diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index fb759c37..5bad6093 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -15,8 +15,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController def ldap # We only find ourselves here if the authentication to LDAP was successful. - info = request.env["omniauth.auth"]["info"] - @user = User.find_for_ldap_auth(info) + @user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user) if @user.persisted? @user.remember_me = true end diff --git a/app/models/user.rb b/app/models/user.rb index ff27660a..f5ea70d5 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -7,7 +7,7 @@ class User < ActiveRecord::Base attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme, - :theme_id, :force_random_password + :theme_id, :force_random_password, :extern_uid, :provider attr_accessor :force_random_password @@ -54,6 +54,8 @@ class User < ActiveRecord::Base validates :bio, :length => { :within => 0..255 } + validates :extern_uid, :allow_blank => true, :uniqueness => {:scope => :provider} + before_save :ensure_authentication_token alias_attribute :private_token, :authentication_token @@ -84,16 +86,21 @@ class User < ActiveRecord::Base where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') end - def self.find_for_ldap_auth(omniauth_info) - name = omniauth_info.name.force_encoding("utf-8") - email = omniauth_info.email.downcase unless omniauth_info.email.nil? - raise OmniAuth::Error, "LDAP accounts must provide an email address" if email.nil? + def self.find_for_ldap_auth(auth, signed_in_resource=nil) + uid = auth.info.uid + provider = auth.provider + name = auth.info.name.force_encoding("utf-8") + email = auth.info.email.downcase unless auth.info.email.nil? + raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? and email.nil? - if @user = User.find_by_email(email) + if @user = User.find_by_extern_uid_and_provider(uid, provider) @user else + logger.info "Creating user from LDAP login; uid = #{uid}, name = #{name}, email = #{email}" password = Devise.friendly_token[0, 8].downcase @user = User.create( + :extern_uid => uid, + :provider => provider, :name => name, :email => email, :password => password, diff --git a/db/migrate/20120729131232_add_extern_auth_provider_to_users.rb b/db/migrate/20120729131232_add_extern_auth_provider_to_users.rb new file mode 100644 index 00000000..d5e66ba4 --- /dev/null +++ b/db/migrate/20120729131232_add_extern_auth_provider_to_users.rb @@ -0,0 +1,8 @@ +class AddExternAuthProviderToUsers < ActiveRecord::Migration + def change + add_column :users, :extern_uid, :string + add_column :users, :provider, :string + + add_index :users, [:extern_uid, :provider], :unique => true + end +end diff --git a/db/schema.rb b/db/schema.rb index c4c54f56..46461e44 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20120712080407) do +ActiveRecord::Schema.define(:version => 20120729131232) do create_table "events", :force => true do |t| t.string "target_type" @@ -171,9 +171,12 @@ ActiveRecord::Schema.define(:version => 20120712080407) do t.boolean "blocked", :default => false, :null => false t.integer "failed_attempts", :default => 0 t.datetime "locked_at" + t.string "extern_uid" + t.string "provider" end add_index "users", ["email"], :name => "index_users_on_email", :unique => true + add_index "users", ["extern_uid", "provider"], :name => "index_users_on_extern_uid_and_provider", :unique => true add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true create_table "users_projects", :force => true do |t|