diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 01:45:44 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 01:45:44 +0000 |
commit | 85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch) | |
tree | 9160f299afd8c80c038f08e1545be119f5e3f1e1 /lib/gitlab/auth | |
parent | 15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff) | |
download | gitlab-ce-85dc423f7090da0a52c73eb66faf22ddb20efff9.tar.gz |
Add latest changes from gitlab-org/gitlab@13-4-stable-ee
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/atlassian/auth_hash.rb | 31 | ||||
-rw-r--r-- | lib/gitlab/auth/atlassian/identity_linker.rb | 30 | ||||
-rw-r--r-- | lib/gitlab/auth/atlassian/user.rb | 35 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/adapter.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/config.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/person.rb | 6 | ||||
-rw-r--r-- | lib/gitlab/auth/o_auth/provider.rb | 9 | ||||
-rw-r--r-- | lib/gitlab/auth/o_auth/user.rb | 6 |
8 files changed, 113 insertions, 12 deletions
diff --git a/lib/gitlab/auth/atlassian/auth_hash.rb b/lib/gitlab/auth/atlassian/auth_hash.rb new file mode 100644 index 00000000000..047e4eabc51 --- /dev/null +++ b/lib/gitlab/auth/atlassian/auth_hash.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +module Gitlab + module Auth + module Atlassian + class AuthHash < Gitlab::Auth::OAuth::AuthHash + def token + credentials[:token] + end + + def refresh_token + credentials[:refresh_token] + end + + def expires? + credentials[:expires] + end + + def expires_at + credentials[:expires_at] + end + + private + + def credentials + auth_hash[:credentials] + end + end + end + end +end diff --git a/lib/gitlab/auth/atlassian/identity_linker.rb b/lib/gitlab/auth/atlassian/identity_linker.rb new file mode 100644 index 00000000000..4dec54d44d6 --- /dev/null +++ b/lib/gitlab/auth/atlassian/identity_linker.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +module Gitlab + module Auth + module Atlassian + class IdentityLinker < OmniauthIdentityLinkerBase + extend ::Gitlab::Utils::Override + include ::Gitlab::Utils::StrongMemoize + + private + + override :identity + def identity + strong_memoize(:identity) do + current_user.atlassian_identity || build_atlassian_identity + end + end + + def build_atlassian_identity + identity = current_user.build_atlassian_identity + ::Gitlab::Auth::Atlassian::User.assign_identity_from_auth_hash!(identity, auth_hash) + end + + def auth_hash + ::Gitlab::Auth::Atlassian::AuthHash.new(oauth) + end + end + end + end +end diff --git a/lib/gitlab/auth/atlassian/user.rb b/lib/gitlab/auth/atlassian/user.rb new file mode 100644 index 00000000000..6ab7741cc54 --- /dev/null +++ b/lib/gitlab/auth/atlassian/user.rb @@ -0,0 +1,35 @@ +# frozen_string_literal: true + +module Gitlab + module Auth + module Atlassian + class User < Gitlab::Auth::OAuth::User + def self.assign_identity_from_auth_hash!(identity, auth_hash) + identity.extern_uid = auth_hash.uid + identity.token = auth_hash.token + identity.refresh_token = auth_hash.refresh_token + identity.expires_at = Time.at(auth_hash.expires_at).utc.to_datetime if auth_hash.expires? + + identity + end + + protected + + def find_by_uid_and_provider + ::Atlassian::Identity.find_by_extern_uid(auth_hash.uid)&.user + end + + def add_or_update_user_identities + return unless gl_user + + identity = gl_user.atlassian_identity || gl_user.build_atlassian_identity + self.class.assign_identity_from_auth_hash!(identity, auth_hash) + end + + def auth_hash=(auth_hash) + @auth_hash = ::Gitlab::Auth::Atlassian::AuthHash.new(auth_hash) + end + end + end + end +end diff --git a/lib/gitlab/auth/ldap/adapter.rb b/lib/gitlab/auth/ldap/adapter.rb index 4f448211abf..b7bb61f0677 100644 --- a/lib/gitlab/auth/ldap/adapter.rb +++ b/lib/gitlab/auth/ldap/adapter.rb @@ -55,7 +55,7 @@ module Gitlab response = ldap.get_operation_result unless response.code == 0 - Rails.logger.warn("LDAP search error: #{response.message}") # rubocop:disable Gitlab/RailsLogger + Gitlab::AppLogger.warn("LDAP search error: #{response.message}") end [] @@ -67,7 +67,7 @@ module Gitlab retries += 1 error_message = connection_error_message(error) - Rails.logger.warn(error_message) # rubocop:disable Gitlab/RailsLogger + Gitlab::AppLogger.warn(error_message) if retries < MAX_SEARCH_RETRIES renew_connection_adapter diff --git a/lib/gitlab/auth/ldap/config.rb b/lib/gitlab/auth/ldap/config.rb index 7677189eb9f..88cc840c395 100644 --- a/lib/gitlab/auth/ldap/config.rb +++ b/lib/gitlab/auth/ldap/config.rb @@ -248,7 +248,7 @@ module Gitlab begin custom_options[:cert] = OpenSSL::X509::Certificate.new(custom_options[:cert]) rescue OpenSSL::X509::CertificateError => e - Rails.logger.error "LDAP TLS Options 'cert' is invalid for provider #{provider}: #{e.message}" # rubocop:disable Gitlab/RailsLogger + Gitlab::AppLogger.error "LDAP TLS Options 'cert' is invalid for provider #{provider}: #{e.message}" end end @@ -256,7 +256,7 @@ module Gitlab begin custom_options[:key] = OpenSSL::PKey.read(custom_options[:key]) rescue OpenSSL::PKey::PKeyError => e - Rails.logger.error "LDAP TLS Options 'key' is invalid for provider #{provider}: #{e.message}" # rubocop:disable Gitlab/RailsLogger + Gitlab::AppLogger.error "LDAP TLS Options 'key' is invalid for provider #{provider}: #{e.message}" end end diff --git a/lib/gitlab/auth/ldap/person.rb b/lib/gitlab/auth/ldap/person.rb index 8c5000147c4..102820d6bd5 100644 --- a/lib/gitlab/auth/ldap/person.rb +++ b/lib/gitlab/auth/ldap/person.rb @@ -45,7 +45,7 @@ module Gitlab def self.normalize_dn(dn) ::Gitlab::Auth::Ldap::DN.new(dn).to_normalized_s rescue ::Gitlab::Auth::Ldap::DN::FormatError => e - Rails.logger.info("Returning original DN \"#{dn}\" due to error during normalization attempt: #{e.message}") # rubocop:disable Gitlab/RailsLogger + Gitlab::AppLogger.info("Returning original DN \"#{dn}\" due to error during normalization attempt: #{e.message}") dn end @@ -57,13 +57,13 @@ module Gitlab def self.normalize_uid(uid) ::Gitlab::Auth::Ldap::DN.normalize_value(uid) rescue ::Gitlab::Auth::Ldap::DN::FormatError => e - Rails.logger.info("Returning original UID \"#{uid}\" due to error during normalization attempt: #{e.message}") # rubocop:disable Gitlab/RailsLogger + Gitlab::AppLogger.info("Returning original UID \"#{uid}\" due to error during normalization attempt: #{e.message}") uid end def initialize(entry, provider) - Rails.logger.debug { "Instantiating #{self.class.name} with LDIF:\n#{entry.to_ldif}" } # rubocop:disable Gitlab/RailsLogger + Gitlab::AppLogger.debug "Instantiating #{self.class.name} with LDIF:\n#{entry.to_ldif}" @entry = entry @provider = provider end diff --git a/lib/gitlab/auth/o_auth/provider.rb b/lib/gitlab/auth/o_auth/provider.rb index 1ca59aa827b..1eae7af442d 100644 --- a/lib/gitlab/auth/o_auth/provider.rb +++ b/lib/gitlab/auth/o_auth/provider.rb @@ -5,10 +5,11 @@ module Gitlab module OAuth class Provider LABELS = { - "github" => "GitHub", - "gitlab" => "GitLab.com", - "google_oauth2" => "Google", - "azure_oauth2" => "Azure AD" + "github" => "GitHub", + "gitlab" => "GitLab.com", + "google_oauth2" => "Google", + "azure_oauth2" => "Azure AD", + 'atlassian_oauth2' => 'Atlassian' }.freeze def self.authentication(user, provider) diff --git a/lib/gitlab/auth/o_auth/user.rb b/lib/gitlab/auth/o_auth/user.rb index 086f4a2e91c..3211d2ffaea 100644 --- a/lib/gitlab/auth/o_auth/user.rb +++ b/lib/gitlab/auth/o_auth/user.rb @@ -273,7 +273,11 @@ module Gitlab end def auto_link_user? - Gitlab.config.omniauth.auto_link_user + auto_link = Gitlab.config.omniauth.auto_link_user + return auto_link if [true, false].include?(auto_link) + + auto_link = Array(auto_link) + auto_link.include?(auth_hash.provider) end end end |