diff options
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/assets/stylesheets/ci/projects.scss | 51 | ||||
| -rw-r--r-- | app/helpers/application_helper.rb | 2 | ||||
| -rw-r--r-- | app/helpers/auth_helper.rb | 2 | ||||
| -rw-r--r-- | app/helpers/groups_helper.rb | 2 | ||||
| -rw-r--r-- | app/views/ci/projects/_project.html.haml | 2 | ||||
| -rw-r--r-- | app/views/ci/projects/gitlab.html.haml | 22 | ||||
| -rw-r--r-- | app/views/ci/projects/index.html.haml | 2 | ||||
| -rw-r--r-- | config/gitlab.yml.example | 22 | ||||
| -rw-r--r-- | config/initializers/1_settings.rb | 1 | ||||
| -rw-r--r-- | doc/integration/ldap.md | 20 | ||||
| -rw-r--r-- | lib/gitlab/ldap/auth_hash.rb | 35 | ||||
| -rw-r--r-- | lib/gitlab/ldap/config.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/ldap/user.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/o_auth/auth_hash.rb | 22 | ||||
| -rw-r--r-- | spec/lib/gitlab/ldap/auth_hash_spec.rb | 65 | ||||
| -rw-r--r-- | spec/lib/gitlab/ldap/user_spec.rb | 2 | ||||
| -rw-r--r-- | spec/lib/gitlab/o_auth/auth_hash_spec.rb | 6 | ||||
| -rw-r--r-- | spec/lib/gitlab/o_auth/user_spec.rb | 2 |
19 files changed, 226 insertions, 41 deletions
diff --git a/CHANGELOG b/CHANGELOG index 71238630d31..ee70789babc 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -56,6 +56,7 @@ v 7.14.3 v 7.14.2 - Upgrade gitlab_git to 7.2.15 to fix `git blame` errors with ISO-encoded files (Stan Hu) + - Allow configuration of LDAP attributes GitLab will use for the new user account. v 7.14.1 - Improve abuse reports management from admin area diff --git a/app/assets/stylesheets/ci/projects.scss b/app/assets/stylesheets/ci/projects.scss index b246fb9e07d..e5d69360c2c 100644 --- a/app/assets/stylesheets/ci/projects.scss +++ b/app/assets/stylesheets/ci/projects.scss @@ -6,19 +6,54 @@ line-height: 1.5; } - .builds { - @extend .table; - - .build { - &.alert{ - margin-bottom: 6px; - } - } + .wide-table-holder { + margin-left: -$gl-padding; + margin-right: -$gl-padding; } + .builds, .projects-table { + .alert-success { + background-color: #6fc995; + border-color: #5bba83; + } + + .alert-danger { + background-color: #eb897f; + border-color: #d4776e; + } + + .alert-info { + background-color: #3498db; + border-color: #2e8ece; + } + + .alert-warning { + background-color: #EB974E; + border-color: #E87E04; + } + + .alert-disabled { + background: $background-color; + border-color: $border-color; + } + + .light { + border-color: $border-color; + } + + th, td { + padding: 10px $gl-padding; + } + td { vertical-align: middle !important; + border-color: inherit !important; + + a { + font-weight: normal; + text-decoration: none; + } } } diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index c3da54fd554..b049bd9fcc2 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -82,7 +82,7 @@ module ApplicationHelper end def default_avatar - image_path('no_avatar.png') + 'no_avatar.png' end def last_commit(project) diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb index d9502181c4f..ce7e9b1db87 100644 --- a/app/helpers/auth_helper.rb +++ b/app/helpers/auth_helper.rb @@ -40,7 +40,7 @@ module AuthHelper if provider_has_icon?(provider) file_name = "#{provider.to_s.split('_').first}_#{size}.png" - image_tag(image_path("auth_buttons/#{file_name}"), alt: label, title: "Sign in with #{label}") + image_tag("auth_buttons/#{file_name}", alt: label, title: "Sign in with #{label}") else label end diff --git a/app/helpers/groups_helper.rb b/app/helpers/groups_helper.rb index 82eebf4245b..5e70de23f29 100644 --- a/app/helpers/groups_helper.rb +++ b/app/helpers/groups_helper.rb @@ -27,7 +27,7 @@ module GroupsHelper if group && group.avatar.present? group.avatar.url else - image_path('no_group_avatar.png') + 'no_group_avatar.png' end end diff --git a/app/views/ci/projects/_project.html.haml b/app/views/ci/projects/_project.html.haml index b3ad47ce432..e4a811119e1 100644 --- a/app/views/ci/projects/_project.html.haml +++ b/app/views/ci/projects/_project.html.haml @@ -2,7 +2,7 @@ %tr.alert{class: commit_status_alert_class(last_commit) } %td = link_to [:ci, project] do - %strong= project.name + = project.name %td - if last_commit #{last_commit.status} (#{commit_link(last_commit)}) diff --git a/app/views/ci/projects/gitlab.html.haml b/app/views/ci/projects/gitlab.html.haml index f57dfcb0790..2101aa932a4 100644 --- a/app/views/ci/projects/gitlab.html.haml +++ b/app/views/ci/projects/gitlab.html.haml @@ -1,22 +1,22 @@ - if @offset == 0 - .clearfix.light + .gray-content-block.clearfix.light.second-block .pull-left.fetch-status - if params[:search].present? by keyword: "#{params[:search]}", #{@total_count} projects, #{@projects.size} of them added to CI - %br - %table.table.projects-table.content-list - %thead - %tr - %th Project Name - %th Last commit - %th Access - %th Commits + .wide-table-holder + %table.table.projects-table.content-list + %thead + %tr + %th Project Name + %th Last commit + %th Access + %th Commits - = render @projects + = render @projects - = render "gl_projects" + = render "gl_projects" %p.text-center.hide.loading %i.fa.fa-refresh.fa-spin diff --git a/app/views/ci/projects/index.html.haml b/app/views/ci/projects/index.html.haml index 085a70811ae..60ab29a66cf 100644 --- a/app/views/ci/projects/index.html.haml +++ b/app/views/ci/projects/index.html.haml @@ -1,7 +1,7 @@ - if current_user .gray-content-block.top-block = render "search" - .projects.prepend-top-default + .projects %p.fetch-status.light %i.fa.fa-refresh.fa-spin :coffeescript diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index b2bd8796004..0005d44e0f2 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -159,7 +159,7 @@ production: &base method: 'plain' # "tls" or "ssl" or "plain" bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' password: '_the_password_of_the_bind_user' - + # This setting specifies if LDAP server is Active Directory LDAP server. # For non AD servers it skips the AD specific queries. # If your LDAP server is not AD, set this to false. @@ -196,6 +196,26 @@ production: &base # user_filter: '' + # LDAP attributes that GitLab will use to create an account for the LDAP user. + # The specified attribute can either be the attribute name as a string (e.g. 'mail'), + # or an array of attribute names to try in order (e.g. ['mail', 'email']). + # Note that the user's LDAP login will always be the attribute specified as `uid` above. + attributes: + # The username will be used in paths for the user's own projects + # (like `gitlab.example.com/username/project`) and when mentioning + # them in issues, merge request and comments (like `@username`). + # If the attribute specified for `username` contains an email address, + # the GitLab username will be the part of the email address before the '@'. + username: ['uid', 'userid', 'sAMAccountName'] + email: ['mail', 'email', 'userPrincipalName'] + + # If no full name could be found at the attribute specified for `name`, + # the full name is determined using the attributes specified for + # `first_name` and `last_name`. + name: 'cn' + first_name: 'givenName' + last_name: 'sn' + # GitLab EE only: add more LDAP servers # Choose an ID made of a-z and 0-9 . This ID will be stored in the database # so that GitLab can remember which LDAP server a user belongs to. diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 339419559d1..fe81ffd4205 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -109,6 +109,7 @@ if Settings.ldap['enabled'] || Rails.env.test? server['block_auto_created_users'] = false if server['block_auto_created_users'].nil? server['allow_username_or_email_login'] = false if server['allow_username_or_email_login'].nil? server['active_directory'] = true if server['active_directory'].nil? + server['attributes'] = {} if server['attributes'].nil? server['provider_name'] ||= "ldap#{key}".downcase server['provider_class'] = OmniAuth::Utils.camelize(server['provider_name']) end diff --git a/doc/integration/ldap.md b/doc/integration/ldap.md index 904d5d7fee2..3bc5df21ef4 100644 --- a/doc/integration/ldap.md +++ b/doc/integration/ldap.md @@ -78,6 +78,26 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server # user_filter: '' + # LDAP attributes that GitLab will use to create an account for the LDAP user. + # The specified attribute can either be the attribute name as a string (e.g. 'mail'), + # or an array of attribute names to try in order (e.g. ['mail', 'email']). + # Note that the user's LDAP login will always be the attribute specified as `uid` above. + attributes: + # The username will be used in paths for the user's own projects + # (like `gitlab.example.com/username/project`) and when mentioning + # them in issues, merge request and comments (like `@username`). + # If the attribute specified for `username` contains an email address, + # the GitLab username will be the part of the email address before the '@'. + username: ['uid', 'userid', 'sAMAccountName'] + email: ['mail', 'email', 'userPrincipalName'] + + # If no full name could be found at the attribute specified for `name`, + # the full name is determined using the attributes specified for + # `first_name` and `last_name`. + name: 'cn' + first_name: 'givenName' + last_name: 'sn' + # GitLab EE only: add more LDAP servers # Choose an ID made of a-z and 0-9 . This ID will be stored in the database # so that GitLab can remember which LDAP server a user belongs to. diff --git a/lib/gitlab/ldap/auth_hash.rb b/lib/gitlab/ldap/auth_hash.rb new file mode 100644 index 00000000000..55deeeacd90 --- /dev/null +++ b/lib/gitlab/ldap/auth_hash.rb @@ -0,0 +1,35 @@ +# Class to parse and transform the info provided by omniauth +# +module Gitlab + module LDAP + class AuthHash < Gitlab::OAuth::AuthHash + private + + def get_info(key) + attributes = ldap_config.attributes[key] + return super unless attributes + + attributes = Array(attributes) + + value = nil + attributes.each do |attribute| + value = get_raw(attribute) + break if value.present? + end + + return super unless value + + Gitlab::Utils.force_utf8(value) + value + end + + def get_raw(key) + auth_hash.extra[:raw_info][key] + end + + def ldap_config + @ldap_config ||= Gitlab::LDAP::Config.new(self.provider) + end + end + end +end diff --git a/lib/gitlab/ldap/config.rb b/lib/gitlab/ldap/config.rb index d2ffa2e1fe8..101a3285f4b 100644 --- a/lib/gitlab/ldap/config.rb +++ b/lib/gitlab/ldap/config.rb @@ -84,6 +84,10 @@ module Gitlab options['block_auto_created_users'] end + def attributes + options['attributes'] + end + protected def base_config Gitlab.config.ldap diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb index 04a22237478..cb66fd500fe 100644 --- a/lib/gitlab/ldap/user.rb +++ b/lib/gitlab/ldap/user.rb @@ -71,6 +71,10 @@ module Gitlab def ldap_config Gitlab::LDAP::Config.new(auth_hash.provider) end + + def auth_hash=(auth_hash) + @auth_hash = Gitlab::LDAP::AuthHash.new(auth_hash) + end end end end diff --git a/lib/gitlab/o_auth/auth_hash.rb b/lib/gitlab/o_auth/auth_hash.rb index 9b8e783d16c..d94b104bbf8 100644 --- a/lib/gitlab/o_auth/auth_hash.rb +++ b/lib/gitlab/o_auth/auth_hash.rb @@ -16,16 +16,6 @@ module Gitlab @provider ||= Gitlab::Utils.force_utf8(auth_hash.provider.to_s) end - def info - auth_hash.info - end - - def get_info(key) - value = info.try(key) - Gitlab::Utils.force_utf8(value) if value - value - end - def name @name ||= get_info(:name) || "#{get_info(:first_name)} #{get_info(:last_name)}" end @@ -44,9 +34,19 @@ module Gitlab private + def info + auth_hash.info + end + + def get_info(key) + value = info[key] + Gitlab::Utils.force_utf8(value) if value + value + end + def username_and_email @username_and_email ||= begin - username = get_info(:nickname) || get_info(:username) + username = get_info(:username) || get_info(:nickname) email = get_info(:email) username ||= generate_username(email) if email diff --git a/spec/lib/gitlab/ldap/auth_hash_spec.rb b/spec/lib/gitlab/ldap/auth_hash_spec.rb new file mode 100644 index 00000000000..18c7924fea1 --- /dev/null +++ b/spec/lib/gitlab/ldap/auth_hash_spec.rb @@ -0,0 +1,65 @@ +require 'spec_helper' + +describe Gitlab::LDAP::AuthHash do + let(:auth_hash) do + Gitlab::LDAP::AuthHash.new( + OmniAuth::AuthHash.new( + uid: '123456', + provider: 'ldapmain', + info: info, + extra: { + raw_info: raw_info + } + ) + ) + end + + let(:info) do + { + name: 'Smith, J.', + email: 'johnsmith@example.com', + nickname: '123456' + } + end + + let(:raw_info) do + { + uid: '123456', + email: 'johnsmith@example.com', + cn: 'Smith, J.', + fullName: 'John Smith' + } + end + + context "without overridden attributes" do + + it "has the correct username" do + expect(auth_hash.username).to eq("123456") + end + + it "has the correct name" do + expect(auth_hash.name).to eq("Smith, J.") + end + end + + context "with overridden attributes" do + let(:attributes) do + { + username: ['mail', 'email'], + name: 'fullName' + } + end + + before do + allow_any_instance_of(Gitlab::LDAP::Config).to receive(:attributes).and_return(attributes) + end + + it "has the correct username" do + expect(auth_hash.username).to eq("johnsmith@example.com") + end + + it "has the correct name" do + expect(auth_hash.name).to eq("John Smith") + end + end +end diff --git a/spec/lib/gitlab/ldap/user_spec.rb b/spec/lib/gitlab/ldap/user_spec.rb index 84d9fb54b61..fd2e5f6d0e1 100644 --- a/spec/lib/gitlab/ldap/user_spec.rb +++ b/spec/lib/gitlab/ldap/user_spec.rb @@ -11,7 +11,7 @@ describe Gitlab::LDAP::User do } end let(:auth_hash) do - double(uid: 'my-uid', provider: 'ldapmain', info: double(info)) + OmniAuth::AuthHash.new(uid: 'my-uid', provider: 'ldapmain', info: info) end describe :changed? do diff --git a/spec/lib/gitlab/o_auth/auth_hash_spec.rb b/spec/lib/gitlab/o_auth/auth_hash_spec.rb index e4a6cd954cc..5632f2306ec 100644 --- a/spec/lib/gitlab/o_auth/auth_hash_spec.rb +++ b/spec/lib/gitlab/o_auth/auth_hash_spec.rb @@ -3,11 +3,11 @@ require 'spec_helper' describe Gitlab::OAuth::AuthHash do let(:auth_hash) do Gitlab::OAuth::AuthHash.new( - double({ + OmniAuth::AuthHash.new( provider: provider_ascii, uid: uid_ascii, - info: double(info_hash) - }) + info: info_hash + ) ) end diff --git a/spec/lib/gitlab/o_auth/user_spec.rb b/spec/lib/gitlab/o_auth/user_spec.rb index c6cca98a037..c0083fc85be 100644 --- a/spec/lib/gitlab/o_auth/user_spec.rb +++ b/spec/lib/gitlab/o_auth/user_spec.rb @@ -5,7 +5,7 @@ describe Gitlab::OAuth::User do let(:gl_user) { oauth_user.gl_user } let(:uid) { 'my-uid' } let(:provider) { 'my-provider' } - let(:auth_hash) { double(uid: uid, provider: provider, info: double(info_hash)) } + let(:auth_hash) { OmniAuth::AuthHash.new(uid: uid, provider: provider, info: info_hash) } let(:info_hash) do { nickname: '-john+gitlab-ETC%.git@gmail.com', |