diff options
Diffstat (limited to 'lib/gitlab/o_auth/user.rb')
-rw-r--r-- | lib/gitlab/o_auth/user.rb | 62 |
1 files changed, 58 insertions, 4 deletions
diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb index ba5caed6131..040d0ab34ff 100644 --- a/lib/gitlab/o_auth/user.rb +++ b/lib/gitlab/o_auth/user.rb @@ -46,6 +46,10 @@ module Gitlab def gl_user @user ||= find_by_uid_and_provider + if auto_link_ldap_user? + @user ||= find_or_create_ldap_user + end + if signup_enabled? @user ||= build_new_user end @@ -55,8 +59,52 @@ module Gitlab protected + def find_or_create_ldap_user + return unless ldap_person + #If a corresponding person exists with same uid in a LDAP server, + #set up a Gitlab user with dual LDAP and Omniauth identities. + if user = Gitlab::LDAP::User.find_by_uid_and_provider(ldap_person.dn.downcase, ldap_person.provider) + #case when a LDAP user already exists in Gitlab. Add the Omniauth identity to existing account. + user.identities.build(extern_uid: auth_hash.uid, provider: auth_hash.provider) + else + #no account in Gitlab yet: create it and add the LDAP identity + user = build_new_user + user.identities.new(provider: ldap_person.provider, extern_uid: ldap_person.dn) + end + user + end + + def auto_link_ldap_user? + Gitlab.config.omniauth.auto_link_ldap_user + end + + def creating_linked_ldap_user? + auto_link_ldap_user? && ldap_person + end + + def ldap_person + return @ldap_person if defined?(@ldap_person) + + #looks for a corresponding person with same uid in any of the configured LDAP providers + Gitlab::LDAP::Config.providers.each do |provider| + adapter = Gitlab::LDAP::Adapter.new(provider) + @ldap_person = Gitlab::LDAP::Person.find_by_uid(auth_hash.uid, adapter) + break if @ldap_person #exit on first person found + end + @ldap_person #may be nil if we could not find a match + end + + def ldap_config + ldap_person && Gitlab::LDAP::Config.new(ldap_person.provider) + end + def needs_blocking? - new? && block_after_signup? + return false unless new? + if creating_linked_ldap_user? + ldap_config.block_auto_created_users + else + block_after_signup? + end end def signup_enabled? @@ -84,10 +132,16 @@ module Gitlab end def user_attributes - { + # Give preference to LDAP for sensitive information when creating a linked account + username, email = if creating_linked_ldap_user? + [ ldap_person.username, ldap_person.email.first ] + else + [ auth_hash.username, auth_hash.email ] + end + return { name: auth_hash.name, - username: ::Namespace.clean_path(auth_hash.username), - email: auth_hash.email, + username: ::Namespace.clean_path(username), + email: email, password: auth_hash.password, password_confirmation: auth_hash.password, password_automatically_set: true |