({}) Settings.omniauth['enabled'] = false if Settings.omniauth['enabled'].nil? Settings.omniauth['providers'] ||= [] +Settings['env'] ||= Settingslogic.new({}) +Settings.env['enabled'] = false if Settings.env['enabled'].nil? + Settings['issues_tracker'] ||= {} # diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 2539097..3bcc23e 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -208,22 +208,25 @@ Devise.setup do |config| # manager.default_strategies(scope: :user).unshift :some_external_strategy # end + ldap_configs = { + host: Gitlab.config.ldap['host'], + base: Gitlab.config.ldap['base'], + uid: Gitlab.config.ldap['uid'], + port: Gitlab.config.ldap['port'], + method: Gitlab.config.ldap['method'], + bind_dn: Gitlab.config.ldap['bind_dn'], + password: Gitlab.config.ldap['password'] + } + if Gitlab.config.ldap.enabled if Gitlab.config.ldap.allow_username_or_email_login email_stripping_proc = ->(name) {name.gsub(/@.*$/,'')} else email_stripping_proc = ->(name) {name} end - - config.omniauth :ldap, - host: Gitlab.config.ldap['host'], - base: Gitlab.config.ldap['base'], - uid: Gitlab.config.ldap['uid'], - port: Gitlab.config.ldap['port'], - method: Gitlab.config.ldap['method'], - bind_dn: Gitlab.config.ldap['bind_dn'], - password: Gitlab.config.ldap['password'], - name_proc: email_stripping_proc + + ldap_configs[:name_proc] = email_stripping_proc + config.omniauth :ldap, ldap_configs end Gitlab.config.omniauth.providers.each do |provider| @@ -238,4 +241,5 @@ Devise.setup do |config| config.omniauth provider['name'].to_sym, provider['app_id'], provider['app_secret'] end end + config.omniauth :env, ldap_configs if Gitlab.config.env.enabled end diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb index c629144..a712fcb 100644 --- a/lib/gitlab/backend/grack_auth.rb +++ b/lib/gitlab/backend/grack_auth.rb @@ -57,6 +57,13 @@ module Grack return unauthorized end + elsif Gitlab.config.env.enabled + return unauthorized unless @env['HTTP_REMOTE_USER'] + @user = User.find_by_provider_and_extern_uid('env', @env['HTTP_REMOTE_USER']) + return unauthorized unless @user + Gitlab::ShellEnv.set_env(@user) + @env['REMOTE_USER'] = @env['HTTP_REMOTE_USER'] + else return unauthorized unless project.public? end -- libgit2 0.21.2