diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-20 18:42:06 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-20 18:42:06 +0000 |
commit | 6e4e1050d9dba2b7b2523fdd1768823ab85feef4 (patch) | |
tree | 78be5963ec075d80116a932011d695dd33910b4e /lib/gitlab/auth | |
parent | 1ce776de4ae122aba3f349c02c17cebeaa8ecf07 (diff) | |
download | gitlab-ce-6e4e1050d9dba2b7b2523fdd1768823ab85feef4.tar.gz |
Add latest changes from gitlab-org/gitlab@13-3-stable-ee
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/auth_finders.rb | 12 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/adapter.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/person.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/auth/o_auth/user.rb | 8 |
4 files changed, 20 insertions, 4 deletions
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb index bd5aed0d964..f3d0c053880 100644 --- a/lib/gitlab/auth/auth_finders.rb +++ b/lib/gitlab/auth/auth_finders.rb @@ -20,6 +20,7 @@ module Gitlab module AuthFinders include Gitlab::Utils::StrongMemoize include ActionController::HttpAuthentication::Basic + include ActionController::HttpAuthentication::Token PRIVATE_TOKEN_HEADER = 'HTTP_PRIVATE_TOKEN' PRIVATE_TOKEN_PARAM = :private_token @@ -81,7 +82,7 @@ module Gitlab login, password = user_name_and_password(current_request) return unless login.present? && password.present? - return unless ::Ci::Build::CI_REGISTRY_USER == login + return unless ::Gitlab::Auth::CI_JOB_USER == login job = ::Ci::Build.find_by_token(password) raise UnauthorizedError unless job @@ -131,6 +132,15 @@ module Gitlab deploy_token end + def cluster_agent_token_from_authorization_token + return unless route_authentication_setting[:cluster_agent_token_allowed] + return unless current_request.authorization.present? + + authorization_token, _options = token_and_options(current_request) + + ::Clusters::AgentToken.find_by_token(authorization_token) + end + def find_runner_from_token return unless api_request? diff --git a/lib/gitlab/auth/ldap/adapter.rb b/lib/gitlab/auth/ldap/adapter.rb index f64fcd822c6..4f448211abf 100644 --- a/lib/gitlab/auth/ldap/adapter.rb +++ b/lib/gitlab/auth/ldap/adapter.rb @@ -54,7 +54,7 @@ module Gitlab if results.nil? response = ldap.get_operation_result - unless response.code.zero? + unless response.code == 0 Rails.logger.warn("LDAP search error: #{response.message}") # rubocop:disable Gitlab/RailsLogger end diff --git a/lib/gitlab/auth/ldap/person.rb b/lib/gitlab/auth/ldap/person.rb index b3321c0b1fb..8c5000147c4 100644 --- a/lib/gitlab/auth/ldap/person.rb +++ b/lib/gitlab/auth/ldap/person.rb @@ -11,7 +11,7 @@ module Gitlab InvalidEntryError = Class.new(StandardError) - attr_accessor :entry, :provider + attr_accessor :provider def self.find_by_uid(uid, adapter) uid = Net::LDAP::Filter.escape(uid) diff --git a/lib/gitlab/auth/o_auth/user.rb b/lib/gitlab/auth/o_auth/user.rb index 8a60d6ef482..086f4a2e91c 100644 --- a/lib/gitlab/auth/o_auth/user.rb +++ b/lib/gitlab/auth/o_auth/user.rb @@ -12,7 +12,7 @@ module Gitlab SignupDisabledError = Class.new(StandardError) SigninDisabledForProviderError = Class.new(StandardError) - attr_accessor :auth_hash, :gl_user + attr_reader :auth_hash def initialize(auth_hash) self.auth_hash = auth_hash @@ -62,6 +62,7 @@ module Gitlab def find_user user = find_by_uid_and_provider + user ||= find_by_email if auto_link_user? user ||= find_or_build_ldap_user if auto_link_ldap_user? user ||= build_new_user if signup_enabled? @@ -150,6 +151,7 @@ module Gitlab def find_ldap_person(auth_hash, adapter) Gitlab::Auth::Ldap::Person.find_by_uid(auth_hash.uid, adapter) || Gitlab::Auth::Ldap::Person.find_by_email(auth_hash.uid, adapter) || + Gitlab::Auth::Ldap::Person.find_by_email(auth_hash.email, adapter) || Gitlab::Auth::Ldap::Person.find_by_dn(auth_hash.uid, adapter) rescue Gitlab::Auth::Ldap::LdapConnectionError nil @@ -269,6 +271,10 @@ module Gitlab .disabled_oauth_sign_in_sources .include?(auth_hash.provider) end + + def auto_link_user? + Gitlab.config.omniauth.auto_link_user + end end end end |