lib/gitlab/saml/user.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

# SAML extension for User model
#
# * Find GitLab user based on SAML uid and provider
# * Create new user from SAML data
#
module Gitlab
  module Saml
    class User < Gitlab::OAuth::User
      extend ::Gitlab::Utils::Override

      def save
        super('SAML')
      end

      def find_user
        user = find_by_uid_and_provider

        user ||= find_by_email if auto_link_saml_user?
        user ||= find_or_build_ldap_user if auto_link_ldap_user?
        user ||= build_new_user if signup_enabled?

        if external_users_enabled? && user
          # Check if there is overlap between the user's groups and the external groups
          # setting then set user as external or internal.
          user.external = !(auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
        end

        user
      end

      def changed?
        return true unless gl_user

        gl_user.changed? || gl_user.identities.any?(&:changed?)
      end

      override :omniauth_should_save?
      def omniauth_should_save?
        changed?
      end

      protected

      def auto_link_saml_user?
        Gitlab.config.omniauth.auto_link_saml_user
      end

      def external_users_enabled?
        !Gitlab::Saml::Config.external_groups.nil?
      end

      def auth_hash=(auth_hash)
        @auth_hash = Gitlab::Saml::AuthHash.new(auth_hash)
      end
    end
  end
end