deac/gitlabhq
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge branch 'better_ldap' of https://github.com/jirutka/gitlabhq into jirutka-better_ldap

Browse source 
Conflicts:
	app/models/user.rb
This commit is contained in:
randx 2012-08-21 08:39:23 +03:00
parent b2b88b2ff2 335b3ed197
commit 366c0065c4
4 changed files with 36 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/omniauth_callbacks_controller.rb
View file

@ -12,8 +12,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def ldap def ldap
# We only find ourselves here if the authentication to LDAP was successful. # We only find ourselves here if the authentication to LDAP was successful.
info = request.env["omniauth.auth"]["info"] @user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user)
@user = User.find_for_ldap_auth(info)
if @user.persisted? if @user.persisted?
@user.remember_me = true @user.remember_me = true
end end

34
app/models/user.rb
View file

@ -7,7 +7,7 @@ class User < ActiveRecord::Base
attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, attr_accessible :email, :password, :password_confirmation, :remember_me, :bio,
:name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme, :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme,
:theme_id, :force_random_password :theme_id, :force_random_password, :extern_uid, :provider
attr_accessor :force_random_password attr_accessor :force_random_password
@ -54,6 +54,8 @@ class User < ActiveRecord::Base
validates :bio, length: { within: 0..255 } validates :bio, length: { within: 0..255 }
validates :extern_uid, :allow_blank => true, :uniqueness => {:scope => :provider}
before_save :ensure_authentication_token before_save :ensure_authentication_token
alias_attribute :private_token, :authentication_token alias_attribute :private_token, :authentication_token
@ -84,21 +86,31 @@ class User < ActiveRecord::Base
where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)')
end end
def self.find_for_ldap_auth(omniauth_info) def self.find_for_ldap_auth(auth, signed_in_resource=nil)
name = omniauth_info.name.force_encoding("utf-8") uid = auth.info.uid
email = omniauth_info.email.downcase unless omniauth_info.email.nil? provider = auth.provider
raise OmniAuth::Error, "LDAP accounts must provide an email address" if email.nil? name = auth.info.name.force_encoding("utf-8")
email = auth.info.email.downcase unless auth.info.email.nil?
raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil?
if @user = User.find_by_email(email) if @user = User.find_by_extern_uid_and_provider(uid, provider)
@user
# workaround for backward compatibility
elsif @user = User.find_by_email(email)
logger.info "Updating legacy LDAP user #{email} with extern_uid => #{uid}"
@user.update_attributes(:extern_uid => uid, :provider => provider)
@user @user
else else
logger.info "Creating user from LDAP login {uid => #{uid}, name => #{name}, email => #{email}}"
password = Devise.friendly_token[0, 8].downcase password = Devise.friendly_token[0, 8].downcase
@user = User.create( @user = User.create(
name: name, :extern_uid => uid,
email: email, :provider => provider,
password: password, :name => name,
password_confirmation: password, :email => email,
projects_limit: Gitlab.config.default_projects_limit :password => password,
:password_confirmation => password,
:projects_limit => Gitlab.config.default_projects_limit
) )
end end
end end

8
db/migrate/20120729131232_add_extern_auth_provider_to_users.rb Normal file
View file

@ -0,0 +1,8 @@
class AddExternAuthProviderToUsers < ActiveRecord::Migration
def change
add_column :users, :extern_uid, :string
add_column :users, :provider, :string
add_index :users, [:extern_uid, :provider], :unique => true
end
end

5
db/schema.rb
View file

@ -11,7 +11,7 @@
# #
# It's strongly recommended to check this file into your version control system. # It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20120712080407) do ActiveRecord::Schema.define(:version => 20120729131232) do
create_table "events", :force => true do |t| create_table "events", :force => true do |t|
t.string "target_type" t.string "target_type"
@ -171,9 +171,12 @@ ActiveRecord::Schema.define(:version => 20120712080407) do
t.boolean "blocked", :default => false, :null => false t.boolean "blocked", :default => false, :null => false
t.integer "failed_attempts", :default => 0 t.integer "failed_attempts", :default => 0
t.datetime "locked_at" t.datetime "locked_at"
t.string "extern_uid"
t.string "provider"
end end
add_index "users", ["email"], :name => "index_users_on_email", :unique => true add_index "users", ["email"], :name => "index_users_on_email", :unique => true
add_index "users", ["extern_uid", "provider"], :name => "index_users_on_extern_uid_and_provider", :unique => true
add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true
create_table "users_projects", :force => true do |t| create_table "users_projects", :force => true do |t|