diff options
-rw-r--r-- | lib/gitlab/auth.rb | 19 | ||||
-rw-r--r-- | lib/gitlab/backend/grack_ldap.rb | 24 | ||||
-rw-r--r-- | lib/gitlab/ldap/user.rb | 25 |
3 files changed, 28 insertions, 40 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 5f4b6c22c2c..34e25bc9ccb 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -66,23 +66,12 @@ module Gitlab Gitlab::AppLogger end - def ldap_auth(login, password) - # Check user against LDAP backend if user is not authenticated - # Only check with valid login and password to prevent anonymous bind results - return nil unless ldap_conf.enabled && !login.blank? && !password.blank? - - ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf) - ldap_user = ldap.bind_as( - filter: Net::LDAP::Filter.eq(ldap.uid, login), - size: 1, - password: password - ) - - User.find_by_extern_uid_and_provider(ldap_user.dn, 'ldap') if ldap_user - end - def ldap_conf @ldap_conf ||= Gitlab.config.ldap end + + def ldap_auth(login, password) + Gitlab::LDAP::User.auth(login, password) + end end end diff --git a/lib/gitlab/backend/grack_ldap.rb b/lib/gitlab/backend/grack_ldap.rb deleted file mode 100644 index 45e98fbac1e..00000000000 --- a/lib/gitlab/backend/grack_ldap.rb +++ /dev/null @@ -1,24 +0,0 @@ -require 'omniauth-ldap' - -module Grack - module LDAP - def ldap_auth(login, password) - # Check user against LDAP backend if user is not authenticated - # Only check with valid login and password to prevent anonymous bind results - return nil unless ldap_conf.enabled && !login.blank? && !password.blank? - - ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf) - ldap_user = ldap.bind_as( - filter: Net::LDAP::Filter.eq(ldap.uid, login), - size: 1, - password: password - ) - - User.find_by_extern_uid_and_provider(ldap_user.dn, 'ldap') if ldap_user - end - - def ldap_conf - @ldap_conf ||= Gitlab.config.ldap - end - end -end diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb index a7a11e5a640..fe4a93f3fe7 100644 --- a/lib/gitlab/ldap/user.rb +++ b/lib/gitlab/ldap/user.rb @@ -9,7 +9,7 @@ module Gitlab class << self def find(uid, email) # Look for user with ldap provider and same uid - user = model.ldap.where(extern_uid: uid).last + user = find_by_uid(uid) return user if user # Look for user with same emails @@ -61,6 +61,25 @@ module Gitlab user end + def find_by_uid(uid) + model.ldap.where(extern_uid: uid).last + end + + def auth(login, password) + # Check user against LDAP backend if user is not authenticated + # Only check with valid login and password to prevent anonymous bind results + return nil unless ldap_conf.enabled && login.present? && password.present? + + ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf) + ldap_user = ldap.bind_as( + filter: Net::LDAP::Filter.eq(ldap.uid, login), + size: 1, + password: password + ) + + find_by_uid(ldap_user.dn) if ldap_user + end + private def uid(auth) @@ -86,6 +105,10 @@ module Gitlab def model ::User end + + def ldap_conf + Gitlab.config.ldap + end end end end |