LDAP BASE IMPLEMENRTATION

Gemfile

@@ -28,6 +28,7 @@ gem "resque"
 gem "httparty"
 gem "charlock_holmes"
 gem "foreman"
+gem "omniauth-ldap"
 
 group :assets do
   gem "sass-rails",   "~> 3.1.0"

Gemfile.lock

@@ -115,6 +115,7 @@ GEM
       haml (~> 3.0)
       railties (~> 3.0)
     hashery (1.4.0)
+    hashie (1.2.0)
     hike (1.2.1)
     httparty (0.8.1)
       multi_json
@@ -141,12 +142,22 @@ GEM
     mime-types (1.17.2)
     multi_json (1.0.3)
     multi_xml (0.4.1)
+    net-ldap (0.2.2)
     nokogiri (1.5.0)
+    omniauth (1.0.2)
+      hashie (~> 1.2)
+      rack
+    omniauth-ldap (1.0.2)
+      net-ldap (~> 0.2.2)
+      omniauth (~> 1.0)
+      pyu-ruby-sasl (~> 0.0.3.1)
+      rubyntlm (~> 0.1.1)
     orm_adapter (0.0.5)
     polyglot (0.3.3)
     posix-spawn (0.3.6)
     pygments.rb (0.2.4)
       rubypython (~> 0.5.3)
+    pyu-ruby-sasl (0.0.3.3)
     rack (1.3.5)
     rack-cache (1.1)
       rack (>= 0.4)
@@ -210,6 +221,7 @@ GEM
       ruby-debug-base19 (>= 0.11.19)
     ruby_core_source (0.1.5)
       archive-tar-minitar (>= 0.5.2)
+    rubyntlm (0.1.1)
     rubypython (0.5.3)
       blankslate (>= 2.1.2.3)
       ffi (~> 1.0.7)
@@ -306,6 +318,7 @@ DEPENDENCIES
   kaminari
   launchy
   letter_opener
+  omniauth-ldap
   pygments.rb (= 0.2.4)
   rails (= 3.1.1)
   rails-footnotes (~> 3.7.5)

app/assets/javascripts/users/omniauth_callbacks.js.coffee

@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/

app/assets/stylesheets/users/omniauth_callbacks.css.scss

@@ -0,0 +1,3 @@
+// Place all the styles related to the Users::OmniauthCallbacks controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/

app/controllers/users/omniauth_callbacks_controller.rb

@@ -0,0 +1,22 @@
+class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+ 
+  def ldap
+    # We only find ourselves here if the authentication to LDAP was successful.
+    ldap = request.env["omniauth.auth"]["extra"]["raw_info"]
+    username = ldap.sAMAccountName[0].to_s
+    email = ldap.proxyaddresses[0][5..-1].to_s
+ 
+    if @user = User.find_by_email(email)
+        sign_in_and_redirect root_path
+    else
+      password = User.generate_random_password
+        @user = User.create(:name => username,
+                            :email => email,
+                            :password => password,
+                            :password_confirmation => password
+                           )
+        sign_in_and_redirect @user
+    end
+  end
+
+end

app/helpers/users/omniauth_callbacks_helper.rb

@@ -0,0 +1,2 @@
+module Users::OmniauthCallbacksHelper
+end

app/models/user.rb

@@ -2,7 +2,7 @@ class User < ActiveRecord::Base
   # Include default devise modules. Others available are:
   # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
   devise :database_authenticatable, :token_authenticatable,
-         :recoverable, :rememberable, :trackable, :validatable
+         :recoverable, :rememberable, :trackable, :validatable, :omniauthable
 
   # Setup accessible (or protected) attributes for your model
   attr_accessible :email, :password, :password_confirmation, :remember_me,
@@ -62,6 +62,10 @@ class User < ActiveRecord::Base
   def last_activity_project
     projects.first
   end
+
+  def self.generate_random_password
+    (0...8).map{ ('a'..'z').to_a[rand(26)] }.join
+  end 
 end
 # == Schema Information
 #

app/views/devise/sessions/new.html.erb

@@ -9,4 +9,5 @@
   <br/>
   <%= f.submit "Sign in", :class => "grey-button" %>
   <div class="right"> <%= render :partial => "devise/shared/links" %></div>
+  <%= user_omniauth_authorize_path(:ldap)%>
 <% end %>

config/initializers/devise.rb

@@ -199,6 +199,15 @@ Devise.setup do |config|
   # up on your models and hooks.
   # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
 
+  #config.omniauth :ldap, 
+  #    :host => 'YOUR_LDAP_SERVER',
+  #    :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
+  #    :uid => 'sAMAccountName',
+  #    :port => 389,
+  #    :method => :plain,
+  #    :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
+  #    :password => 'THE_PASSWORD_OF_THE_BIND_USER'
+
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
   # change the failure app, you can configure them inside the config.warden block.

config/routes.rb

@@ -39,7 +39,7 @@ Gitlab::Application.routes.draw do
   resources :projects, :constraints => { :id => /[^\/]+/ }, :only => [:new, :create, :index]
   resources :keys
 
-  devise_for :users
+  devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
 
   resources :projects, :constraints => { :id => /[^\/]+/ }, :except => [:new, :create, :index], :path => "/" do
     member do

spec/controllers/users/omniauth_callbacks_controller_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe Users::OmniauthCallbacksController do
+
+end

spec/helpers/users/omniauth_callbacks_helper_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+# Specs in this file have access to a helper object that includes
+# the Users::OmniauthCallbacksHelper. For example:
+#
+# describe Users::OmniauthCallbacksHelper do
+#   describe "string concat" do
+#     it "concats two strings with spaces" do
+#       helper.concat_strings("this","that").should == "this that"
+#     end
+#   end
+# end
+describe Users::OmniauthCallbacksHelper do
+  pending "add some examples to (or delete) #{__FILE__}"
+end