Refactoring auth
This commit is contained in:
Dmitriy Zaporozhets
parent
621affecb5
commit
486de8c3f4
7 changed files with 91 additions and 69 deletions
32
Gemfile.lock
32
Gemfile.lock
|
|
@ -158,6 +158,8 @@ GEM
|
|||
factory_girl_rails (4.0.0)
|
||||
factory_girl (~> 4.0.0)
|
||||
railties (>= 3.0.0)
|
||||
faraday (0.8.4)
|
||||
multipart-post (~> 1.1)
|
||||
ffaker (1.14.0)
|
||||
ffi (1.0.11)
|
||||
foreman (0.47.0)
|
||||
|
|
@ -194,6 +196,7 @@ GEM
|
|||
httparty (0.8.3)
|
||||
multi_json (~> 1.0)
|
||||
multi_xml
|
||||
httpauth (0.1)
|
||||
i18n (0.6.1)
|
||||
journey (1.0.4)
|
||||
jquery-rails (2.0.2)
|
||||
|
|
@ -203,6 +206,8 @@ GEM
|
|||
jquery-rails
|
||||
railties (>= 3.1.0)
|
||||
json (1.7.5)
|
||||
jwt (0.1.5)
|
||||
multi_json (>= 1.0)
|
||||
kaminari (0.14.0)
|
||||
actionpack (>= 3.0.0)
|
||||
activesupport (>= 3.0.0)
|
||||
|
|
@ -225,12 +230,35 @@ GEM
|
|||
sprockets (~> 2.0)
|
||||
multi_json (1.3.6)
|
||||
multi_xml (0.5.1)
|
||||
multipart-post (1.1.5)
|
||||
mysql2 (0.3.11)
|
||||
net-ldap (0.2.2)
|
||||
nokogiri (1.5.3)
|
||||
oauth (0.4.7)
|
||||
oauth2 (0.8.0)
|
||||
faraday (~> 0.8)
|
||||
httpauth (~> 0.1)
|
||||
jwt (~> 0.1.4)
|
||||
multi_json (~> 1.0)
|
||||
rack (~> 1.2)
|
||||
omniauth (1.1.0)
|
||||
hashie (~> 1.2)
|
||||
rack
|
||||
omniauth-github (1.0.3)
|
||||
omniauth (~> 1.0)
|
||||
omniauth-oauth2 (~> 1.1)
|
||||
omniauth-google-oauth2 (0.1.13)
|
||||
omniauth (~> 1.0)
|
||||
omniauth-oauth2
|
||||
omniauth-oauth (1.0.1)
|
||||
oauth
|
||||
omniauth (~> 1.0)
|
||||
omniauth-oauth2 (1.1.0)
|
||||
oauth2 (~> 0.8.0)
|
||||
omniauth (~> 1.0)
|
||||
omniauth-twitter (0.0.13)
|
||||
multi_json (~> 1.3)
|
||||
omniauth-oauth (~> 1.0)
|
||||
orm_adapter (0.3.0)
|
||||
polyglot (0.3.3)
|
||||
posix-spawn (0.3.6)
|
||||
|
|
@ -420,7 +448,11 @@ DEPENDENCIES
|
|||
linguist (~> 1.0.0)!
|
||||
modernizr (= 2.5.3)
|
||||
mysql2
|
||||
omniauth
|
||||
omniauth-github
|
||||
omniauth-google-oauth2
|
||||
omniauth-ldap!
|
||||
omniauth-twitter
|
||||
pry
|
||||
pygments.rb!
|
||||
rack-mini-profiler
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
.auth_methods {
|
||||
&ul {
|
||||
ul {
|
||||
margin: 0;
|
||||
text-align:center;
|
||||
padding: 5px;
|
||||
&li {
|
||||
li {
|
||||
display: inline;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,32 +0,0 @@
|
|||
<% unless ldap_enable? -%>
|
||||
|
||||
<%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => { :class => "login-box" }) do |f| %>
|
||||
<%= image_tag "login-logo.png", :width => "304", :height => "66", :class => "login-logo", :alt => "Login Logo" %>
|
||||
|
||||
<%= f.text_field :email, :class => "text top", :placeholder => "Email" %>
|
||||
<%= f.password_field :password, :class => "text bottom", :placeholder => "Password" %>
|
||||
|
||||
<% if devise_mapping.rememberable? -%>
|
||||
<div class="clearfix inputs-list"> <label class="checkbox remember_me" for="user_remember_me"><%= f.check_box :remember_me %><span>Remember me</span></label></div>
|
||||
<% end -%>
|
||||
<br/>
|
||||
<%= f.submit "Sign in", :class => "primary btn" %>
|
||||
<div class="right"> <%= render :partial => "devise/shared/links" %></div>
|
||||
|
||||
<%- if devise_mapping.omniauthable? %>
|
||||
<hr/>
|
||||
<div class="auth_methods">
|
||||
<ul>
|
||||
<%- resource_class.omniauth_providers.each do |provider| %>
|
||||
<li><%= link_to authbutton(provider),
|
||||
omniauth_authorize_path(resource_name, provider) %></li>
|
||||
<% end -%>
|
||||
</ul>
|
||||
</div>
|
||||
<% end -%>
|
||||
|
||||
<% end %>
|
||||
|
||||
<% else %>
|
||||
<%= render :partial => 'devise/sessions/new_ldap' %>
|
||||
<% end %>
|
||||
|
|
@ -25,8 +25,38 @@ app:
|
|||
# backup_keep_time: 604800 # default: 0 (forever) (in seconds)
|
||||
# disable_gravatar: true # default: false - Disable user avatars from Gravatar.com
|
||||
|
||||
|
||||
|
||||
|
||||
#
|
||||
# 2. Advanced settings:
|
||||
# 2. Auth settings
|
||||
# ==========================
|
||||
ldap:
|
||||
enabled: false
|
||||
host: '_your_ldap_server'
|
||||
base: '_the_base_where_you_search_for_users'
|
||||
port: 636
|
||||
uid: 'sAMAccountName'
|
||||
method: 'ssl' # plain
|
||||
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
|
||||
password: '_the_password_of_the_bind_user'
|
||||
|
||||
omniauth:
|
||||
enabled: false
|
||||
allow_single_sign_on: false
|
||||
block_auto_created_users: true
|
||||
providers:
|
||||
# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
|
||||
# app_secret: 'YOUR APP SECRET',
|
||||
# args: { access_type: 'offline', approval_prompt: '' } }
|
||||
# - { name: 'twitter', app_id: 'YOUR APP ID',
|
||||
# app_secret: 'YOUR APP SECRET'}
|
||||
# - { name: 'github', app_id: 'YOUR APP ID',
|
||||
# app_secret: 'YOUR APP SECRET' }
|
||||
|
||||
|
||||
#
|
||||
# 3. Advanced settings:
|
||||
# ==========================
|
||||
|
||||
# Git Hosting configuration
|
||||
|
|
@ -50,21 +80,3 @@ git:
|
|||
git_max_size: 5242880 # 5.megabytes
|
||||
# Git timeout to read commit, in seconds
|
||||
git_timeout: 10
|
||||
|
||||
# Omniauth configuration
|
||||
omniauth:
|
||||
enabled: false
|
||||
providers:
|
||||
allow_single_sign_on: false
|
||||
block_auto_created_users: true
|
||||
|
||||
# omniauth:
|
||||
# enabled: true
|
||||
# providers:
|
||||
# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
|
||||
# app_secret: 'YOUR APP SECRET',
|
||||
# args: { access_type: 'offline', approval_prompt: '' } }
|
||||
# - { name: 'twitter', app_id: 'YOUR APP ID',
|
||||
# app_secret: 'YOUR APP SECRET'}
|
||||
# - { name: 'github', app_id: 'YOUR APP ID',
|
||||
# app_secret: 'YOUR APP SECRET' }
|
||||
|
|
|
|||
|
|
@ -120,8 +120,16 @@ class Settings < Settingslogic
|
|||
app['backup_keep_time'] || 0
|
||||
end
|
||||
|
||||
def ldap_enabled?
|
||||
ldap['enabled']
|
||||
rescue
|
||||
false
|
||||
end
|
||||
|
||||
def omniauth_enabled?
|
||||
omniauth['enabled'] || false
|
||||
omniauth && omniauth['enabled']
|
||||
rescue
|
||||
false
|
||||
end
|
||||
|
||||
def omniauth_providers
|
||||
|
|
|
|||
|
|
@ -204,4 +204,21 @@ Devise.setup do |config|
|
|||
# manager.intercept_401 = false
|
||||
# manager.default_strategies(:scope => :user).unshift :some_external_strategy
|
||||
# end
|
||||
|
||||
gl = Gitlab.config
|
||||
|
||||
if gl.ldap_enabled?
|
||||
config.omniauth :ldap,
|
||||
:host => gl.ldap['host'],
|
||||
:base => gl.ldap['base'],
|
||||
:uid => gl.ldap['uid'],
|
||||
:port => gl.ldap['port'],
|
||||
:method => gl.ldap['method'],
|
||||
:bind_dn => gl.ldap['bind_dn'],
|
||||
:password => gl.ldap['password']
|
||||
end
|
||||
|
||||
gl.omniauth_providers.each do |gl_provider|
|
||||
config.omniauth gl_provider['name'].to_sym, gl_provider['app_id'], gl_provider['app_secret']
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,15 +0,0 @@
|
|||
# Copy this file to 'omniauth.rb' and configure it as necessary.
|
||||
# The wiki has further details on configuring each provider.
|
||||
|
||||
Devise.setup do |config|
|
||||
# config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
|
||||
|
||||
# config.omniauth :ldap,
|
||||
# :host => 'YOUR_LDAP_SERVER',
|
||||
# :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
|
||||
# :uid => 'sAMAccountName',
|
||||
# :port => 389,
|
||||
# :method => :plain,
|
||||
# :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
|
||||
# :password => 'THE_PASSWORD_OF_THE_BIND_USER'
|
||||
end
|
||||
Loading…
Reference in a new issue