Change identification of users with extern auth provider (LDAP)

Jakub Jirutka
1 parent 8b7e404b
Showing 4 changed files with 26 additions and 9 deletions Show diff stats
app/controllers/omniauth_callbacks_controller.rb
app/models/user.rb
db/migrate/20120729131232_add_extern_auth_provider_to_users.rb
db/schema.rb
@@ -15,8 +15,7 @@ class OmniauthCallbacksController &lt; Devise::OmniauthCallbacksController
  
   def ldap
     # We only find ourselves here if the authentication to LDAP was successful.
-    info = request.env["omniauth.auth"]["info"]
-    @user = User.find_for_ldap_auth(info)
+    @user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user)
     if @user.persisted?
       @user.remember_me = true
     end
@@ -7,7 +7,7 @@ class User &lt; ActiveRecord::Base
  
   attr_accessible :email, :password, :password_confirmation, :remember_me, :bio,
                   :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme,
-                  :theme_id, :force_random_password
+                  :theme_id, :force_random_password, :extern_uid, :provider
  
   attr_accessor :force_random_password
  
@@ -54,6 +54,8 @@ class User &lt; ActiveRecord::Base
  
   validates :bio, :length => { :within => 0..255 }
  
+  validates :extern_uid, :allow_blank => true, :uniqueness => {:scope => :provider}
+
   before_save :ensure_authentication_token
   alias_attribute :private_token, :authentication_token
  
@@ -84,16 +86,21 @@ class User &lt; ActiveRecord::Base
     where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)')
   end
  
-  def self.find_for_ldap_auth(omniauth_info)
-    name = omniauth_info.name.force_encoding("utf-8")
-    email = omniauth_info.email.downcase unless omniauth_info.email.nil?
-    raise OmniAuth::Error, "LDAP accounts must provide an email address" if email.nil?
+  def self.find_for_ldap_auth(auth, signed_in_resource=nil)
+    uid = auth.info.uid
+    provider = auth.provider
+    name = auth.info.name.force_encoding("utf-8")
+    email = auth.info.email.downcase unless auth.info.email.nil?
+    raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? and email.nil?
  
-    if @user = User.find_by_email(email)
+    if @user = User.find_by_extern_uid_and_provider(uid, provider)
       @user
     else
+      logger.info "Creating user from LDAP login; uid = #{uid}, name = #{name}, email = #{email}"
       password = Devise.friendly_token[0, 8].downcase
       @user = User.create(
+        :extern_uid => uid,
+        :provider => provider,
         :name => name,
         :email => email,
         :password => password,
@@ -0,0 +1,8 @@
+class AddExternAuthProviderToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :extern_uid, :string
+    add_column :users, :provider, :string
+
+    add_index :users, [:extern_uid, :provider], :unique => true
+  end
+end
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
  
-ActiveRecord::Schema.define(:version => 20120712080407) do
+ActiveRecord::Schema.define(:version => 20120729131232) do
  
   create_table "events", :force => true do |t|
     t.string   "target_type"
@@ -171,9 +171,12 @@ ActiveRecord::Schema.define(:version =&gt; 20120712080407) do
     t.boolean  "blocked",                               :default => false, :null => false
     t.integer  "failed_attempts",                       :default => 0
     t.datetime "locked_at"
+    t.string   "extern_uid"
+    t.string   "provider"
   end
  
   add_index "users", ["email"], :name => "index_users_on_email", :unique => true
+  add_index "users", ["extern_uid", "provider"], :name => "index_users_on_extern_uid_and_provider", :unique => true
   add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true
  
   create_table "users_projects", :force => true do |t|
...	...	@@ -15,8 +15,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
15	15
16	16	def ldap
17	17	# We only find ourselves here if the authentication to LDAP was successful.
18		- info = request.env["omniauth.auth"]["info"]
19		- @user = User.find_for_ldap_auth(info)
	18	+ @user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user)
20	19	if @user.persisted?
21	20	@user.remember_me = true
22	21	end
...	...
...	...	@@ -7,7 +7,7 @@ class User < ActiveRecord::Base
7	7
8	8	attr_accessible :email, :password, :password_confirmation, :remember_me, :bio,
9	9	:name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme,
10		- :theme_id, :force_random_password
	10	+ :theme_id, :force_random_password, :extern_uid, :provider
11	11
12	12	attr_accessor :force_random_password
13	13
...	...	@@ -54,6 +54,8 @@ class User < ActiveRecord::Base
54	54
55	55	validates :bio, :length => { :within => 0..255 }
56	56
	57	+ validates :extern_uid, :allow_blank => true, :uniqueness => {:scope => :provider}
	58	+
57	59	before_save :ensure_authentication_token
58	60	alias_attribute :private_token, :authentication_token
59	61
...	...	@@ -84,16 +86,21 @@ class User < ActiveRecord::Base
84	86	where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)')
85	87	end
86	88
87		- def self.find_for_ldap_auth(omniauth_info)
88		- name = omniauth_info.name.force_encoding("utf-8")
89		- email = omniauth_info.email.downcase unless omniauth_info.email.nil?
90		- raise OmniAuth::Error, "LDAP accounts must provide an email address" if email.nil?
	89	+ def self.find_for_ldap_auth(auth, signed_in_resource=nil)
	90	+ uid = auth.info.uid
	91	+ provider = auth.provider
	92	+ name = auth.info.name.force_encoding("utf-8")
	93	+ email = auth.info.email.downcase unless auth.info.email.nil?
	94	+ raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? and email.nil?
91	95
92		- if @user = User.find_by_email(email)
	96	+ if @user = User.find_by_extern_uid_and_provider(uid, provider)
93	97	@user
94	98	else
	99	+ logger.info "Creating user from LDAP login; uid = #{uid}, name = #{name}, email = #{email}"
95	100	password = Devise.friendly_token[0, 8].downcase
96	101	@user = User.create(
	102	+ :extern_uid => uid,
	103	+ :provider => provider,
97	104	:name => name,
98	105	:email => email,
99	106	:password => password,
...	...
...	...	@@ -0,0 +1,8 @@
	1	+class AddExternAuthProviderToUsers < ActiveRecord::Migration
	2	+ def change
	3	+ add_column :users, :extern_uid, :string
	4	+ add_column :users, :provider, :string
	5	+
	6	+ add_index :users, [:extern_uid, :provider], :unique => true
	7	+ end
	8	+end
...	...
...	...	@@ -11,7 +11,7 @@
11	11	#
12	12	# It's strongly recommended to check this file into your version control system.
13	13
14		-ActiveRecord::Schema.define(:version => 20120712080407) do
	14	+ActiveRecord::Schema.define(:version => 20120729131232) do
15	15
16	16	create_table "events", :force => true do \|t\|
17	17	t.string "target_type"
...	...	@@ -171,9 +171,12 @@ ActiveRecord::Schema.define(:version => 20120712080407) do
171	171	t.boolean "blocked", :default => false, :null => false
172	172	t.integer "failed_attempts", :default => 0
173	173	t.datetime "locked_at"
	174	+ t.string "extern_uid"
	175	+ t.string "provider"
174	176	end
175	177
176	178	add_index "users", ["email"], :name => "index_users_on_email", :unique => true
	179	+ add_index "users", ["extern_uid", "provider"], :name => "index_users_on_extern_uid_and_provider", :unique => true
177	180	add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true
178	181
179	182	create_table "users_projects", :force => true do \|t\|
...	...