Commit fa5a53f5ed2914052e07ef8fd46879576c978563
1 parent
8b7e404b
Exists in
master
and in
4 other branches
Change identification of users with extern auth provider (LDAP)
Showing
4 changed files
with
26 additions
and
9 deletions
Show diff stats
app/controllers/omniauth_callbacks_controller.rb
| @@ -15,8 +15,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController | @@ -15,8 +15,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController | ||
| 15 | 15 | ||
| 16 | def ldap | 16 | def ldap |
| 17 | # We only find ourselves here if the authentication to LDAP was successful. | 17 | # We only find ourselves here if the authentication to LDAP was successful. |
| 18 | - info = request.env["omniauth.auth"]["info"] | ||
| 19 | - @user = User.find_for_ldap_auth(info) | 18 | + @user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user) |
| 20 | if @user.persisted? | 19 | if @user.persisted? |
| 21 | @user.remember_me = true | 20 | @user.remember_me = true |
| 22 | end | 21 | end |
app/models/user.rb
| @@ -7,7 +7,7 @@ class User < ActiveRecord::Base | @@ -7,7 +7,7 @@ class User < ActiveRecord::Base | ||
| 7 | 7 | ||
| 8 | attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, | 8 | attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, |
| 9 | :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme, | 9 | :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme, |
| 10 | - :theme_id, :force_random_password | 10 | + :theme_id, :force_random_password, :extern_uid, :provider |
| 11 | 11 | ||
| 12 | attr_accessor :force_random_password | 12 | attr_accessor :force_random_password |
| 13 | 13 | ||
| @@ -54,6 +54,8 @@ class User < ActiveRecord::Base | @@ -54,6 +54,8 @@ class User < ActiveRecord::Base | ||
| 54 | 54 | ||
| 55 | validates :bio, :length => { :within => 0..255 } | 55 | validates :bio, :length => { :within => 0..255 } |
| 56 | 56 | ||
| 57 | + validates :extern_uid, :allow_blank => true, :uniqueness => {:scope => :provider} | ||
| 58 | + | ||
| 57 | before_save :ensure_authentication_token | 59 | before_save :ensure_authentication_token |
| 58 | alias_attribute :private_token, :authentication_token | 60 | alias_attribute :private_token, :authentication_token |
| 59 | 61 | ||
| @@ -84,16 +86,21 @@ class User < ActiveRecord::Base | @@ -84,16 +86,21 @@ class User < ActiveRecord::Base | ||
| 84 | where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') | 86 | where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') |
| 85 | end | 87 | end |
| 86 | 88 | ||
| 87 | - def self.find_for_ldap_auth(omniauth_info) | ||
| 88 | - name = omniauth_info.name.force_encoding("utf-8") | ||
| 89 | - email = omniauth_info.email.downcase unless omniauth_info.email.nil? | ||
| 90 | - raise OmniAuth::Error, "LDAP accounts must provide an email address" if email.nil? | 89 | + def self.find_for_ldap_auth(auth, signed_in_resource=nil) |
| 90 | + uid = auth.info.uid | ||
| 91 | + provider = auth.provider | ||
| 92 | + name = auth.info.name.force_encoding("utf-8") | ||
| 93 | + email = auth.info.email.downcase unless auth.info.email.nil? | ||
| 94 | + raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? and email.nil? | ||
| 91 | 95 | ||
| 92 | - if @user = User.find_by_email(email) | 96 | + if @user = User.find_by_extern_uid_and_provider(uid, provider) |
| 93 | @user | 97 | @user |
| 94 | else | 98 | else |
| 99 | + logger.info "Creating user from LDAP login; uid = #{uid}, name = #{name}, email = #{email}" | ||
| 95 | password = Devise.friendly_token[0, 8].downcase | 100 | password = Devise.friendly_token[0, 8].downcase |
| 96 | @user = User.create( | 101 | @user = User.create( |
| 102 | + :extern_uid => uid, | ||
| 103 | + :provider => provider, | ||
| 97 | :name => name, | 104 | :name => name, |
| 98 | :email => email, | 105 | :email => email, |
| 99 | :password => password, | 106 | :password => password, |
db/migrate/20120729131232_add_extern_auth_provider_to_users.rb
0 → 100644
db/schema.rb
| @@ -11,7 +11,7 @@ | @@ -11,7 +11,7 @@ | ||
| 11 | # | 11 | # |
| 12 | # It's strongly recommended to check this file into your version control system. | 12 | # It's strongly recommended to check this file into your version control system. |
| 13 | 13 | ||
| 14 | -ActiveRecord::Schema.define(:version => 20120712080407) do | 14 | +ActiveRecord::Schema.define(:version => 20120729131232) do |
| 15 | 15 | ||
| 16 | create_table "events", :force => true do |t| | 16 | create_table "events", :force => true do |t| |
| 17 | t.string "target_type" | 17 | t.string "target_type" |
| @@ -171,9 +171,12 @@ ActiveRecord::Schema.define(:version => 20120712080407) do | @@ -171,9 +171,12 @@ ActiveRecord::Schema.define(:version => 20120712080407) do | ||
| 171 | t.boolean "blocked", :default => false, :null => false | 171 | t.boolean "blocked", :default => false, :null => false |
| 172 | t.integer "failed_attempts", :default => 0 | 172 | t.integer "failed_attempts", :default => 0 |
| 173 | t.datetime "locked_at" | 173 | t.datetime "locked_at" |
| 174 | + t.string "extern_uid" | ||
| 175 | + t.string "provider" | ||
| 174 | end | 176 | end |
| 175 | 177 | ||
| 176 | add_index "users", ["email"], :name => "index_users_on_email", :unique => true | 178 | add_index "users", ["email"], :name => "index_users_on_email", :unique => true |
| 179 | + add_index "users", ["extern_uid", "provider"], :name => "index_users_on_extern_uid_and_provider", :unique => true | ||
| 177 | add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true | 180 | add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true |
| 178 | 181 | ||
| 179 | create_table "users_projects", :force => true do |t| | 182 | create_table "users_projects", :force => true do |t| |