Signed-off-by: NDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

verification for #1677

Since testing omniauth_callback_controller.rb is very difficult, the logic
is moved to the models

Because devise will trigger a save, allowing unsaved users to login, behaviour had changed.
The current implementation returns a pre-build user, which can be saved without errors.

Reported in #1677

These changes are ported from EE to CE. Apply changes for app directory

Merge branch 'master' into non-interactive-aws-install

Conflicts:
	doc/installation.md

Fix merge mess in installation.md

If a user fails to provide a username or password to the LDAP login
form then a 500 error is returned due to an exception being raised
in omniauth-ldap. This gem has been amended to use the omniauth
error propagation function (fail!) to pass this exception message to
the registered omniauth failure handler so that the Rails application
can handle it approriately.

The failure function now knows about standard exceptions and no longer
requires a specific check for the OmniAuth::Error exception added by
commit f322975c.

This resolves issue #1077.
Signed-off-by: NPat Thoyts <patthoyts@users.sourceforge.net>

Gitlab requires an email address for all user accounts as this is the
default account id and is used for sending notifications. LDAP accounts
may be missing email fields so handle this by showing a sensible error
message before redirecting to the login screen again.

Resolves github issue #899
Signed-off-by: NPat Thoyts <patthoyts@users.sourceforge.net>

This helps with compatibility with more LDAP providers as the implementation
doesn't depend on the exact names of the LDAP fields. The LDAP strategy
helps maps the attributes to the fields in the info object and we use the
info object to get the email and name.

This makes the LDAP auth compatible with most OpenLDAP servers as well.