blob: 6f7d4825ae540d4b4dd9a20a720415f2086f8517 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
# SAML extension for User model
#
# * Find GitLab user based on SAML uid and provider
# * Create new user from SAML data
#
module Gitlab
module Saml
class User < Gitlab::OAuth::User
def save
super('SAML')
end
def gl_user
if auto_link_ldap_user?
@user ||= find_or_create_ldap_user
end
@user ||= find_by_uid_and_provider
if auto_link_saml_user?
@user ||= find_by_email
end
if signup_enabled?
@user ||= build_new_user
end
if external_users_enabled? && @user
# Check if there is overlap between the user's groups and the external groups
# setting then set user as external or internal.
if (auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
@user.external = false
else
@user.external = true
end
end
@user
end
def find_by_email
if auth_hash.has_email?
user = ::User.find_by(email: auth_hash.email.downcase)
user.identities.new(extern_uid: auth_hash.uid, provider: auth_hash.provider) if user
user
end
end
def changed?
return true unless gl_user
gl_user.changed? || gl_user.identities.any?(&:changed?)
end
protected
def auto_link_saml_user?
Gitlab.config.omniauth.auto_link_saml_user
end
def external_users_enabled?
!Gitlab::Saml::Config.external_groups.nil?
end
def find_or_create_ldap_user
return unless ldap_person
# If a corresponding person exists with same uid in a LDAP server,
# check if the user already has a GitLab account
user = Gitlab::LDAP::User.find_by_uid_and_provider(ldap_person.dn, ldap_person.provider)
if user
# Case when a LDAP user already exists in Gitlab. Add the SAML identity to existing account.
user.identities.build(extern_uid: auth_hash.uid, provider: auth_hash.provider)
else
# No account found using LDAP in Gitlab yet: check if there is a SAML account with
# the passed uid and provider
user = find_by_uid_and_provider
if user.nil?
# No SAML account found, build a new user.
user = build_new_user
end
# Correct account is present, add the LDAP Identity to the user.
user.identities.new(provider: ldap_person.provider, extern_uid: ldap_person.dn)
end
user
end
def auth_hash=(auth_hash)
@auth_hash = Gitlab::Saml::AuthHash.new(auth_hash)
end
end
end
end
|