diff options
| author | Izaak Alpert <ialpert@blackberry.com> | 2013-08-15 17:43:46 -0400 |
|---|---|---|
| committer | Izaak Alpert <ialpert@blackberry.com> | 2013-09-11 14:04:15 -0400 |
| commit | 5dae40f579f66fdc060de633b183ede7bd8b2ce4 (patch) | |
| tree | f4f6669cb1e4d035eb89de116fb3d9ab1f596136 /lib | |
| parent | d4d4a78f834b409631b012aa555c0cb2c4e3166d (diff) | |
| download | gitlab-ce-5dae40f579f66fdc060de633b183ede7bd8b2ce4.tar.gz | |
Update to only provide one way to get a default user
-calling build_user will now apply defaults and only override them if as: :admin is set
Change-Id: Id1d938c0967752ecc14370af54f2d88128d18c44
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/users.rb | 5 | ||||
| -rw-r--r-- | lib/gitlab/auth.rb | 66 |
2 files changed, 68 insertions, 3 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index 3b7ae9f01a1..00dc2311ffd 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -45,9 +45,8 @@ module API post do authenticated_as_admin! required_attributes! [:email, :password, :name, :username] - - attrs = User.defaults.merge(attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio]) - user = User.new attrs, as: :admin + attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio] + user = User.build_user(attrs, as: :admin) if user.save present user, with: Entities::User else diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 0f196297477..b1e40defc7f 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -13,6 +13,72 @@ module Gitlab end end + def find_for_ldap_auth(auth, signed_in_resource = nil) + uid = auth.info.uid + provider = auth.provider + email = auth.info.email.downcase unless auth.info.email.nil? + raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil? + + if @user = User.find_by_extern_uid_and_provider(uid, provider) + @user + elsif @user = User.find_by_email(email) + log.info "Updating legacy LDAP user #{email} with extern_uid => #{uid}" + @user.update_attributes(extern_uid: uid, provider: provider) + @user + else + create_from_omniauth(auth, true) + end + end + + def create_from_omniauth(auth, ldap = false) + provider = auth.provider + uid = auth.info.uid || auth.uid + uid = uid.to_s.force_encoding("utf-8") + name = auth.info.name.to_s.force_encoding("utf-8") + email = auth.info.email.to_s.downcase unless auth.info.email.nil? + + ldap_prefix = ldap ? '(LDAP) ' : '' + raise OmniAuth::Error, "#{ldap_prefix}#{provider} does not provide an email"\ + " address" if auth.info.email.blank? + + log.info "#{ldap_prefix}Creating user from #{provider} login"\ + " {uid => #{uid}, name => #{name}, email => #{email}}" + password = Devise.friendly_token[0, 8].downcase + @user = User.build_user({ + extern_uid: uid, + provider: provider, + name: name, + username: email.match(/^[^@]*/)[0], + email: email, + password: password, + password_confirmation: password, + }, as: :admin) + @user.save! + + if Gitlab.config.omniauth['block_auto_created_users'] && !ldap + @user.block + end + + @user + end + + def find_or_new_for_omniauth(auth) + provider, uid = auth.provider, auth.uid + email = auth.info.email.downcase unless auth.info.email.nil? + + if @user = User.find_by_provider_and_extern_uid(provider, uid) + @user + elsif @user = User.find_by_email(email) + @user.update_attributes(extern_uid: uid, provider: provider) + @user + else + if Gitlab.config.omniauth['allow_single_sign_on'] + @user = create_from_omniauth(auth) + @user + end + end + end + def log Gitlab::AppLogger end |