summaryrefslogtreecommitdiff
path: root/config/initializers/doorkeeper_openid_connect.rb
diff options
context:
space:
mode:
authorGrzegorz Bizon <grzesiek.bizon@gmail.com>2017-03-21 14:22:56 +0100
committerGrzegorz Bizon <grzesiek.bizon@gmail.com>2017-03-21 14:22:56 +0100
commitc5912ecd73560b730eda625c77d900ca23ab16d5 (patch)
tree8f7288b6209fb7e542e5d3bf867138ea6bde7faf /config/initializers/doorkeeper_openid_connect.rb
parent53d332d3c73f8a883fa54d8eaaf91f92da73c33f (diff)
parent1e5888d115df1973cd5af0aa95013dbbf29ddefd (diff)
downloadgitlab-ce-c5912ecd73560b730eda625c77d900ca23ab16d5.tar.gz
Merge branch 'master' into feature/multi-level-container-registry-images
* master: (1327 commits) Merge branch 'render-json-leak' into 'security' Merge branch 'ssrf' into 'security' Merge branch 'ssrf' into 'security' Merge branch 'fix-links-target-blank' into 'security' Merge branch '28058-hide-emails-in-atom-feeds' into 'security' Fix karma test Reset filters after click Handle Route#name being nil after an update Only add frontend code coverage instrumentation when generating coverage report fix recompile assets step in 9.0 upgrade guide to use yarn Undo explicit conversion to Integer Make level_value accept string integers Make feature spec more robust Removed d3.js from the main application.js bundle Extend compound status for manual actions specs Update css to be nice and tidy. Fix pipeline status for transition between stages add an index to the ghost column Return 404 in project issues API endpoint when project cannot be found Improve rename projects migration ... Conflicts: doc/ci/docker/using_docker_build.md spec/lib/gitlab/import_export/all_models.yml
Diffstat (limited to 'config/initializers/doorkeeper_openid_connect.rb')
-rw-r--r--config/initializers/doorkeeper_openid_connect.rb36
1 files changed, 36 insertions, 0 deletions
diff --git a/config/initializers/doorkeeper_openid_connect.rb b/config/initializers/doorkeeper_openid_connect.rb
new file mode 100644
index 00000000000..700ca25b884
--- /dev/null
+++ b/config/initializers/doorkeeper_openid_connect.rb
@@ -0,0 +1,36 @@
+Doorkeeper::OpenidConnect.configure do
+ issuer Gitlab.config.gitlab.url
+
+ jws_private_key Rails.application.secrets.jws_private_key
+
+ resource_owner_from_access_token do |access_token|
+ User.active.find_by(id: access_token.resource_owner_id)
+ end
+
+ auth_time_from_resource_owner do |user|
+ user.current_sign_in_at
+ end
+
+ reauthenticate_resource_owner do |user, return_to|
+ store_location_for user, return_to
+ sign_out user
+ redirect_to new_user_session_url
+ end
+
+ subject do |user|
+ # hash the user's ID with the Rails secret_key_base to avoid revealing it
+ Digest::SHA256.hexdigest "#{user.id}-#{Rails.application.secrets.secret_key_base}"
+ end
+
+ claims do
+ with_options scope: :openid do |o|
+ o.claim(:name) { |user| user.name }
+ o.claim(:nickname) { |user| user.username }
+ o.claim(:email) { |user| user.public_email }
+ o.claim(:email_verified) { |user| true if user.public_email? }
+ o.claim(:website) { |user| user.full_website_url if user.website_url? }
+ o.claim(:profile) { |user| Rails.application.routes.url_helpers.user_url user }
+ o.claim(:picture) { |user| user.avatar_url }
+ end
+ end
+end
View Lorry Controller Status