add CAS authentication support

author: tduehr <tduehr@gmail.com> 2015-11-12 07:25:31 +0300
committer: tduehr <tduehr@gmail.com> 2015-12-15 06:43:41 +0300
commit: 8e3f1fa629a61741282214b293c1bc9438aada59 (patch)
tree: 59b128b1297955f38e895be422c9362115fd13ef /app/controllers/application_controller.rb
parent: 2b4a3bc524c0db3f6e4e3d2b2f34ec29e358b240 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0d182e8eb04..01e2e7b2f98 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -10,6 +10,7 @@ class ApplicationController < ActionController::Base
 
   before_action :authenticate_user_from_token!
   before_action :authenticate_user!
+  before_action :validate_user_service_ticket!
   before_action :reject_blocked!
   before_action :check_password_expiration
   before_action :ldap_security_check
@@ -202,6 +203,20 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def validate_user_service_ticket!
+    return unless signed_in? && session[:service_tickets]
+
+    valid = session[:service_tickets].all? do |provider, ticket|
+      Gitlab::OAuth::Session.valid?(provider, ticket)
+    end
+
+    unless valid
+      session[:service_tickets] = nil
+      sign_out current_user
+      redirect_to new_user_session_path
+    end
+  end
+
   def check_password_expiration
     if current_user && current_user.password_expires_at && current_user.password_expires_at < Time.now  && !current_user.ldap_user?
       redirect_to new_profile_password_path and return
author	tduehr <tduehr@gmail.com>	2015-11-12 07:25:31 +0300
committer	tduehr <tduehr@gmail.com>	2015-12-15 06:43:41 +0300
commit	8e3f1fa629a61741282214b293c1bc9438aada59 (patch)
tree	59b128b1297955f38e895be422c9362115fd13ef /app/controllers/application_controller.rb
parent	2b4a3bc524c0db3f6e4e3d2b2f34ec29e358b240 (diff)