diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-04-15 15:41:36 +0300 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-04-15 15:41:36 +0300 |
| commit | cc41381be4ee437c20218acc0e9a856d2c529d96 (patch) | |
| tree | 890423b81388d75d670af102eb77821af4673f35 /lib | |
| parent | 4c26bcbec810e9a621fcf02601189973a50caf76 (diff) | |
| parent | 345e32d332fd06e3c99b21660d3bf2939ba62ce5 (diff) | |
| download | gitlab-ce-cc41381be4ee437c20218acc0e9a856d2c529d96.tar.gz | |
Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/group_members.rb | 11 | ||||
| -rw-r--r-- | lib/api/groups.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/key_fingerprint.rb | 55 | ||||
| -rw-r--r-- | lib/gitlab/ldap/config.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/ldap/user.rb | 10 |
5 files changed, 73 insertions, 9 deletions
diff --git a/lib/api/group_members.rb b/lib/api/group_members.rb index ed54c7f6ff0..ab9b7c602b5 100644 --- a/lib/api/group_members.rb +++ b/lib/api/group_members.rb @@ -9,8 +9,7 @@ module API # GET /groups/:id/members get ":id/members" do group = find_group(params[:id]) - members = group.group_members - users = (paginate members).collect(&:user) + users = group.users present users, with: Entities::GroupMember, group: group end @@ -24,7 +23,7 @@ module API # POST /groups/:id/members post ":id/members" do group = find_group(params[:id]) - authorize! :manage_group, group + authorize! :admin_group, group required_attributes! [:user_id, :access_level] unless validate_access_level?(params[:access_level]) @@ -35,7 +34,7 @@ module API render_api_error!("Already exists", 409) end - group.add_users([params[:user_id]], params[:access_level]) + group.add_users([params[:user_id]], params[:access_level], current_user) member = group.group_members.find_by(user_id: params[:user_id]) present member.user, with: Entities::GroupMember, group: group end @@ -50,7 +49,7 @@ module API # PUT /groups/:id/members/:user_id put ':id/members/:user_id' do group = find_group(params[:id]) - authorize! :manage_group, group + authorize! :admin_group, group required_attributes! [:access_level] group_member = group.group_members.find_by(user_id: params[:user_id]) @@ -74,7 +73,7 @@ module API # DELETE /groups/:id/members/:user_id delete ":id/members/:user_id" do group = find_group(params[:id]) - authorize! :manage_group, group + authorize! :admin_group, group member = group.group_members.find_by(user_id: params[:user_id]) if member.nil? diff --git a/lib/api/groups.rb b/lib/api/groups.rb index a92abd4b690..8cb9f920975 100644 --- a/lib/api/groups.rb +++ b/lib/api/groups.rb @@ -61,7 +61,7 @@ module API # DELETE /groups/:id delete ":id" do group = find_group(params[:id]) - authorize! :manage_group, group + authorize! :admin_group, group group.destroy end diff --git a/lib/gitlab/key_fingerprint.rb b/lib/gitlab/key_fingerprint.rb new file mode 100644 index 00000000000..baf52ff750d --- /dev/null +++ b/lib/gitlab/key_fingerprint.rb @@ -0,0 +1,55 @@ +module Gitlab + class KeyFingerprint + include Gitlab::Popen + + attr_accessor :key + + def initialize(key) + @key = key + end + + def fingerprint + cmd_status = 0 + cmd_output = '' + + Tempfile.open('gitlab_key_file') do |file| + file.puts key + file.rewind + + cmd = [] + cmd.push *%W(ssh-keygen) + cmd.push *%W(-E md5) if explicit_fingerprint_algorithm? + cmd.push *%W(-lf #{file.path}) + + cmd_output, cmd_status = popen(cmd, '/tmp') + end + + return nil unless cmd_status.zero? + + # 16 hex bytes separated by ':', optionally starting with "MD5:" + fingerprint_matches = cmd_output.match(/(MD5:)?(?<fingerprint>(\h{2}:){15}\h{2})/) + return nil unless fingerprint_matches + + fingerprint_matches[:fingerprint] + end + + private + + def explicit_fingerprint_algorithm? + # OpenSSH 6.8 introduces a new default output format for fingerprints. + # Check the version and decide which command to use. + + version_output, version_status = popen(%W(ssh -V)) + return false unless version_status.zero? + + version_matches = version_output.match(/OpenSSH_(?<major>\d+)\.(?<minor>\d+)/) + return false unless version_matches + + version_info = Gitlab::VersionInfo.new(version_matches[:major].to_i, version_matches[:minor].to_i) + + required_version_info = Gitlab::VersionInfo.new(6, 8) + + version_info >= required_version_info + end + end +end diff --git a/lib/gitlab/ldap/config.rb b/lib/gitlab/ldap/config.rb index fa5b6c1e230..d2ffa2e1fe8 100644 --- a/lib/gitlab/ldap/config.rb +++ b/lib/gitlab/ldap/config.rb @@ -80,6 +80,10 @@ module Gitlab options['active_directory'] end + def block_auto_created_users + options['block_auto_created_users'] + end + protected def base_config Gitlab.config.ldap diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb index d054014039a..f7f3ba9ad7d 100644 --- a/lib/gitlab/ldap/user.rb +++ b/lib/gitlab/ldap/user.rb @@ -39,6 +39,8 @@ module Gitlab end def update_user_attributes + return unless persisted? + gl_user.skip_reconfirmation! gl_user.email = auth_hash.email @@ -53,13 +55,17 @@ module Gitlab gl_user.changed? || gl_user.identities.any?(&:changed?) end - def needs_blocking? - false + def block_after_signup? + ldap_config.block_auto_created_users end def allowed? Gitlab::LDAP::Access.allowed?(gl_user) end + + def ldap_config + Gitlab::LDAP::Config.new(auth_hash.provider) + end end end end |