diff options
author | Patricio Cano <suprnova32@gmail.com> | 2016-02-17 13:13:15 -0500 |
---|---|---|
committer | Patricio Cano <suprnova32@gmail.com> | 2016-02-18 13:22:19 -0500 |
commit | f014127e173b718b81879634c1dac9191184995c (patch) | |
tree | c391d1539973e95cf37af32686dd7fe6573bad24 /app/controllers/omniauth_callbacks_controller.rb | |
parent | 7f7eef2aef31f9cd4297d25d4416515182aa9482 (diff) | |
download | gitlab-ce-f014127e173b718b81879634c1dac9191184995c.tar.gz |
Decouple SAML authentication from the default Omniauth logic
Diffstat (limited to 'app/controllers/omniauth_callbacks_controller.rb')
-rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 54 |
1 files changed, 36 insertions, 18 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 9cf76521a0d..21135f7d607 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -42,6 +42,26 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController end end + def saml + if current_user + log_audit_event(current_user, with: :saml) + # Update SAML identity if data has changed. + identity = current_user.identities.find_by(extern_uid: oauth['uid'], provider: :saml) + if identity.nil? + current_user.identities.create(extern_uid: oauth['uid'], provider: :saml) + redirect_to profile_account_path, notice: 'Authentication method updated' + else + redirect_to after_sign_in_path_for(current_user) + end + else + saml_user = Gitlab::Saml::User.new(oauth) + saml_user.save + @user = saml_user.gl_user + + continue_login_process + end + end + def omniauth_error @provider = params[:provider] @error = params[:error] @@ -65,25 +85,11 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController log_audit_event(current_user, with: oauth['provider']) redirect_to profile_account_path, notice: 'Authentication method updated' else - @user = Gitlab::OAuth::User.new(oauth) - @user.save + oauth_user = Gitlab::OAuth::User.new(oauth) + oauth_user.save + @user = oauth_user.gl_user - # Only allow properly saved users to login. - if @user.persisted? && @user.valid? - log_audit_event(@user.gl_user, with: oauth['provider']) - sign_in_and_redirect(@user.gl_user) - else - error_message = - if @user.gl_user.errors.any? - @user.gl_user.errors.map do |attribute, message| - "#{attribute} #{message}" - end.join(", ") - else - '' - end - - redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return - end + continue_login_process end rescue Gitlab::OAuth::SignupDisabledError label = Gitlab::OAuth::Provider.label_for(oauth['provider']) @@ -104,6 +110,18 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController session[:service_tickets][provider] = ticket end + def continue_login_process + # Only allow properly saved users to login. + if @user.persisted? && @user.valid? + log_audit_event(@user, with: oauth['provider']) + sign_in_and_redirect(@user) + else + error_message = @user.errors.full_messages.to_sentence + + redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return + end + end + def oauth @oauth ||= request.env['omniauth.auth'] end |