Crowd integration

11 files changed, 96 insertions, 4 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 0c401a99d48..d8733174b03 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -34,6 +34,7 @@ v 8.0.0 (unreleased)
   - Added Drone CI integration (Kirill Zaitsev)
   - Refactored service API and added automatically service docs generator (Kirill Zaitsev) 
   - Added web_url key project hook_attrs (Kirill Zaitsev)
+  - Add support for Crowd
 
 v 7.14.1
   - Improve abuse reports management from admin area
diff --git a/Gemfile b/Gemfile
index 2a55bb31cb9..ad921706fc5 100644
--- a/Gemfile
+++ b/Gemfile
@@ -25,6 +25,7 @@ gem 'omniauth-kerberos', group: :kerberos
 gem 'omniauth-gitlab'
 gem 'omniauth-bitbucket'
 gem 'omniauth-saml', '~> 1.4.0'
+gem 'omniauth_crowd'
 gem 'doorkeeper', '2.1.3'
 gem "rack-oauth2", "~> 1.0.5"
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 2450b95d973..78affaeaa7b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -434,6 +434,10 @@ GEM
     omniauth-twitter (1.0.1)
       multi_json (~> 1.3)
       omniauth-oauth (~> 1.0)
+    omniauth_crowd (2.2.3)
+      activesupport
+      nokogiri (>= 1.4.4)
+      omniauth (~> 1.0)
     opennebula (4.12.1)
       json
       nokogiri
@@ -821,6 +825,7 @@ DEPENDENCIES
   omniauth-saml (~> 1.4.0)
   omniauth-shibboleth
   omniauth-twitter
+  omniauth_crowd
   org-ruby (= 0.9.12)
   pg
   poltergeist (~> 1.6.0)
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 8389f07a3bd..cfa565cd03e 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -8,6 +8,8 @@ class SessionsController < Devise::SessionsController
   def new
     if Gitlab.config.ldap.enabled
       @ldap_servers = Gitlab::LDAP::Config.servers
+    else
+      @ldap_servers = []
     end
 
     super
diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb
index 0e7a37b4cc6..d9502181c4f 100644
--- a/app/helpers/auth_helper.rb
+++ b/app/helpers/auth_helper.rb
@@ -1,6 +1,6 @@
 module AuthHelper
   PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2).freeze
-  FORM_BASED_PROVIDERS = [/\Aldap/, 'kerberos'].freeze
+  FORM_BASED_PROVIDERS = [/\Aldap/, 'kerberos', 'crowd'].freeze
 
   def ldap_enabled?
     Gitlab.config.ldap.enabled
@@ -26,6 +26,10 @@ module AuthHelper
     auth_providers.select { |provider| form_based_provider?(provider) }
   end
 
+  def crowd_enabled?
+    auth_providers.include? :crowd
+  end
+
   def button_based_providers
     auth_providers.reject { |provider| form_based_provider?(provider) }
   end
diff --git a/app/views/devise/sessions/_new_crowd.html.haml b/app/views/devise/sessions/_new_crowd.html.haml
new file mode 100644
index 00000000000..4974bb7f7fb
--- /dev/null
+++ b/app/views/devise/sessions/_new_crowd.html.haml
@@ -0,0 +1,9 @@
+= form_tag(user_omniauth_authorize_path("crowd"), id: 'new_crowd_user' ) do
+  = text_field_tag :username, nil, {class: "form-control top", placeholder: "Username", autofocus: "autofocus"}
+  = password_field_tag :password, nil, {class: "form-control bottom", placeholder: "Password"}
+  - if devise_mapping.rememberable?
+    .remember-me.checkbox
+      %label{for: "remember_me"}
+        = check_box_tag :remember_me, '1', false, id: 'remember_me'
+        %span Remember me
+  = button_tag "Sign in", class: "btn-save btn"
\ No newline at end of file
diff --git a/app/views/devise/shared/_signin_box.html.haml b/app/views/devise/shared/_signin_box.html.haml
index bb5e479697d..41ad2c231d4 100644
--- a/app/views/devise/shared/_signin_box.html.haml
+++ b/app/views/devise/shared/_signin_box.html.haml
@@ -8,15 +8,21 @@
   .login-body
     - if form_based_providers.any?
       %ul.nav.nav-tabs
+        - if crowd_enabled?
+          %li.active
+            = link_to "Crowd", "#tab-crowd", 'data-toggle' => 'tab'
         - @ldap_servers.each_with_index do |server, i|
-          %li{class: (:active if i.zero?)}
+          %li{class: (:active if i.zero? && !crowd_enabled?)}
             = link_to server['label'], "#tab-#{server['provider_name']}", 'data-toggle' => 'tab'
         - if signin_enabled?
           %li
             = link_to 'Standard', '#tab-signin', 'data-toggle' => 'tab'
       .tab-content
+        - if crowd_enabled?
+          %div.tab-pane.active{id: "tab-crowd"}
+            = render 'devise/sessions/new_crowd'
         - @ldap_servers.each_with_index do |server, i|
-          %div.tab-pane{id: "tab-#{server['provider_name']}", class: (:active if i.zero?)}
+          %div.tab-pane{id: "tab-#{server['provider_name']}", class: (:active if i.zero? && !crowd_enabled?)}
             = render 'devise/sessions/new_ldap', server: server
         - if signin_enabled?
           %div#tab-signin.tab-pane
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index c7b60a1d4b1..9eb99dae456 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -246,6 +246,11 @@ production: &base
       #             issuer: 'https://gitlab.example.com',
       #             name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
       #           } }
+      # - { name: 'crowd',
+      #     args: {
+      #       crowd_server_url: 'CROWD SERVER URL',
+      #       application_name: 'YOUR_APP_NAME',
+      #       application_password: 'YOUR_APP_PASSWORD' } }
 
 
 
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 091548348b1..2ce24592f8b 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -238,7 +238,7 @@ Devise.setup do |config|
       provider_arguments.concat provider['args']
     when Hash
       # A Hash from the configuration will be passed as is.
-      provider_arguments << provider['args']
+      provider_arguments << provider['args'].symbolize_keys
     end
 
     config.omniauth provider['name'].to_sym, *provider_arguments
diff --git a/doc/integration/crowd.md b/doc/integration/crowd.md
new file mode 100644
index 00000000000..2ecc8795ac1
--- /dev/null
+++ b/doc/integration/crowd.md
@@ -0,0 +1,58 @@
+# Crowd OmniAuth Provider
+
+To enable the Crowd OmniAuth provider you must register your application with Crowd. To configure Crowd integration you need an application name and password.  
+
+1.  On your GitLab server, open the configuration file.
+
+    For omnibus package:
+
+    ```sh
+      sudo editor /etc/gitlab/gitlab.rb
+    ```
+
+    For instalations from source:
+
+    ```sh
+      cd /home/git/gitlab
+
+      sudo -u git -H editor config/gitlab.yml
+    ```
+
+1.  See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings.
+
+1.  Add the provider configuration:
+
+    For omnibus package:
+
+    ```ruby
+      gitlab_rails['omniauth_providers'] = [
+        {
+          "name" => "crowd",
+          "args" => { 
+            "crowd_server_url" => "CROWD",
+            "application_name" => "YOUR_APP_NAME",
+            "application_password" => "YOUR_APP_PASSWORD"
+          }
+        }
+      ]
+    ```
+
+    For installations from source:
+
+    ```
+       - { name: 'crowd',
+           args: {
+             crowd_server_url: 'CROWD SERVER URL',
+             application_name: 'YOUR_APP_NAME',
+             application_password: 'YOUR_APP_PASSWORD' } }
+    ```
+
+1.  Change 'YOUR_APP_NAME' to the application name from Crowd applications page.
+
+1.  Change 'YOUR_APP_PASSWORD' to the application password you've set.
+
+1.  Save the configuration file.
+
+1.  Restart GitLab for the changes to take effect.
+
+On the sign in page there should now be a Crowd tab in the sign in form.
\ No newline at end of file
diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md
index 2010cb9b8a1..c5cecbc2f2d 100644
--- a/doc/integration/omniauth.md
+++ b/doc/integration/omniauth.md
@@ -76,6 +76,7 @@ Now we can choose one or more of the Supported Providers below to continue confi
 - [Shibboleth](shibboleth.md)
 - [Twitter](twitter.md)
 - [SAML](saml.md)
+- [Crowd](crowd.md)
 
 ## Enable OmniAuth for an Existing User