diff options
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/auth_finders.rb | 17 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/auth_hash.rb | 8 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/config.rb | 8 | ||||
-rw-r--r-- | lib/gitlab/auth/o_auth/auth_hash.rb | 7 | ||||
-rw-r--r-- | lib/gitlab/auth/o_auth/user.rb | 4 |
5 files changed, 38 insertions, 6 deletions
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb index a715f17ecd6..25465e73b95 100644 --- a/lib/gitlab/auth/auth_finders.rb +++ b/lib/gitlab/auth/auth_finders.rb @@ -32,6 +32,17 @@ module Gitlab RUNNER_JOB_TOKEN_PARAM = :token PATH_DEPENDENT_FEED_TOKEN_REGEX = /\A#{User::FEED_TOKEN_PREFIX}(\h{64})-(\d+)\z/ + PARAM_TOKEN_KEYS = [ + PRIVATE_TOKEN_PARAM, + JOB_TOKEN_PARAM, + RUNNER_JOB_TOKEN_PARAM + ].map(&:to_s).freeze + HEADER_TOKEN_KEYS = [ + PRIVATE_TOKEN_HEADER, + JOB_TOKEN_HEADER, + DEPLOY_TOKEN_HEADER + ].freeze + # Check the Rails session for valid authentication details def find_user_from_warden current_request.env['warden']&.authenticate if verified_request? @@ -204,6 +215,12 @@ module Gitlab end end + def authentication_token_present? + PARAM_TOKEN_KEYS.intersection(current_request.params.keys).any? || + HEADER_TOKEN_KEYS.intersection(current_request.env.keys).any? || + parsed_oauth_token.present? + end + private def find_user_from_job_bearer_token diff --git a/lib/gitlab/auth/ldap/auth_hash.rb b/lib/gitlab/auth/ldap/auth_hash.rb index 5435355f136..6d1d1519fc2 100644 --- a/lib/gitlab/auth/ldap/auth_hash.rb +++ b/lib/gitlab/auth/ldap/auth_hash.rb @@ -6,6 +6,8 @@ module Gitlab module Auth module Ldap class AuthHash < Gitlab::Auth::OAuth::AuthHash + extend ::Gitlab::Utils::Override + def uid @uid ||= Gitlab::Auth::Ldap::Person.normalize_dn(super) end @@ -44,6 +46,12 @@ module Gitlab def ldap_config @ldap_config ||= Gitlab::Auth::Ldap::Config.new(self.provider) end + + # Overrding this method as LDAP allows email as the username ! + override :get_username + def get_username + username_claims.map { |claim| get_from_auth_hash_or_info(claim) }.find(&:presence) + end end end end diff --git a/lib/gitlab/auth/ldap/config.rb b/lib/gitlab/auth/ldap/config.rb index ed7caf84558..15e8cb04ea4 100644 --- a/lib/gitlab/auth/ldap/config.rb +++ b/lib/gitlab/auth/ldap/config.rb @@ -94,7 +94,7 @@ module Gitlab def omniauth_options opts = base_options.merge( base: base, - encryption: options['encryption'], + encryption: encryption, filter: omniauth_user_filter, name_proc: name_proc, disable_verify_certificates: !options['verify_certificates'], @@ -188,6 +188,10 @@ module Gitlab options['sync_name'] end + def encryption + options['encryption'] || 'plain' + end + def name_proc if allow_username_or_email_login proc { |name| name.gsub(/@.*\z/, '') } @@ -235,7 +239,7 @@ module Gitlab end def translate_method - NET_LDAP_ENCRYPTION_METHOD[options['encryption']&.to_sym] + NET_LDAP_ENCRYPTION_METHOD[encryption.to_sym] end def tls_options diff --git a/lib/gitlab/auth/o_auth/auth_hash.rb b/lib/gitlab/auth/o_auth/auth_hash.rb index cce08750296..c2b49c1c068 100644 --- a/lib/gitlab/auth/o_auth/auth_hash.rb +++ b/lib/gitlab/auth/o_auth/auth_hash.rb @@ -68,7 +68,7 @@ module Gitlab end def provider_config - Gitlab::Auth::OAuth::Provider.config_for(@provider) || {} + Gitlab::Auth::OAuth::Provider.config_for(provider) || {} end def provider_args @@ -96,7 +96,10 @@ module Gitlab end def get_username - username_claims.map { |claim| get_from_auth_hash_or_info(claim) }.find { |name| name.presence } + username_claims.map { |claim| get_from_auth_hash_or_info(claim) } + .find { |name| name.presence } + &.split("@") + &.first end def username_and_email diff --git a/lib/gitlab/auth/o_auth/user.rb b/lib/gitlab/auth/o_auth/user.rb index 3981594478d..d70c788dac8 100644 --- a/lib/gitlab/auth/o_auth/user.rb +++ b/lib/gitlab/auth/o_auth/user.rb @@ -225,7 +225,7 @@ module Gitlab if creating_linked_ldap_user? username = ldap_person.username.presence name = ldap_person.name.presence - email = ldap_person.email.first.presence + email = ldap_person.email&.first.presence end username ||= auth_hash.username @@ -272,7 +272,7 @@ module Gitlab if creating_linked_ldap_user? metadata.set_attribute_synced(:name, true) if gl_user.name == ldap_person.name - metadata.set_attribute_synced(:email, true) if gl_user.email == ldap_person.email.first + metadata.set_attribute_synced(:email, true) if gl_user.email == ldap_person.email&.first metadata.provider = ldap_person.provider end end |