Add refactoring for multiple LDAP server support

These changes are ported from EE to CE. Apply changes for app directory
author: Jan-Willem van der Meer <mail@jewilmeer.nl> 2014-10-13 13:39:54 +0200
committer: Jan-Willem van der Meer <mail@jewilmeer.nl> 2014-10-13 13:39:54 +0200
commit: a7e071e9822a9803e9d686484298170dade5beb5 (patch)
tree: 8a5eeb176ffc582454bcb977d03f8478bc11af90
parent: a756fd1ff6a7112ae60b4e738fb70013a5657a47 (diff)
download: gitlab-ce-a7e071e9822a9803e9d686484298170dade5beb5.tar.gz
6 files changed, 36 insertions, 33 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
index 3ed6a69c2d8..0f364a48ea2 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -15,21 +15,27 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
     error.to_s.humanize if error
   end
 
+  # We only find ourselves here
+  # if the authentication to LDAP was successful.
   def ldap
-    # We only find ourselves here
-    # if the authentication to LDAP was successful.
-    @user = Gitlab::LDAP::User.find_or_create(oauth)
-    @user.remember_me = true if @user.persisted?
+    @user = Gitlab::LDAP::User.new(oauth)
+    @user.save if @user.changed? # will also save new users
+    gl_user = @user.gl_user
+    gl_user.remember_me = true if @user.persisted?
 
     # Do additional LDAP checks for the user filter and EE features
-    if Gitlab::LDAP::Access.allowed?(@user)
-      sign_in_and_redirect(@user)
+    if @user.allowed?
+      sign_in_and_redirect(gl_user)
     else
       flash[:alert] = "Access denied for your LDAP account."
       redirect_to new_user_session_path
     end
   end
 
+  Gitlab.config.ldap.servers.each do |server|
+    alias_method server.provider_name, :ldap
+  end
+
   def omniauth_error
     @provider = params[:provider]
     @error = params[:error]
@@ -46,24 +52,17 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
       current_user.save
       redirect_to profile_path
     else
-      @user = Gitlab::OAuth::User.find(oauth)
+      @user = Gitlab::OAuth::User.new(oauth)
 
-      # Create user if does not exist
-      # and allow_single_sign_on is true
-      if Gitlab.config.omniauth['allow_single_sign_on'] && !@user
-        @user, errors = Gitlab::OAuth::User.create(oauth)
+      if Gitlab.config.omniauth['allow_single_sign_on'] && @user.new?
+        @user.save
       end
 
-      if @user && !errors
-        sign_in_and_redirect(@user)
+      if @user.valid?
+        sign_in_and_redirect(@user.gl_user)
       else
-        if errors
-          error_message = errors.map{ |attribute, message| "#{attribute} #{message}" }.join(", ")
-          redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return
-        else
-          flash[:notice] = "There's no such user!"
-        end
-        redirect_to new_user_session_path
+        error_message = @user.gl_user.errors.map{ |attribute, message| "#{attribute} #{message}" }.join(", ")
+        redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return
       end
     end
   end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 1bdba75c5e7..e918f46bb3e 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -18,6 +18,10 @@ class SessionsController < Devise::SessionsController
       store_location_for(:redirect, redirect_path)
     end
 
+    if Gitlab.config.ldap.enabled
+      @ldap_servers = Gitlab.config.ldap.servers
+    end
+
     super
   end
 
diff --git a/app/helpers/oauth_helper.rb b/app/helpers/oauth_helper.rb
index c0177dacbf8..7024483b8b3 100644
--- a/app/helpers/oauth_helper.rb
+++ b/app/helpers/oauth_helper.rb
@@ -1,6 +1,6 @@
 module OauthHelper
   def ldap_enabled?
-    Devise.omniauth_providers.include?(:ldap)
+    Gitlab.config.ldap.enabled
   end
 
   def default_providers
diff --git a/app/models/user.rb b/app/models/user.rb
index c90f2462426..5abaa5495bc 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -178,8 +178,7 @@ class User < ActiveRecord::Base
   scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) }
   scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all }
   scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') }
-  scope :ldap, -> { where(provider:  'ldap') }
-
+  scope :ldap, -> { where('provider LIKE ?', 'ldap%') }
   scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active  }
 
   #
@@ -397,7 +396,7 @@ class User < ActiveRecord::Base
   end
 
   def ldap_user?
-    extern_uid && provider == 'ldap'
+    extern_uid && provider.start_with?('ldap')
   end
 
   def accessible_deploy_keys
diff --git a/app/views/devise/sessions/_new_ldap.html.haml b/app/views/devise/sessions/_new_ldap.html.haml
index 6c5a878e904..01584611493 100644
--- a/app/views/devise/sessions/_new_ldap.html.haml
+++ b/app/views/devise/sessions/_new_ldap.html.haml
@@ -1,4 +1,4 @@
-= form_tag(user_omniauth_callback_path(:ldap), id: 'new_ldap_user' ) do
+= form_tag(user_omniauth_callback_path(provider), id: 'new_ldap_user' ) do
   = text_field_tag :username, nil, {class: "form-control top", placeholder: "LDAP Login", autofocus: "autofocus"}
   = password_field_tag :password, nil, {class: "form-control bottom", placeholder: "Password"}
   %br/
diff --git a/app/views/devise/sessions/new.html.haml b/app/views/devise/sessions/new.html.haml
index b70b0d66172..04e998f8be4 100644
--- a/app/views/devise/sessions/new.html.haml
+++ b/app/views/devise/sessions/new.html.haml
@@ -4,20 +4,22 @@
   .login-body
     - if ldap_enabled? && gitlab_config.signin_enabled
       %ul.nav.nav-tabs
-        %li.active
-          = link_to 'LDAP', '#tab-ldap', 'data-toggle' => 'tab'
+        - @ldap_servers.each_with_index do |server, i|
+          %li{class: (:active if i==0)}
+            = link_to server['label'], "#tab-#{server.provider_name}", 'data-toggle' => 'tab'
         %li
           = link_to 'Standard', '#tab-signin', 'data-toggle' => 'tab'
       .tab-content
-        %div#tab-ldap.tab-pane.active
-          = render partial: 'devise/sessions/new_ldap'
+        - @ldap_servers.each_with_index do |server,i|
+          %div.tab-pane{id: "tab-#{server.provider_name}", class: (:active if i==0)}
+            = render 'devise/sessions/new_ldap', provider: server.provider_name
         %div#tab-signin.tab-pane
-          = render partial: 'devise/sessions/new_base'
+          = render 'devise/sessions/new_base'
 
     - elsif ldap_enabled?
-      = render partial: 'devise/sessions/new_ldap'
+      = render 'devise/sessions/new_ldap', ldap_servers: @ldap_servers
     - elsif gitlab_config.signin_enabled
-      = render partial: 'devise/sessions/new_base'
+      = render 'devise/sessions/new_base'
     - else
       %div
         No authentication methods configured.
@@ -36,7 +38,6 @@
       %span.light Did not receive confirmation email?
       = link_to "Send again", new_confirmation_path(resource_name)
 
-
     - if extra_config.has_key?('sign_in_text')
       %hr
       = markdown(extra_config.sign_in_text)
author	Jan-Willem van der Meer <mail@jewilmeer.nl>	2014-10-13 13:39:54 +0200
committer	Jan-Willem van der Meer <mail@jewilmeer.nl>	2014-10-13 13:39:54 +0200
commit	a7e071e9822a9803e9d686484298170dade5beb5 (patch)
tree	8a5eeb176ffc582454bcb977d03f8478bc11af90
parent	a756fd1ff6a7112ae60b4e738fb70013a5657a47 (diff)
download	gitlab-ce-a7e071e9822a9803e9d686484298170dade5beb5.tar.gz