Skip to content

G
gitlab-foss

李少辉-开发者 / gitlab-foss

通知 15
Star 0
Fork 0
G
gitlab-foss

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
user.rb 2.1 KB
Newer Older
R
Move lib/gitlab/oauth to lib/gitlab/o_auth  
Robert Speicher 已提交
1 
require 'gitlab/o_auth/user'
D
Inherit Gitlab::LDAP::User from Gitlab::OAuth::User  
Dmitriy Zaporozhets 已提交
2
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
3 4 5 6 
# LDAP extension for User model
#
# * Find or create user from omniauth.auth data
# * Links LDAP account with existing user
D
Inherit Gitlab::LDAP::User from Gitlab::OAuth::User  
Dmitriy Zaporozhets 已提交
7 
# * Auth LDAP user with login and password
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
8 9 10 
#
module Gitlab
  module LDAP
D
Inherit Gitlab::LDAP::User from Gitlab::OAuth::User  
Dmitriy Zaporozhets 已提交
11 
    class User < Gitlab::OAuth::User
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
12 
      class << self
J
Refactor lib files for multiple LDAP groups  
Jan-Willem van der Meer 已提交
13 
        def find_by_uid_and_provider(uid, provider)
J
Fix searching by extern_uid for LDAP to be case-insensitive  
Jakub Jirutka 已提交
14 
          # LDAP distinguished name is case-insensitive
V
Multi-provider auth. LDAP is not reworked  
Valery Sizov 已提交
15 
          identity = ::Identity.
J
Remove special cases for the 'ldap' provider  
Jacob Vosmaer 已提交
16 
            where(provider: provider).
J
Refactor lib files for multiple LDAP groups  
Jan-Willem van der Meer 已提交
17 
            where('lower(extern_uid) = ?', uid.downcase).last
V
Multi-provider auth. LDAP is not reworked  
Valery Sizov 已提交
18 
          identity && identity.user
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
19 
        end
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
20 
      end
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
21
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
22 23 24 25 
      def initialize(auth_hash)
        super
        update_user_attributes
      end
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
26
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
27 28 29 30 
      # instance methods
      def gl_user
        @gl_user ||= find_by_uid_and_provider || find_by_email || build_new_user
      end
J
Test authenticate method for Gitlab::LDAP::User  
Jan-Willem van der Meer 已提交
31
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
32 
      def find_by_uid_and_provider
J
DRY find method to find Gitlab user  
Jan-Willem van der Meer 已提交
33 
        self.class.find_by_uid_and_provider(
J
Fix authorization for LDAP login  
Jan-Willem van der Meer 已提交
34 
          auth_hash.uid.downcase, auth_hash.provider)
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
35 36 37 
      end

      def find_by_email
V
Supporting for multiple omniauth provider for the same user  
Valery Sizov 已提交
38 
        ::User.find_by(email: auth_hash.email)
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
39 40 41 
      end

      def update_user_attributes
D
Non-persisted users already have the identity by way of build_new_user.  
Douwe Maan 已提交
42 43 
        return unless persisted?
D
Skip email confirmation when set by admin or via LDAP.  
Douwe Maan 已提交
44 
        gl_user.skip_reconfirmation!
V
Supporting for multiple omniauth provider for the same user  
Valery Sizov 已提交
45 
        gl_user.email = auth_hash.email
D
Improvements to LDAP::User model  
Dmitriy Zaporozhets 已提交
46
D
Minor refactor  
Douwe Maan 已提交
47 48 49 50 51 52 53 54 
        # find_or_initialize_by doesn't update `gl_user.identities`, and isn't autosaved.
        identity = gl_user.identities.find { |identity|  identity.provider == auth_hash.provider }
        identity ||= gl_user.identities.build(provider: auth_hash.provider)
        
        # For a new user set extern_uid to the LDAP DN
        # For an existing user with matching email but changed DN, update the DN.
        # For an existing user with no change in DN, this line changes nothing.
        identity.extern_uid = auth_hash.uid
D
Improvements to LDAP::User model  
Dmitriy Zaporozhets 已提交
55
V
Supporting for multiple omniauth provider for the same user  
Valery Sizov 已提交
56 
        gl_user
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
57 58 59 
      end

      def changed?
D
Improvements to LDAP::User model  
Dmitriy Zaporozhets 已提交
60 
        gl_user.changed? || gl_user.identities.any?(&:changed?)
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
61 
      end
J
Use instance methods of LDAP::User as well  
Jan-Willem van der Meer 已提交
62
D
Add config var to block auto-created LDAP users.  
Douwe Maan 已提交
63 64 
      def block_after_signup?
        ldap_config.block_auto_created_users
J
Use instance methods of LDAP::User as well  
Jan-Willem van der Meer 已提交
65 
      end
J
Refactor lib files for multiple LDAP groups  
Jan-Willem van der Meer 已提交
66 67 68 69 

      def allowed?
        Gitlab::LDAP::Access.allowed?(gl_user)
      end
D
Add config var to block auto-created LDAP users.  
Douwe Maan 已提交
70 71 72 73 

      def ldap_config
        Gitlab::LDAP::Config.new(auth_hash.provider)
      end
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
74 75 76 
    end
  end
end