From 1a168279fa3eb87c2061917707397af21e7b26ea Mon Sep 17 00:00:00 2001
From: Patricio Cano <suprnova32@gmail.com>
Date: Mon, 4 Apr 2016 19:09:12 -0500
Subject: [PATCH] Prepare SAML for group retrieval

---
 lib/gitlab/saml/auth_hash.rb | 17 ++++++++++++++
 lib/gitlab/saml/config.rb    | 22 ++++++++++++++++++
 lib/gitlab/saml/user.rb      | 43 ++++++++++++++++++++++++++++++++++--
 3 files changed, 80 insertions(+), 2 deletions(-)
 create mode 100644 lib/gitlab/saml/auth_hash.rb
 create mode 100644 lib/gitlab/saml/config.rb

diff --git a/lib/gitlab/saml/auth_hash.rb b/lib/gitlab/saml/auth_hash.rb
new file mode 100644
index 00000000000..5ffccc0e100
--- /dev/null
+++ b/lib/gitlab/saml/auth_hash.rb
@@ -0,0 +1,17 @@
+module Gitlab
+  module Saml
+    class AuthHash < Gitlab::OAuth::AuthHash
+
+      def groups
+        get_raw(Gitlab::Saml::Config.groups)
+      end
+
+      private
+
+      def get_raw(key)
+        auth_hash.extra[:raw_info][key]
+      end
+
+    end
+  end
+end
diff --git a/lib/gitlab/saml/config.rb b/lib/gitlab/saml/config.rb
new file mode 100644
index 00000000000..dade4c0fa6a
--- /dev/null
+++ b/lib/gitlab/saml/config.rb
@@ -0,0 +1,22 @@
+# Load a specific server configuration
+module Gitlab
+  module Saml
+    class Config
+
+      class << self
+        def options
+          Gitlab.config.omniauth.providers.find { |provider| provider.name == 'saml' }
+        end
+
+        def groups
+          options['groups_attribute']
+        end
+
+        def external_groups
+          options['external_groups']
+        end
+      end
+
+    end
+  end
+end
diff --git a/lib/gitlab/saml/user.rb b/lib/gitlab/saml/user.rb
index b1e30110ef5..14eda337d9a 100644
--- a/lib/gitlab/saml/user.rb
+++ b/lib/gitlab/saml/user.rb
@@ -7,6 +7,11 @@ module Gitlab
   module Saml
     class User < Gitlab::OAuth::User
 
+      def initialize(auth_hash)
+        super
+        update_user_attributes
+      end
+
       def save
         super('SAML')
       end
@@ -18,7 +23,7 @@ module Gitlab
           @user ||= find_or_create_ldap_user
         end
 
-        if auto_link_saml_enabled?
+        if auto_link_saml_user?
           @user ||= find_by_email
         end
 
@@ -37,11 +42,45 @@ module Gitlab
         end
       end
 
+      def changed?
+        gl_user.changed? || gl_user.identities.any?(&:changed?)
+      end
+
       protected
 
-      def auto_link_saml_enabled?
+      def build_new_user
+        user = super
+        if external_users_enabled?
+          unless (auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
+            user.external = true
+          end
+        end
+        user
+      end
+
+      def auto_link_saml_user?
         Gitlab.config.omniauth.auto_link_saml_user
       end
+
+      def external_users_enabled?
+        !Gitlab::Saml::Config.external_groups.nil?
+      end
+
+      def auth_hash=(auth_hash)
+        @auth_hash = Gitlab::Saml::AuthHash.new(auth_hash)
+      end
+
+      def update_user_attributes
+        if persisted?
+          if external_users_enabled?
+            if (auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
+              gl_user.external = false
+            else
+              gl_user.external = true
+            end
+          end
+        end
+      end
     end
   end
 end
-- 
GitLab