diff options
| author | Patricio Cano <suprnova32@gmail.com> | 2016-02-19 18:41:54 +0300 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-02-19 18:45:18 +0300 |
| commit | c1921fb510d22e29ef30d084eca6cb079006a64e (patch) | |
| tree | 542d910b6eafa5740c0855ce90e7b876edc602bd /lib | |
| parent | 778da50251e24690f160a42f0b65c11c1afa3deb (diff) | |
Merge branch 'saml-decoupling' into 'master'
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/ldap/user.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/o_auth/user.rb | 13 | ||||
| -rw-r--r-- | lib/gitlab/saml/user.rb | 47 |
3 files changed, 60 insertions, 4 deletions
diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb index e044f0ecc6d..b84c81f1a6c 100644 --- a/lib/gitlab/ldap/user.rb +++ b/lib/gitlab/ldap/user.rb @@ -24,6 +24,10 @@ module Gitlab update_user_attributes end + def save + super('LDAP') + end + # instance methods def gl_user @gl_user ||= find_by_uid_and_provider || find_by_email || build_new_user diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb index d87a72f7ba3..832fb08a526 100644 --- a/lib/gitlab/o_auth/user.rb +++ b/lib/gitlab/o_auth/user.rb @@ -26,7 +26,7 @@ module Gitlab gl_user.try(:valid?) end - def save + def save(provider = 'OAuth') unauthorized_to_create unless gl_user if needs_blocking? @@ -36,10 +36,10 @@ module Gitlab gl_user.save! end - log.info "(OAuth) saving user #{auth_hash.email} from login with extern_uid => #{auth_hash.uid}" + log.info "(#{provider}) saving user #{auth_hash.email} from login with extern_uid => #{auth_hash.uid}" gl_user rescue ActiveRecord::RecordInvalid => e - log.info "(OAuth) Error saving user: #{gl_user.errors.full_messages}" + log.info "(#{provider}) Error saving user: #{gl_user.errors.full_messages}" return self, e.record.errors end @@ -105,7 +105,12 @@ module Gitlab end def signup_enabled? - Gitlab.config.omniauth.allow_single_sign_on + providers = Gitlab.config.omniauth.allow_single_sign_on + if providers.is_a?(Array) + providers.include?(auth_hash.provider) + else + providers + end end def block_after_signup? diff --git a/lib/gitlab/saml/user.rb b/lib/gitlab/saml/user.rb new file mode 100644 index 00000000000..b1e30110ef5 --- /dev/null +++ b/lib/gitlab/saml/user.rb @@ -0,0 +1,47 @@ +# SAML extension for User model +# +# * Find GitLab user based on SAML uid and provider +# * Create new user from SAML data +# +module Gitlab + module Saml + class User < Gitlab::OAuth::User + + def save + super('SAML') + end + + def gl_user + @user ||= find_by_uid_and_provider + + if auto_link_ldap_user? + @user ||= find_or_create_ldap_user + end + + if auto_link_saml_enabled? + @user ||= find_by_email + end + + if signup_enabled? + @user ||= build_new_user + end + + @user + end + + def find_by_email + if auth_hash.has_email? + user = ::User.find_by(email: auth_hash.email.downcase) + user.identities.new(extern_uid: auth_hash.uid, provider: auth_hash.provider) if user + user + end + end + + protected + + def auto_link_saml_enabled? + Gitlab.config.omniauth.auto_link_saml_user + end + end + end +end |