summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/api/files.rb50
-rw-r--r--lib/gitlab/o_auth/user.rb63
2 files changed, 86 insertions, 27 deletions
diff --git a/lib/api/files.rb b/lib/api/files.rb
index e0ea6d7dd1d..c7b30cf2f07 100644
--- a/lib/api/files.rb
+++ b/lib/api/files.rb
@@ -3,6 +3,26 @@ module API
class Files < Grape::API
before { authenticate! }
+ helpers do
+ def commit_params(attrs)
+ {
+ file_path: attrs[:file_path],
+ current_branch: attrs[:branch_name],
+ target_branch: attrs[:branch_name],
+ commit_message: attrs[:commit_message],
+ file_content: attrs[:content],
+ file_content_encoding: attrs[:encoding]
+ }
+ end
+
+ def commit_response(attrs)
+ {
+ file_path: attrs[:file_path],
+ branch_name: attrs[:branch_name],
+ }
+ end
+ end
+
resource :projects do
# Get file from repository
# File content is Base64 encoded
@@ -73,17 +93,11 @@ module API
required_attributes! [:file_path, :branch_name, :content, :commit_message]
attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding]
- branch_name = attrs.delete(:branch_name)
- file_path = attrs.delete(:file_path)
- result = ::Files::CreateService.new(user_project, current_user, attrs, branch_name, file_path).execute
+ result = ::Files::CreateService.new(user_project, current_user, commit_params(attrs)).execute
if result[:status] == :success
status(201)
-
- {
- file_path: file_path,
- branch_name: branch_name
- }
+ commit_response(attrs)
else
render_api_error!(result[:message], 400)
end
@@ -105,17 +119,11 @@ module API
required_attributes! [:file_path, :branch_name, :content, :commit_message]
attrs = attributes_for_keys [:file_path, :branch_name, :content, :commit_message, :encoding]
- branch_name = attrs.delete(:branch_name)
- file_path = attrs.delete(:file_path)
- result = ::Files::UpdateService.new(user_project, current_user, attrs, branch_name, file_path).execute
+ result = ::Files::UpdateService.new(user_project, current_user, commit_params(attrs)).execute
if result[:status] == :success
status(200)
-
- {
- file_path: file_path,
- branch_name: branch_name
- }
+ commit_response(attrs)
else
http_status = result[:http_status] || 400
render_api_error!(result[:message], http_status)
@@ -138,17 +146,11 @@ module API
required_attributes! [:file_path, :branch_name, :commit_message]
attrs = attributes_for_keys [:file_path, :branch_name, :commit_message]
- branch_name = attrs.delete(:branch_name)
- file_path = attrs.delete(:file_path)
- result = ::Files::DeleteService.new(user_project, current_user, attrs, branch_name, file_path).execute
+ result = ::Files::DeleteService.new(user_project, current_user, commit_params(attrs)).execute
if result[:status] == :success
status(200)
-
- {
- file_path: file_path,
- branch_name: branch_name
- }
+ commit_response(attrs)
else
render_api_error!(result[:message], 400)
end
diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb
index ba5caed6131..c4971b5bcc6 100644
--- a/lib/gitlab/o_auth/user.rb
+++ b/lib/gitlab/o_auth/user.rb
@@ -46,6 +46,10 @@ module Gitlab
def gl_user
@user ||= find_by_uid_and_provider
+ if auto_link_ldap_user?
+ @user ||= find_or_create_ldap_user
+ end
+
if signup_enabled?
@user ||= build_new_user
end
@@ -55,6 +59,46 @@ module Gitlab
protected
+ def find_or_create_ldap_user
+ return unless ldap_person
+
+ # If a corresponding person exists with same uid in a LDAP server,
+ # set up a Gitlab user with dual LDAP and Omniauth identities.
+ if user = Gitlab::LDAP::User.find_by_uid_and_provider(ldap_person.dn.downcase, ldap_person.provider)
+ # Case when a LDAP user already exists in Gitlab. Add the Omniauth identity to existing account.
+ user.identities.build(extern_uid: auth_hash.uid, provider: auth_hash.provider)
+ else
+ # No account in Gitlab yet: create it and add the LDAP identity
+ user = build_new_user
+ user.identities.new(provider: ldap_person.provider, extern_uid: ldap_person.dn)
+ end
+
+ user
+ end
+
+ def auto_link_ldap_user?
+ Gitlab.config.omniauth.auto_link_ldap_user
+ end
+
+ def creating_linked_ldap_user?
+ auto_link_ldap_user? && ldap_person
+ end
+
+ def ldap_person
+ return @ldap_person if defined?(@ldap_person)
+
+ # looks for a corresponding person with same uid in any of the configured LDAP providers
+ @ldap_person = Gitlab::LDAP::Config.providers.find do |provider|
+ adapter = Gitlab::LDAP::Adapter.new(provider)
+
+ Gitlab::LDAP::Person.find_by_uid(auth_hash.uid, adapter)
+ end
+ end
+
+ def ldap_config
+ Gitlab::LDAP::Config.new(ldap_person.provider) if ldap_person
+ end
+
def needs_blocking?
new? && block_after_signup?
end
@@ -64,7 +108,11 @@ module Gitlab
end
def block_after_signup?
- Gitlab.config.omniauth.block_auto_created_users
+ if creating_linked_ldap_user?
+ ldap_config.block_auto_created_users
+ else
+ Gitlab.config.omniauth.block_auto_created_users
+ end
end
def auth_hash=(auth_hash)
@@ -84,10 +132,19 @@ module Gitlab
end
def user_attributes
+ # Give preference to LDAP for sensitive information when creating a linked account
+ if creating_linked_ldap_user?
+ username = ldap_person.username
+ email = ldap_person.email.first
+ else
+ username = auth_hash.username
+ email = auth_hash.email
+ end
+
{
name: auth_hash.name,
- username: ::Namespace.clean_path(auth_hash.username),
- email: auth_hash.email,
+ username: ::Namespace.clean_path(username),
+ email: email,
password: auth_hash.password,
password_confirmation: auth_hash.password,
password_automatically_set: true