diff options
| -rw-r--r-- | config/gitlab.yml.example | 15 | ||||
| -rw-r--r-- | lib/gitlab/ldap/auth_hash.rb | 40 | ||||
| -rw-r--r-- | lib/gitlab/ldap/user.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/o_auth/auth_hash.rb | 24 | ||||
| -rw-r--r-- | spec/lib/gitlab/o_auth/auth_hash_spec.rb | 6 | ||||
| -rw-r--r-- | spec/lib/gitlab/o_auth/user_spec.rb | 2 | 
6 files changed, 76 insertions, 15 deletions
| diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index 9eb99dae456..cb697fad7ab 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -144,6 +144,21 @@ production: &base          bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'          password: '_the_password_of_the_bind_user' +        # LDAP attributes that GitLab will use to create an account for the LDAP user. +        # Can be either the name of an attribute as a string (e.g. 'mail'), +        # or an array of names of attributes to try in order (e.g. ['mail', 'email']). +        # The default values are listed. +        attributes: +          # username: ['uid', 'userid', 'sAMAccountName'] +          # name:     'cn' # Also falls back to a combination of first_name and last_name, see below +          # email:    ['mail', 'email', 'userPrincipalName'] + +          # If no full name could be found at the attribute specified for `name`, +          # the full name is determined as `<first_name> <last_name>`, using the  +          # attributes specified below. +          # first_name: 'givenName' +          # last_name:  'sn' +                    # This setting specifies if LDAP server is Active Directory LDAP server.          # For non AD servers it skips the AD specific queries.          # If your LDAP server is not AD, set this to false. diff --git a/lib/gitlab/ldap/auth_hash.rb b/lib/gitlab/ldap/auth_hash.rb new file mode 100644 index 00000000000..caca7bb3b57 --- /dev/null +++ b/lib/gitlab/ldap/auth_hash.rb @@ -0,0 +1,40 @@ +# Class to parse and transform the info provided by omniauth +# +module Gitlab +  module LDAP +    class AuthHash < Gitlab::OAuth::AuthHash +      attr_accessor :config + +      def initialize(auth_hash, config) +        super(auth_hash) +        @config = config +      end + +      private + +      def get_info(key) +        raw_key = config.attributes[key] +        return super unless raw_key + +        value = +          case raw_key +          when String +            get_raw(raw_key) +          when Array +            raw_key.inject(nil) { |value, key| value || get_raw(key).presence } +          else +            nil +          end +         +        return super unless value + +        Gitlab::Utils.force_utf8(value) +        value +      end + +      def get_raw(key) +        auth_hash.extra[:raw_info][key] +      end +    end +  end +end diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb index 04a22237478..e568b0e3b31 100644 --- a/lib/gitlab/ldap/user.rb +++ b/lib/gitlab/ldap/user.rb @@ -71,6 +71,10 @@ module Gitlab        def ldap_config          Gitlab::LDAP::Config.new(auth_hash.provider)        end + +      def auth_hash=(auth_hash) +        @auth_hash = Gitlab::LDAP::AuthHash.new(auth_hash, ldap_config) +      end      end    end  end diff --git a/lib/gitlab/o_auth/auth_hash.rb b/lib/gitlab/o_auth/auth_hash.rb index 9b8e783d16c..76fbe698c74 100644 --- a/lib/gitlab/o_auth/auth_hash.rb +++ b/lib/gitlab/o_auth/auth_hash.rb @@ -16,16 +16,6 @@ module Gitlab          @provider ||= Gitlab::Utils.force_utf8(auth_hash.provider.to_s)        end -      def info -        auth_hash.info -      end - -      def get_info(key) -        value = info.try(key) -        Gitlab::Utils.force_utf8(value) if value -        value -      end -        def name          @name ||= get_info(:name) || "#{get_info(:first_name)} #{get_info(:last_name)}"        end @@ -44,9 +34,21 @@ module Gitlab        private +      def info +        auth_hash.info +      end + +      def get_info(key) +        key = :nickname if key == :username + +        value = info[key] +        Gitlab::Utils.force_utf8(value) if value +        value +      end +        def username_and_email          @username_and_email ||= begin -          username  = get_info(:nickname) || get_info(:username) +          username  = get_info(:username)            email     = get_info(:email)            username ||= generate_username(email)             if email diff --git a/spec/lib/gitlab/o_auth/auth_hash_spec.rb b/spec/lib/gitlab/o_auth/auth_hash_spec.rb index e4a6cd954cc..5632f2306ec 100644 --- a/spec/lib/gitlab/o_auth/auth_hash_spec.rb +++ b/spec/lib/gitlab/o_auth/auth_hash_spec.rb @@ -3,11 +3,11 @@ require 'spec_helper'  describe Gitlab::OAuth::AuthHash do    let(:auth_hash) do      Gitlab::OAuth::AuthHash.new( -      double({ +      OmniAuth::AuthHash.new(          provider: provider_ascii,          uid: uid_ascii, -        info: double(info_hash) -      }) +        info: info_hash +      )      )    end diff --git a/spec/lib/gitlab/o_auth/user_spec.rb b/spec/lib/gitlab/o_auth/user_spec.rb index c6cca98a037..c0083fc85be 100644 --- a/spec/lib/gitlab/o_auth/user_spec.rb +++ b/spec/lib/gitlab/o_auth/user_spec.rb @@ -5,7 +5,7 @@ describe Gitlab::OAuth::User do    let(:gl_user) { oauth_user.gl_user }    let(:uid) { 'my-uid' }    let(:provider) { 'my-provider' } -  let(:auth_hash) { double(uid: uid, provider: provider, info: double(info_hash)) } +  let(:auth_hash) { OmniAuth::AuthHash.new(uid: uid, provider: provider, info: info_hash) }    let(:info_hash) do      {        nickname: '-john+gitlab-ETC%.git@gmail.com', | 
