blob: d652e19217dd6835a11c49384945ae363d0b84ff (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
require 'gitlab/o_auth/user'
# LDAP extension for User model
#
# * Find or create user from omniauth.auth data
# * Links LDAP account with existing user
# * Auth LDAP user with login and password
#
module Gitlab
module LDAP
class User < Gitlab::OAuth::User
class << self
def find_by_uid_and_provider(uid, provider)
# LDAP distinguished name is case-insensitive
identity = ::Identity.
where(provider: provider).
where('lower(extern_uid) = ?', uid.downcase).last
identity && identity.user
end
end
def initialize(auth_hash)
super
update_user_attributes
end
# instance methods
def gl_user
@gl_user ||= find_by_uid_and_provider || find_by_email || build_new_user
end
def find_by_uid_and_provider
self.class.find_by_uid_and_provider(
auth_hash.uid.downcase, auth_hash.provider)
end
def find_by_email
::User.find_by(email: auth_hash.email)
end
def update_user_attributes
return unless persisted?
gl_user.skip_reconfirmation!
gl_user.email = auth_hash.email
# Build new identity only if we dont have have same one
gl_user.identities.find_or_initialize_by(provider: auth_hash.provider,
extern_uid: auth_hash.uid)
gl_user
end
def changed?
gl_user.changed? || gl_user.identities.any?(&:changed?)
end
def needs_blocking?
false
end
def allowed?
Gitlab::LDAP::Access.allowed?(gl_user)
end
end
end
end
|