Crowd integration

3700e5a9 · Valery Sizov · 6f19e879 · 3700e5a9 · 3700e5a9 · 3700e5a9
11 changed file
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -34,6 +34,7 @@ v 8.0.0 (unreleased)
  - Added Drone CI integration (Kirill Zaitsev)
  - Refactored service API and added automatically service docs generator (Kirill Zaitsev) 
  - Added web_url key project hook_attrs (Kirill Zaitsev)
+  - Add support for Crowd

 v 7.14.1
  - Improve abuse reports management from admin area

--- a/Gemfile
+++ b/Gemfile
@@ -25,6 +25,7 @@ gem 'omniauth-kerberos', group: :kerberos
 gem 'omniauth-gitlab'
 gem 'omniauth-bitbucket'
 gem 'omniauth-saml', '~> 1.4.0'
+gem 'omniauth_crowd'
 gem 'doorkeeper', '2.1.3'
 gem "rack-oauth2", "~> 1.0.5"


--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -434,6 +434,10 @@ GEM
    omniauth-twitter (1.0.1)
      multi_json (~> 1.3)
      omniauth-oauth (~> 1.0)
+    omniauth_crowd (2.2.3)
+      activesupport
+      nokogiri (>= 1.4.4)
+      omniauth (~> 1.0)
    opennebula (4.12.1)
      json
      nokogiri
@@ -821,6 +825,7 @@ DEPENDENCIES
  omniauth-saml (~> 1.4.0)
  omniauth-shibboleth
  omniauth-twitter
+  omniauth_crowd
  org-ruby (= 0.9.12)
  pg
  poltergeist (~> 1.6.0)

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -8,6 +8,8 @@ class SessionsController < Devise::SessionsController
  def new
    if Gitlab.config.ldap.enabled
      @ldap_servers = Gitlab::LDAP::Config.servers
+    else
+      @ldap_servers = []
    end

    super

--- a/app/helpers/auth_helper.rb
+++ b/app/helpers/auth_helper.rb
 module AuthHelper
  PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2).freeze
-  FORM_BASED_PROVIDERS = [/\Aldap/, 'kerberos'].freeze
+  FORM_BASED_PROVIDERS = [/\Aldap/, 'kerberos', 'crowd'].freeze

  def ldap_enabled?
    Gitlab.config.ldap.enabled
@@ -26,6 +26,10 @@ module AuthHelper
    auth_providers.select { |provider| form_based_provider?(provider) }
  end

+  def crowd_enabled?
+    auth_providers.include? :crowd
+  end
+
  def button_based_providers
    auth_providers.reject { |provider| form_based_provider?(provider) }
  end

--- a/app/views/devise/sessions/_new_crowd.html.haml
+++ b/app/views/devise/sessions/_new_crowd.html.haml
+= form_tag(user_omniauth_authorize_path("crowd"), id: 'new_crowd_user' ) do
+  = text_field_tag :username, nil, {class: "form-control top", placeholder: "Username", autofocus: "autofocus"}
+  = password_field_tag :password, nil, {class: "form-control bottom", placeholder: "Password"}
+  - if devise_mapping.rememberable?
+    .remember-me.checkbox
+      %label{for: "remember_me"}
+        = check_box_tag :remember_me, '1', false, id: 'remember_me'
+        %span Remember me
+  = button_tag "Sign in", class: "btn-save btn"
\ No newline at end of file
--- a/app/views/devise/shared/_signin_box.html.haml
+++ b/app/views/devise/shared/_signin_box.html.haml
@@ -8,15 +8,21 @@
  .login-body
    - if form_based_providers.any?
      %ul.nav.nav-tabs
+        - if crowd_enabled?
+          %li.active
+            = link_to "Crowd", "#tab-crowd", 'data-toggle' => 'tab'
        - @ldap_servers.each_with_index do |server, i|
-          %li{class: (:active if i.zero?)}
+          %li{class: (:active if i.zero? && !crowd_enabled?)}
            = link_to server['label'], "#tab-#{server['provider_name']}", 'data-toggle' => 'tab'
        - if signin_enabled?
          %li
            = link_to 'Standard', '#tab-signin', 'data-toggle' => 'tab'
      .tab-content
+        - if crowd_enabled?
+          %div.tab-pane.active{id: "tab-crowd"}
+            = render 'devise/sessions/new_crowd'
        - @ldap_servers.each_with_index do |server, i|
-          %div.tab-pane{id: "tab-#{server['provider_name']}", class: (:active if i.zero?)}
+          %div.tab-pane{id: "tab-#{server['provider_name']}", class: (:active if i.zero? && !crowd_enabled?)}
            = render 'devise/sessions/new_ldap', server: server
        - if signin_enabled?
          %div#tab-signin.tab-pane

--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -246,6 +246,11 @@ production: &base
      #             issuer: 'https://gitlab.example.com',
      #             name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
      #           } }
+      # - { name: 'crowd',
+      #     args: {
+      #       crowd_server_url: 'CROWD SERVER URL',
+      #       application_name: 'YOUR_APP_NAME',
+      #       application_password: 'YOUR_APP_PASSWORD' } }




--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -238,7 +238,7 @@ Devise.setup do |config|
      provider_arguments.concat provider['args']
    when Hash
      # A Hash from the configuration will be passed as is.
-      provider_arguments << provider['args']
+      provider_arguments << provider['args'].symbolize_keys
    end

    config.omniauth provider['name'].to_sym, *provider_arguments

--- a/doc/integration/crowd.md
+++ b/doc/integration/crowd.md
+# Crowd OmniAuth Provider
+
+To enable the Crowd OmniAuth provider you must register your application with Crowd. To configure Crowd integration you need an application name and password.  
+
+1.  On your GitLab server, open the configuration file.
+
+    For omnibus package:
+
+    ```sh
+      sudo editor /etc/gitlab/gitlab.rb
+    ```
+
+    For instalations from source:
+
+    ```sh
+      cd /home/git/gitlab
+
+      sudo -u git -H editor config/gitlab.yml
+    ```
+
+1.  See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings.
+
+1.  Add the provider configuration:
+
+    For omnibus package:
+
+    ```ruby
+      gitlab_rails['omniauth_providers'] = [
+        {
+          "name" => "crowd",
+          "args" => { 
+            "crowd_server_url" => "CROWD",
+            "application_name" => "YOUR_APP_NAME",
+            "application_password" => "YOUR_APP_PASSWORD"
+          }
+        }
+      ]
+    ```
+
+    For installations from source:
+
+    ```
+       - { name: 'crowd',
+           args: {
+             crowd_server_url: 'CROWD SERVER URL',
+             application_name: 'YOUR_APP_NAME',
+             application_password: 'YOUR_APP_PASSWORD' } }
+    ```
+
+1.  Change 'YOUR_APP_NAME' to the application name from Crowd applications page.
+
+1.  Change 'YOUR_APP_PASSWORD' to the application password you've set.
+
+1.  Save the configuration file.
+
+1.  Restart GitLab for the changes to take effect.
+
+On the sign in page there should now be a Crowd tab in the sign in form.
\ No newline at end of file
--- a/doc/integration/omniauth.md
+++ b/doc/integration/omniauth.md
@@ -76,6 +76,7 @@ Now we can choose one or more of the Supported Providers below to continue confi
 - [Shibboleth](shibboleth.md)
 - [Twitter](twitter.md)
 - [SAML](saml.md)
+- [Crowd](crowd.md)

 ## Enable OmniAuth for an Existing User