Commit eef50e7875bb7ed4b43b42b23db1d74eed62a047
1 parent
c9f5fce2
Exists in
master
and in
2 other branches
Added new strategy
This strategy was tested with apache and sinatra application Signed-off-by: Lucas Kanashiro <kanashiro.duarte@gmail.com> Signed-off-by: Rodrigo Siqueira <rodrigosiqueiramelo@gmail.com> Signed-off-by: Antonio Terceiro <terceiro@softwarelivre.org>
Showing
2 changed files
with
73 additions
and
23 deletions
Show diff stats
lib/omniauth/remote_user.rb
lib/omniauth/strategies/remote_user.rb
| 1 | module OmniAuth | 1 | module OmniAuth |
| 2 | module Strategies | 2 | module Strategies |
| 3 | class RemoteUser | 3 | class RemoteUser |
| 4 | + | ||
| 4 | include OmniAuth::Strategy | 5 | include OmniAuth::Strategy |
| 5 | 6 | ||
| 6 | - option :fields, [:name, :email] | ||
| 7 | - option :uid_field, :email | 7 | + #option :cookie, 'rack.session' |
| 8 | + option :cookie, '_gitlab_session' | ||
| 9 | + option :internal_cookie, '_remote_user' | ||
| 8 | 10 | ||
| 9 | def call(env) | 11 | def call(env) |
| 10 | - request = Rack::Request.new env | ||
| 11 | - cookies = request.cookies["_gitlab_session"] | ||
| 12 | - remote_user = env["HTTP_REMOTE_USER"] | ||
| 13 | - unless remote_user.empty? && cookies.empty? | ||
| 14 | - super(env) | 12 | + remote_user = env['HTTP_REMOTE_USER'] |
| 13 | + $stderr.puts('Remote-User: %s' % (remote_user || '(none')) | ||
| 14 | + session_user = __current_user(env) | ||
| 15 | + if remote_user | ||
| 16 | + if session_user | ||
| 17 | + if remote_user == session_user | ||
| 18 | + super(env) | ||
| 19 | + else | ||
| 20 | + __login(env, remote_user) || super(env) | ||
| 21 | + end | ||
| 22 | + else | ||
| 23 | + __login(env, remote_user) || super(env) | ||
| 24 | + end | ||
| 25 | + else | ||
| 26 | + if session_user | ||
| 27 | + __logout(env) || super(env) | ||
| 28 | + else | ||
| 29 | + super(env) | ||
| 30 | + end | ||
| 15 | end | 31 | end |
| 16 | end | 32 | end |
| 17 | 33 | ||
| 18 | - def request_phase | ||
| 19 | - @user_data = {} | ||
| 20 | - @uid = env | ||
| 21 | - return fail!(:no_remote_user) unless @uid | 34 | + def __current_user(env) |
| 35 | + request = Rack::Request.new(env) | ||
| 36 | + request.cookies.has_key?(options.internal_cookie) && request.cookies[options.internal_cookie] | ||
| 37 | + end | ||
| 22 | 38 | ||
| 23 | - @user_data[:name] = @uid['NAME'] | ||
| 24 | - @user_data[:email] = @uid['EMAIL'] | 39 | + def __logout(env) |
| 40 | + $stderr.puts 'LOGOUT' | ||
| 41 | + request = Rack::Request.new(env) | ||
| 42 | + response = redirect_if_not_logging_in(request, request.path) | ||
| 43 | + if response | ||
| 44 | + response.delete_cookie(options.cookie) | ||
| 45 | + response.delete_cookie(options.internal_cookie) | ||
| 46 | + response | ||
| 47 | + end | ||
| 48 | + end | ||
| 25 | 49 | ||
| 26 | - @env['omniauth.auth'] = auth_hash | ||
| 27 | - @env['REQUEST_METHOD'] = 'GET' | ||
| 28 | - @env['PATH_INFO'] = "#{OmniAuth.config.path_prefix}/#{name}/callback" | 50 | + def __login(env, uid) |
| 51 | + $stderr.puts 'LOGIN (%s)' % uid | ||
| 52 | + request = Rack::Request.new(env) | ||
| 53 | + response = redirect_if_not_logging_in(request, '/auth/remoteuser') | ||
| 54 | + if response | ||
| 55 | + response.set_cookie(options.internal_cookie, uid) | ||
| 56 | + response | ||
| 57 | + end | ||
| 58 | + end | ||
| 29 | 59 | ||
| 30 | - call_app! | 60 | + def redirect_if_not_logging_in(request, url) |
| 61 | + if ! [ | ||
| 62 | + '/auth/remoteuser', | ||
| 63 | + '/auth/remoteuser/callback' | ||
| 64 | + ].include?(request.path_info) | ||
| 65 | + response = Rack::Response.new | ||
| 66 | + response.redirect url | ||
| 67 | + response | ||
| 68 | + end | ||
| 31 | end | 69 | end |
| 32 | 70 | ||
| 33 | - uid { @uid['NAME'] } | ||
| 34 | - info{ @user_data } | 71 | + uid do |
| 72 | + request.env['HTTP_REMOTE_USER'] | ||
| 73 | + end | ||
| 35 | 74 | ||
| 36 | - def callback_phase | ||
| 37 | - fail(:invalid_request) | 75 | + info do |
| 76 | + user_data = request.env['HTTP_REMOTE_USER_DATA'] | ||
| 77 | + if user_data | ||
| 78 | + data = JSON.parse(user_data) | ||
| 79 | + data['nickname'] = data['name'] | ||
| 80 | + data | ||
| 81 | + else | ||
| 82 | + {} | ||
| 83 | + end | ||
| 38 | end | 84 | end |
| 39 | 85 | ||
| 40 | - def auth_hash | ||
| 41 | - Omniauth::Utils.deep_merge(super, {'uid' => @uid}) | 86 | + def request_phase |
| 87 | + form = OmniAuth::Form.new(:url => callback_path) | ||
| 88 | + form.html '<script type="text/javascript"> document.forms[0].submit(); </script>' | ||
| 89 | + form.to_response | ||
| 42 | end | 90 | end |
| 43 | end | 91 | end |
| 44 | end | 92 | end |
| 45 | end | 93 | end |
| 94 | + |