diff options
author | Drew Blessing <drew@gitlab.com> | 2016-11-11 14:44:08 -0600 |
---|---|---|
committer | Drew Blessing <drew@gitlab.com> | 2016-11-11 15:58:33 -0600 |
commit | c50b98da723dab9a35ddb2cde0258d141cf92495 (patch) | |
tree | ae9634e13bd663537df8a1eddd62f6c9edd1e019 /config | |
parent | 6eeff67c6e03233d4480a55d05d4e0f1a88aef4c (diff) | |
download | gitlab-ce-c50b98da723dab9a35ddb2cde0258d141cf92495.tar.gz |
Centralize LDAP config/filter logic
Centralize all LDAP config logic in `GitLab::LDAP::Config`. Previously,
some logic was in the Devise initializer and it was not honoring the
`user_filter`. If a user outside the configured `user_filter` signed
in, an account would be created but they would then be denied access.
Now that logic is centralized, the filter is honored and users outside
the filter are never created.
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/devise.rb | 19 |
1 files changed, 3 insertions, 16 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index a0a8f88584c..f06c4d4ecf2 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -213,22 +213,9 @@ Devise.setup do |config| end if Gitlab::LDAP::Config.enabled? - Gitlab.config.ldap.servers.values.each do |server| - if server['allow_username_or_email_login'] - email_stripping_proc = ->(name) {name.gsub(/@.*\z/, '')} - else - email_stripping_proc = ->(name) {name} - end - - config.omniauth server['provider_name'], - host: server['host'], - base: server['base'], - uid: server['uid'], - port: server['port'], - method: server['method'], - bind_dn: server['bind_dn'], - password: server['password'], - name_proc: email_stripping_proc + Gitlab::LDAP::Config.providers.each do |provider| + ldap_config = Gitlab::LDAP::Config.new(provider) + config.omniauth(provider, ldap_config.omniauth_options) end end |