diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-08-13 17:11:04 +0400 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-08-13 17:11:04 +0400 |
| commit | ffc284301eae53fad65bad36adaa4182c7683f70 (patch) | |
| tree | f5310c4d6aa6e544b61a586fddbe2cc22febd70f /app | |
| parent | 67c5d381a975c065afdfbffd45d88320a61c82ad (diff) | |
| parent | e0fea696c6e4eb007c945d63faca594a70dd45e7 (diff) | |
Merge branch 'ldap/cache_check' into 'master'
Cache LDAP check everywhere
See merge request !1008
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/application_controller.rb | 13 | ||||
| -rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 13 | ||||
| -rw-r--r-- | app/models/user.rb | 4 |
3 files changed, 13 insertions, 17 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d0546a441e1..5ffec7f75bf 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -201,15 +201,10 @@ class ApplicationController < ActionController::Base def ldap_security_check if current_user && current_user.requires_ldap_check? - gitlab_ldap_access do |access| - if access.allowed?(current_user) - current_user.last_credential_check_at = Time.now - current_user.save - else - sign_out current_user - flash[:alert] = "Access denied for your LDAP account." - redirect_to new_user_session_path - end + unless Gitlab::LDAP::Access.allowed?(current_user) + sign_out current_user + flash[:alert] = "Access denied for your LDAP account." + redirect_to new_user_session_path end end end diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index ef2afec52dc..3ed6a69c2d8 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -21,13 +21,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController @user = Gitlab::LDAP::User.find_or_create(oauth) @user.remember_me = true if @user.persisted? - gitlab_ldap_access do |access| - if access.allowed?(@user) - sign_in_and_redirect(@user) - else - flash[:alert] = "Access denied for your LDAP account." - redirect_to new_user_session_path - end + # Do additional LDAP checks for the user filter and EE features + if Gitlab::LDAP::Access.allowed?(@user) + sign_in_and_redirect(@user) + else + flash[:alert] = "Access denied for your LDAP account." + redirect_to new_user_session_path end end diff --git a/app/models/user.rb b/app/models/user.rb index 9ab3ea025c3..f1ff76edd15 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -414,7 +414,9 @@ class User < ActiveRecord::Base end def requires_ldap_check? - if ldap_user? + if !Gitlab.config.ldap.enabled + false + elsif ldap_user? !last_credential_check_at || (last_credential_check_at + 1.hour) < Time.now else false |