Add latest changes from gitlab-org/gitlab@13-4-stable-ee

8 files changed, 113 insertions, 12 deletions

diff --git a/lib/gitlab/auth/atlassian/auth_hash.rb b/lib/gitlab/auth/atlassian/auth_hash.rb
new file mode 100644
index 00000000000..047e4eabc51
--- /dev/null
+++ b/lib/gitlab/auth/atlassian/auth_hash.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Auth
+    module Atlassian
+      class AuthHash < Gitlab::Auth::OAuth::AuthHash
+        def token
+          credentials[:token]
+        end
+
+        def refresh_token
+          credentials[:refresh_token]
+        end
+
+        def expires?
+          credentials[:expires]
+        end
+
+        def expires_at
+          credentials[:expires_at]
+        end
+
+        private
+
+        def credentials
+          auth_hash[:credentials]
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/auth/atlassian/identity_linker.rb b/lib/gitlab/auth/atlassian/identity_linker.rb
new file mode 100644
index 00000000000..4dec54d44d6
--- /dev/null
+++ b/lib/gitlab/auth/atlassian/identity_linker.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Auth
+    module Atlassian
+      class IdentityLinker < OmniauthIdentityLinkerBase
+        extend ::Gitlab::Utils::Override
+        include ::Gitlab::Utils::StrongMemoize
+
+        private
+
+        override :identity
+        def identity
+          strong_memoize(:identity) do
+            current_user.atlassian_identity || build_atlassian_identity
+          end
+        end
+
+        def build_atlassian_identity
+          identity = current_user.build_atlassian_identity
+          ::Gitlab::Auth::Atlassian::User.assign_identity_from_auth_hash!(identity, auth_hash)
+        end
+
+        def auth_hash
+          ::Gitlab::Auth::Atlassian::AuthHash.new(oauth)
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/auth/atlassian/user.rb b/lib/gitlab/auth/atlassian/user.rb
new file mode 100644
index 00000000000..6ab7741cc54
--- /dev/null
+++ b/lib/gitlab/auth/atlassian/user.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Auth
+    module Atlassian
+      class User < Gitlab::Auth::OAuth::User
+        def self.assign_identity_from_auth_hash!(identity, auth_hash)
+          identity.extern_uid = auth_hash.uid
+          identity.token = auth_hash.token
+          identity.refresh_token = auth_hash.refresh_token
+          identity.expires_at = Time.at(auth_hash.expires_at).utc.to_datetime if auth_hash.expires?
+
+          identity
+        end
+
+        protected
+
+        def find_by_uid_and_provider
+          ::Atlassian::Identity.find_by_extern_uid(auth_hash.uid)&.user
+        end
+
+        def add_or_update_user_identities
+          return unless gl_user
+
+          identity = gl_user.atlassian_identity || gl_user.build_atlassian_identity
+          self.class.assign_identity_from_auth_hash!(identity, auth_hash)
+        end
+
+        def auth_hash=(auth_hash)
+          @auth_hash = ::Gitlab::Auth::Atlassian::AuthHash.new(auth_hash)
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/auth/ldap/adapter.rb b/lib/gitlab/auth/ldap/adapter.rb
index 4f448211abf..b7bb61f0677 100644
--- a/lib/gitlab/auth/ldap/adapter.rb
+++ b/lib/gitlab/auth/ldap/adapter.rb
@@ -55,7 +55,7 @@ module Gitlab
               response = ldap.get_operation_result
 
               unless response.code == 0
-                Rails.logger.warn("LDAP search error: #{response.message}") # rubocop:disable Gitlab/RailsLogger
+                Gitlab::AppLogger.warn("LDAP search error: #{response.message}")
               end
 
               []
@@ -67,7 +67,7 @@ module Gitlab
           retries += 1
           error_message = connection_error_message(error)
 
-          Rails.logger.warn(error_message) # rubocop:disable Gitlab/RailsLogger
+          Gitlab::AppLogger.warn(error_message)
 
           if retries < MAX_SEARCH_RETRIES
             renew_connection_adapter
diff --git a/lib/gitlab/auth/ldap/config.rb b/lib/gitlab/auth/ldap/config.rb
index 7677189eb9f..88cc840c395 100644
--- a/lib/gitlab/auth/ldap/config.rb
+++ b/lib/gitlab/auth/ldap/config.rb
@@ -248,7 +248,7 @@ module Gitlab
             begin
               custom_options[:cert] = OpenSSL::X509::Certificate.new(custom_options[:cert])
             rescue OpenSSL::X509::CertificateError => e
-              Rails.logger.error "LDAP TLS Options 'cert' is invalid for provider #{provider}: #{e.message}" # rubocop:disable Gitlab/RailsLogger
+              Gitlab::AppLogger.error "LDAP TLS Options 'cert' is invalid for provider #{provider}: #{e.message}"
             end
           end
 
@@ -256,7 +256,7 @@ module Gitlab
             begin
               custom_options[:key] = OpenSSL::PKey.read(custom_options[:key])
             rescue OpenSSL::PKey::PKeyError => e
-              Rails.logger.error "LDAP TLS Options 'key' is invalid for provider #{provider}: #{e.message}" # rubocop:disable Gitlab/RailsLogger
+              Gitlab::AppLogger.error "LDAP TLS Options 'key' is invalid for provider #{provider}: #{e.message}"
             end
           end
 
diff --git a/lib/gitlab/auth/ldap/person.rb b/lib/gitlab/auth/ldap/person.rb
index 8c5000147c4..102820d6bd5 100644
--- a/lib/gitlab/auth/ldap/person.rb
+++ b/lib/gitlab/auth/ldap/person.rb
@@ -45,7 +45,7 @@ module Gitlab
         def self.normalize_dn(dn)
           ::Gitlab::Auth::Ldap::DN.new(dn).to_normalized_s
         rescue ::Gitlab::Auth::Ldap::DN::FormatError => e
-          Rails.logger.info("Returning original DN \"#{dn}\" due to error during normalization attempt: #{e.message}") # rubocop:disable Gitlab/RailsLogger
+          Gitlab::AppLogger.info("Returning original DN \"#{dn}\" due to error during normalization attempt: #{e.message}")
 
           dn
         end
@@ -57,13 +57,13 @@ module Gitlab
         def self.normalize_uid(uid)
           ::Gitlab::Auth::Ldap::DN.normalize_value(uid)
         rescue ::Gitlab::Auth::Ldap::DN::FormatError => e
-          Rails.logger.info("Returning original UID \"#{uid}\" due to error during normalization attempt: #{e.message}") # rubocop:disable Gitlab/RailsLogger
+          Gitlab::AppLogger.info("Returning original UID \"#{uid}\" due to error during normalization attempt: #{e.message}")
 
           uid
         end
 
         def initialize(entry, provider)
-          Rails.logger.debug { "Instantiating #{self.class.name} with LDIF:\n#{entry.to_ldif}" } # rubocop:disable Gitlab/RailsLogger
+          Gitlab::AppLogger.debug "Instantiating #{self.class.name} with LDIF:\n#{entry.to_ldif}"
           @entry = entry
           @provider = provider
         end
diff --git a/lib/gitlab/auth/o_auth/provider.rb b/lib/gitlab/auth/o_auth/provider.rb
index 1ca59aa827b..1eae7af442d 100644
--- a/lib/gitlab/auth/o_auth/provider.rb
+++ b/lib/gitlab/auth/o_auth/provider.rb
@@ -5,10 +5,11 @@ module Gitlab
     module OAuth
       class Provider
         LABELS = {
-          "github"         => "GitHub",
-          "gitlab"         => "GitLab.com",
-          "google_oauth2"  => "Google",
-          "azure_oauth2"   => "Azure AD"
+          "github"            => "GitHub",
+          "gitlab"            => "GitLab.com",
+          "google_oauth2"     => "Google",
+          "azure_oauth2"      => "Azure AD",
+          'atlassian_oauth2'  => 'Atlassian'
         }.freeze
 
         def self.authentication(user, provider)
diff --git a/lib/gitlab/auth/o_auth/user.rb b/lib/gitlab/auth/o_auth/user.rb
index 086f4a2e91c..3211d2ffaea 100644
--- a/lib/gitlab/auth/o_auth/user.rb
+++ b/lib/gitlab/auth/o_auth/user.rb
@@ -273,7 +273,11 @@ module Gitlab
         end
 
         def auto_link_user?
-          Gitlab.config.omniauth.auto_link_user
+          auto_link = Gitlab.config.omniauth.auto_link_user
+          return auto_link if [true, false].include?(auto_link)
+
+          auto_link = Array(auto_link)
+          auto_link.include?(auth_hash.provider)
         end
       end
     end