diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-12 15:09:39 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-12 15:09:39 +0000 |
| commit | dc889678d1de8c09310b2f8f9742bb6c78a6f1a4 (patch) | |
| tree | 70945aa6721a271fc8057efa13c3216a03fbac45 /lib | |
| parent | cd52759ee33051b8ad7b88b02ba7954e4fad7018 (diff) | |
| download | gitlab-ce-dc889678d1de8c09310b2f8f9742bb6c78a6f1a4.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/auth.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/auth/ldap/access.rb | 16 | ||||
| -rw-r--r-- | lib/gitlab/auth/ldap/adapter.rb | 14 | ||||
| -rw-r--r-- | lib/gitlab/auth/ldap/auth_hash.rb | 6 | ||||
| -rw-r--r-- | lib/gitlab/auth/ldap/authentication.rb | 10 | ||||
| -rw-r--r-- | lib/gitlab/auth/ldap/config.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/auth/ldap/dn.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/auth/ldap/ldap_connection_error.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/auth/ldap/person.rb | 14 | ||||
| -rw-r--r-- | lib/gitlab/auth/ldap/user.rb | 10 | ||||
| -rw-r--r-- | lib/gitlab/auth/o_auth/provider.rb | 6 | ||||
| -rw-r--r-- | lib/gitlab/auth/o_auth/user.rb | 16 | ||||
| -rw-r--r-- | lib/gitlab/user_access.rb | 2 | ||||
| -rw-r--r-- | lib/system_check/ldap_check.rb | 6 | ||||
| -rw-r--r-- | lib/tasks/gitlab/cleanup.rake | 2 |
15 files changed, 58 insertions, 58 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 1329357d0b8..c16c2ce96de 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -88,7 +88,7 @@ module Gitlab else # If no user is provided, try LDAP. # LDAP users are only authenticated via LDAP - authenticators << Gitlab::Auth::LDAP::Authentication + authenticators << Gitlab::Auth::Ldap::Authentication end authenticators.compact! @@ -134,7 +134,7 @@ module Gitlab end def authenticate_using_internal_or_ldap_password? - Gitlab::CurrentSettings.password_authentication_enabled_for_git? || Gitlab::Auth::LDAP::Config.enabled? + Gitlab::CurrentSettings.password_authentication_enabled_for_git? || Gitlab::Auth::Ldap::Config.enabled? end def service_request_check(login, password, project) diff --git a/lib/gitlab/auth/ldap/access.rb b/lib/gitlab/auth/ldap/access.rb index 940b802be7e..98eec0e4a7b 100644 --- a/lib/gitlab/auth/ldap/access.rb +++ b/lib/gitlab/auth/ldap/access.rb @@ -6,14 +6,14 @@ # module Gitlab module Auth - module LDAP + module Ldap class Access - prepend_if_ee('::EE::Gitlab::Auth::LDAP::Access') # rubocop: disable Cop/InjectEnterpriseEditionModule + prepend_if_ee('::EE::Gitlab::Auth::Ldap::Access') # rubocop: disable Cop/InjectEnterpriseEditionModule attr_reader :provider, :user, :ldap_identity def self.open(user, &block) - Gitlab::Auth::LDAP::Adapter.open(user.ldap_identity.provider) do |adapter| + Gitlab::Auth::Ldap::Adapter.open(user.ldap_identity.provider) do |adapter| block.call(self.new(user, adapter)) end end @@ -50,7 +50,7 @@ module Gitlab end # Block user in GitLab if they were blocked in AD - if Gitlab::Auth::LDAP::Person.disabled_via_active_directory?(ldap_identity.extern_uid, adapter) + if Gitlab::Auth::Ldap::Person.disabled_via_active_directory?(ldap_identity.extern_uid, adapter) block_user(user, 'is disabled in Active Directory') false else @@ -62,7 +62,7 @@ module Gitlab block_user(user, 'does not exist anymore') false end - rescue LDAPConnectionError + rescue LdapConnectionError false end @@ -73,11 +73,11 @@ module Gitlab private def adapter - @adapter ||= Gitlab::Auth::LDAP::Adapter.new(provider) + @adapter ||= Gitlab::Auth::Ldap::Adapter.new(provider) end def ldap_config - Gitlab::Auth::LDAP::Config.new(provider) + Gitlab::Auth::Ldap::Config.new(provider) end def ldap_user @@ -87,7 +87,7 @@ module Gitlab end def find_ldap_user - Gitlab::Auth::LDAP::Person.find_by_dn(ldap_identity.extern_uid, adapter) + Gitlab::Auth::Ldap::Person.find_by_dn(ldap_identity.extern_uid, adapter) end def block_user(user, reason) diff --git a/lib/gitlab/auth/ldap/adapter.rb b/lib/gitlab/auth/ldap/adapter.rb index 356579ef402..c5ec4e1981b 100644 --- a/lib/gitlab/auth/ldap/adapter.rb +++ b/lib/gitlab/auth/ldap/adapter.rb @@ -2,9 +2,9 @@ module Gitlab module Auth - module LDAP + module Ldap class Adapter - prepend_if_ee('::EE::Gitlab::Auth::LDAP::Adapter') # rubocop: disable Cop/InjectEnterpriseEditionModule + prepend_if_ee('::EE::Gitlab::Auth::Ldap::Adapter') # rubocop: disable Cop/InjectEnterpriseEditionModule SEARCH_RETRY_FACTOR = [1, 1, 2, 3].freeze MAX_SEARCH_RETRIES = Rails.env.test? ? 1 : SEARCH_RETRY_FACTOR.size.freeze @@ -18,7 +18,7 @@ module Gitlab end def self.config(provider) - Gitlab::Auth::LDAP::Config.new(provider) + Gitlab::Auth::Ldap::Config.new(provider) end def initialize(provider, ldap = nil) @@ -27,7 +27,7 @@ module Gitlab end def config - Gitlab::Auth::LDAP::Config.new(provider) + Gitlab::Auth::Ldap::Config.new(provider) end def users(fields, value, limit = nil) @@ -75,7 +75,7 @@ module Gitlab renew_connection_adapter retry else - raise LDAPConnectionError, error_message + raise LdapConnectionError, error_message end end @@ -91,13 +91,13 @@ module Gitlab end entries.map do |entry| - Gitlab::Auth::LDAP::Person.new(entry, provider) + Gitlab::Auth::Ldap::Person.new(entry, provider) end end def user_options(fields, value, limit) options = { - attributes: Gitlab::Auth::LDAP::Person.ldap_attributes(config), + attributes: Gitlab::Auth::Ldap::Person.ldap_attributes(config), base: config.base } diff --git a/lib/gitlab/auth/ldap/auth_hash.rb b/lib/gitlab/auth/ldap/auth_hash.rb index 83fdc8a8c76..5435355f136 100644 --- a/lib/gitlab/auth/ldap/auth_hash.rb +++ b/lib/gitlab/auth/ldap/auth_hash.rb @@ -4,10 +4,10 @@ # module Gitlab module Auth - module LDAP + module Ldap class AuthHash < Gitlab::Auth::OAuth::AuthHash def uid - @uid ||= Gitlab::Auth::LDAP::Person.normalize_dn(super) + @uid ||= Gitlab::Auth::Ldap::Person.normalize_dn(super) end def username @@ -42,7 +42,7 @@ module Gitlab end def ldap_config - @ldap_config ||= Gitlab::Auth::LDAP::Config.new(self.provider) + @ldap_config ||= Gitlab::Auth::Ldap::Config.new(self.provider) end end end diff --git a/lib/gitlab/auth/ldap/authentication.rb b/lib/gitlab/auth/ldap/authentication.rb index 174e81dd603..d9964f237b1 100644 --- a/lib/gitlab/auth/ldap/authentication.rb +++ b/lib/gitlab/auth/ldap/authentication.rb @@ -8,10 +8,10 @@ module Gitlab module Auth - module LDAP + module Ldap class Authentication < Gitlab::Auth::OAuth::Authentication def self.login(login, password) - return unless Gitlab::Auth::LDAP::Config.enabled? + return unless Gitlab::Auth::Ldap::Config.enabled? return unless login.present? && password.present? # return found user that was authenticated by first provider for given login credentials @@ -22,7 +22,7 @@ module Gitlab end def self.providers - Gitlab::Auth::LDAP::Config.providers + Gitlab::Auth::Ldap::Config.providers end def login(login, password) @@ -33,7 +33,7 @@ module Gitlab ) return unless result - @user = Gitlab::Auth::LDAP::User.find_by_uid_and_provider(result.dn, provider) + @user = Gitlab::Auth::Ldap::User.find_by_uid_and_provider(result.dn, provider) end def adapter @@ -41,7 +41,7 @@ module Gitlab end def config - Gitlab::Auth::LDAP::Config.new(provider) + Gitlab::Auth::Ldap::Config.new(provider) end def user_filter(login) diff --git a/lib/gitlab/auth/ldap/config.rb b/lib/gitlab/auth/ldap/config.rb index 4bc0ceedae7..709cd0d787a 100644 --- a/lib/gitlab/auth/ldap/config.rb +++ b/lib/gitlab/auth/ldap/config.rb @@ -3,9 +3,9 @@ # Load a specific server configuration module Gitlab module Auth - module LDAP + module Ldap class Config - prepend_if_ee('::EE::Gitlab::Auth::LDAP::Config') # rubocop: disable Cop/InjectEnterpriseEditionModule + prepend_if_ee('::EE::Gitlab::Auth::Ldap::Config') # rubocop: disable Cop/InjectEnterpriseEditionModule NET_LDAP_ENCRYPTION_METHOD = { simple_tls: :simple_tls, diff --git a/lib/gitlab/auth/ldap/dn.rb b/lib/gitlab/auth/ldap/dn.rb index 0b496da784d..ea88dedadf5 100644 --- a/lib/gitlab/auth/ldap/dn.rb +++ b/lib/gitlab/auth/ldap/dn.rb @@ -21,7 +21,7 @@ # class also helps take care of that. module Gitlab module Auth - module LDAP + module Ldap class DN FormatError = Class.new(StandardError) MalformedError = Class.new(FormatError) diff --git a/lib/gitlab/auth/ldap/ldap_connection_error.rb b/lib/gitlab/auth/ldap/ldap_connection_error.rb index d0e5f24d203..13b0d29e104 100644 --- a/lib/gitlab/auth/ldap/ldap_connection_error.rb +++ b/lib/gitlab/auth/ldap/ldap_connection_error.rb @@ -2,8 +2,8 @@ module Gitlab module Auth - module LDAP - LDAPConnectionError = Class.new(StandardError) + module Ldap + LdapConnectionError = Class.new(StandardError) end end end diff --git a/lib/gitlab/auth/ldap/person.rb b/lib/gitlab/auth/ldap/person.rb index 88ec22aa75c..430f94a9a28 100644 --- a/lib/gitlab/auth/ldap/person.rb +++ b/lib/gitlab/auth/ldap/person.rb @@ -2,9 +2,9 @@ module Gitlab module Auth - module LDAP + module Ldap class Person - prepend_if_ee('::EE::Gitlab::Auth::LDAP::Person') # rubocop: disable Cop/InjectEnterpriseEditionModule + prepend_if_ee('::EE::Gitlab::Auth::Ldap::Person') # rubocop: disable Cop/InjectEnterpriseEditionModule # Active Directory-specific LDAP filter that checks if bit 2 of the # userAccountControl attribute is set. @@ -45,8 +45,8 @@ module Gitlab end def self.normalize_dn(dn) - ::Gitlab::Auth::LDAP::DN.new(dn).to_normalized_s - rescue ::Gitlab::Auth::LDAP::DN::FormatError => e + ::Gitlab::Auth::Ldap::DN.new(dn).to_normalized_s + rescue ::Gitlab::Auth::Ldap::DN::FormatError => e Rails.logger.info("Returning original DN \"#{dn}\" due to error during normalization attempt: #{e.message}") # rubocop:disable Gitlab/RailsLogger dn @@ -57,8 +57,8 @@ module Gitlab # 1. Excess spaces are stripped # 2. The string is downcased (for case-insensitivity) def self.normalize_uid(uid) - ::Gitlab::Auth::LDAP::DN.normalize_value(uid) - rescue ::Gitlab::Auth::LDAP::DN::FormatError => e + ::Gitlab::Auth::Ldap::DN.normalize_value(uid) + rescue ::Gitlab::Auth::Ldap::DN::FormatError => e Rails.logger.info("Returning original UID \"#{uid}\" due to error during normalization attempt: #{e.message}") # rubocop:disable Gitlab/RailsLogger uid @@ -103,7 +103,7 @@ module Gitlab attr_reader :entry def config - @config ||= Gitlab::Auth::LDAP::Config.new(provider) + @config ||= Gitlab::Auth::Ldap::Config.new(provider) end # Using the LDAP attributes configuration, find and return the first diff --git a/lib/gitlab/auth/ldap/user.rb b/lib/gitlab/auth/ldap/user.rb index 3b68230e193..df14e5fc3dc 100644 --- a/lib/gitlab/auth/ldap/user.rb +++ b/lib/gitlab/auth/ldap/user.rb @@ -8,10 +8,10 @@ # module Gitlab module Auth - module LDAP + module Ldap class User < Gitlab::Auth::OAuth::User extend ::Gitlab::Utils::Override - prepend_if_ee('::EE::Gitlab::Auth::LDAP::User') # rubocop: disable Cop/InjectEnterpriseEditionModule + prepend_if_ee('::EE::Gitlab::Auth::Ldap::User') # rubocop: disable Cop/InjectEnterpriseEditionModule class << self # rubocop: disable CodeReuse/ActiveRecord @@ -46,7 +46,7 @@ module Gitlab end def allowed? - Gitlab::Auth::LDAP::Access.allowed?(gl_user) + Gitlab::Auth::Ldap::Access.allowed?(gl_user) end def valid_sign_in? @@ -54,11 +54,11 @@ module Gitlab end def ldap_config - Gitlab::Auth::LDAP::Config.new(auth_hash.provider) + Gitlab::Auth::Ldap::Config.new(auth_hash.provider) end def auth_hash=(auth_hash) - @auth_hash = Gitlab::Auth::LDAP::AuthHash.new(auth_hash) + @auth_hash = Gitlab::Auth::Ldap::AuthHash.new(auth_hash) end end end diff --git a/lib/gitlab/auth/o_auth/provider.rb b/lib/gitlab/auth/o_auth/provider.rb index 4d6b95ecd1b..f0811098b15 100644 --- a/lib/gitlab/auth/o_auth/provider.rb +++ b/lib/gitlab/auth/o_auth/provider.rb @@ -18,7 +18,7 @@ module Gitlab authenticator = case provider when /^ldap/ - Gitlab::Auth::LDAP::Authentication + Gitlab::Auth::Ldap::Authentication when 'database' Gitlab::Auth::Database::Authentication end @@ -60,8 +60,8 @@ module Gitlab def self.config_for(name) name = name.to_s if ldap_provider?(name) - if Gitlab::Auth::LDAP::Config.valid_provider?(name) - Gitlab::Auth::LDAP::Config.new(name).options + if Gitlab::Auth::Ldap::Config.valid_provider?(name) + Gitlab::Auth::Ldap::Config.new(name).options else nil end diff --git a/lib/gitlab/auth/o_auth/user.rb b/lib/gitlab/auth/o_auth/user.rb index 300181025a4..df595da1536 100644 --- a/lib/gitlab/auth/o_auth/user.rb +++ b/lib/gitlab/auth/o_auth/user.rb @@ -111,7 +111,7 @@ module Gitlab def find_or_build_ldap_user return unless ldap_person - user = Gitlab::Auth::LDAP::User.find_by_uid_and_provider(ldap_person.dn, ldap_person.provider) + user = Gitlab::Auth::Ldap::User.find_by_uid_and_provider(ldap_person.dn, ldap_person.provider) if user log.info "LDAP account found for user #{user.username}. Building new #{auth_hash.provider} identity." return user @@ -141,8 +141,8 @@ module Gitlab return @ldap_person if defined?(@ldap_person) # Look for a corresponding person with same uid in any of the configured LDAP providers - Gitlab::Auth::LDAP::Config.providers.each do |provider| - adapter = Gitlab::Auth::LDAP::Adapter.new(provider) + Gitlab::Auth::Ldap::Config.providers.each do |provider| + adapter = Gitlab::Auth::Ldap::Adapter.new(provider) @ldap_person = find_ldap_person(auth_hash, adapter) break if @ldap_person end @@ -150,15 +150,15 @@ module Gitlab end def find_ldap_person(auth_hash, adapter) - Gitlab::Auth::LDAP::Person.find_by_uid(auth_hash.uid, adapter) || - Gitlab::Auth::LDAP::Person.find_by_email(auth_hash.uid, adapter) || - Gitlab::Auth::LDAP::Person.find_by_dn(auth_hash.uid, adapter) - rescue Gitlab::Auth::LDAP::LDAPConnectionError + Gitlab::Auth::Ldap::Person.find_by_uid(auth_hash.uid, adapter) || + Gitlab::Auth::Ldap::Person.find_by_email(auth_hash.uid, adapter) || + Gitlab::Auth::Ldap::Person.find_by_dn(auth_hash.uid, adapter) + rescue Gitlab::Auth::Ldap::LdapConnectionError nil end def ldap_config - Gitlab::Auth::LDAP::Config.new(ldap_person.provider) if ldap_person + Gitlab::Auth::Ldap::Config.new(ldap_person.provider) if ldap_person end def needs_blocking? diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb index fda2985307e..5e0a4faeba8 100644 --- a/lib/gitlab/user_access.rb +++ b/lib/gitlab/user_access.rb @@ -33,7 +33,7 @@ module Gitlab return false unless can_access_git? if user.requires_ldap_check? && user.try_obtain_ldap_lease - return false unless Gitlab::Auth::LDAP::Access.allowed?(user) + return false unless Gitlab::Auth::Ldap::Access.allowed?(user) end true diff --git a/lib/system_check/ldap_check.rb b/lib/system_check/ldap_check.rb index 938026424ed..3d71edbc256 100644 --- a/lib/system_check/ldap_check.rb +++ b/lib/system_check/ldap_check.rb @@ -6,7 +6,7 @@ module SystemCheck set_name 'LDAP:' def multi_check - if Gitlab::Auth::LDAP::Config.enabled? + if Gitlab::Auth::Ldap::Config.enabled? # Only show up to 100 results because LDAP directories can be very big. # This setting only affects the `rake gitlab:check` script. limit = ENV['LDAP_CHECK_LIMIT'] @@ -21,13 +21,13 @@ module SystemCheck private def check_ldap(limit) - servers = Gitlab::Auth::LDAP::Config.providers + servers = Gitlab::Auth::Ldap::Config.providers servers.each do |server| $stdout.puts "Server: #{server}" begin - Gitlab::Auth::LDAP::Adapter.open(server) do |adapter| + Gitlab::Auth::Ldap::Adapter.open(server) do |adapter| check_ldap_auth(adapter) $stdout.puts "LDAP users with access to your GitLab server (only showing the first #{limit} results)" diff --git a/lib/tasks/gitlab/cleanup.rake b/lib/tasks/gitlab/cleanup.rake index 63f5d7f2740..c26aa848d5a 100644 --- a/lib/tasks/gitlab/cleanup.rake +++ b/lib/tasks/gitlab/cleanup.rake @@ -13,7 +13,7 @@ namespace :gitlab do print "#{user.name} (#{user.ldap_identity.extern_uid}) ..." - if Gitlab::Auth::LDAP::Access.allowed?(user) + if Gitlab::Auth::Ldap::Access.allowed?(user) puts " [OK]".color(:green) else if block_flag |