debian-mirror-gitlab/lib/gitlab/o_auth/user.rb

# OAuth extension for User model
#
# * Find GitLab user based on omniauth uid and provider
# * Create new user from omniauth data
#
module Gitlab
  module OAuth
    class SignupDisabledError < StandardError; end

    class User
      attr_accessor :auth_hash, :gl_user

      def initialize(auth_hash)
        self.auth_hash = auth_hash
      end

      def persisted?
        gl_user.try(:persisted?)
      end

      def new?
        !persisted?
      end

      def valid?
        gl_user.try(:valid?)
      end

      def save(provider = 'OAuth')
        unauthorized_to_create unless gl_user

        if needs_blocking?
          gl_user.save!
          gl_user.block
        else
          gl_user.save!
        end

        log.info "(#{provider}) saving user #{auth_hash.email} from login with extern_uid => #{auth_hash.uid}"
        gl_user
      rescue ActiveRecord::RecordInvalid => e
        log.info "(#{provider}) Error saving user: #{gl_user.errors.full_messages}"
        return self, e.record.errors
      end

      def gl_user
        @user ||= find_by_uid_and_provider

        if auto_link_ldap_user?
          @user ||= find_or_create_ldap_user
        end

        if signup_enabled?
          @user ||= build_new_user
        end

        @user
      end

      protected

      def find_or_create_ldap_user
        return unless ldap_person

        # If a corresponding person exists with same uid in a LDAP server,
        # set up a Gitlab user with dual LDAP and Omniauth identities.
        if user = Gitlab::LDAP::User.find_by_uid_and_provider(ldap_person.dn, ldap_person.provider)
          # Case when a LDAP user already exists in Gitlab. Add the Omniauth identity to existing account.
          user.identities.build(extern_uid: auth_hash.uid, provider: auth_hash.provider)
        else
          # No account in Gitlab yet: create it and add the LDAP identity
          user = build_new_user
          user.identities.new(provider: ldap_person.provider, extern_uid: ldap_person.dn)
        end

        user
      end

      def auto_link_ldap_user?
        Gitlab.config.omniauth.auto_link_ldap_user
      end

      def creating_linked_ldap_user?
        auto_link_ldap_user? && ldap_person
      end

      def ldap_person
        return @ldap_person if defined?(@ldap_person)

        # Look for a corresponding person with same uid in any of the configured LDAP providers
        Gitlab::LDAP::Config.providers.each do |provider|
          adapter = Gitlab::LDAP::Adapter.new(provider)
          @ldap_person = Gitlab::LDAP::Person.find_by_uid(auth_hash.uid, adapter)
          break if @ldap_person
        end
        @ldap_person
      end

      def ldap_config
        Gitlab::LDAP::Config.new(ldap_person.provider) if ldap_person
      end

      def needs_blocking?
        new? && block_after_signup?
      end

      def signup_enabled?
        providers = Gitlab.config.omniauth.allow_single_sign_on
        if providers.is_a?(Array)
          providers.include?(auth_hash.provider)
        else
          providers
        end
      end

      def block_after_signup?
        if creating_linked_ldap_user?
          ldap_config.block_auto_created_users
        else
          Gitlab.config.omniauth.block_auto_created_users
        end
      end

      def auth_hash=(auth_hash)
        @auth_hash = AuthHash.new(auth_hash)
      end

      def find_by_uid_and_provider
        identity = Identity.find_by(provider: auth_hash.provider, extern_uid: auth_hash.uid)
        identity && identity.user
      end

      def build_new_user
        user = ::User.new(user_attributes)
        user.skip_confirmation!
        user.identities.new(extern_uid: auth_hash.uid, provider: auth_hash.provider)
        user
      end

      def user_attributes
        # Give preference to LDAP for sensitive information when creating a linked account
        if creating_linked_ldap_user?
          username = ldap_person.username.presence
          email = ldap_person.email.first.presence
        end

        username ||= auth_hash.username
        email ||= auth_hash.email

        name = auth_hash.name
        name = ::Namespace.clean_path(username) if name.strip.empty?

        {
          name:                       name,
          username:                   ::Namespace.clean_path(username),
          email:                      email,
          password:                   auth_hash.password,
          password_confirmation:      auth_hash.password,
          password_automatically_set: true
        }
      end

      def log
        Gitlab::AppLogger
      end

      def unauthorized_to_create
        raise SignupDisabledError
      end
    end
  end
end
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`# OAuth extension for User model`
			`#`
			`# * Find GitLab user based on omniauth uid and provider`
			`# * Create new user from omniauth data`
			`#`
			`module Gitlab`
			`module OAuth`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`class SignupDisabledError < StandardError; end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
			`class User`
			`attr_accessor :auth_hash, :gl_user`

			`def initialize(auth_hash)`
			`self.auth_hash = auth_hash`
			`end`

			`def persisted?`
			`gl_user.try(:persisted?)`
			`end`

			`def new?`
			`!persisted?`
			`end`

			`def valid?`
			`gl_user.try(:valid?)`
			`end`

Imported Upstream version 8.5.8+dfsg 2016-04-02 18:10:28 +05:30			`def save(provider = 'OAuth')`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`unauthorized_to_create unless gl_user`

			`if needs_blocking?`
			`gl_user.save!`
			`gl_user.block`
			`else`
			`gl_user.save!`
			`end`

Imported Upstream version 8.5.8+dfsg 2016-04-02 18:10:28 +05:30			`log.info "(#{provider}) saving user #{auth_hash.email} from login with extern_uid => #{auth_hash.uid}"`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`gl_user`
			`rescue ActiveRecord::RecordInvalid => e`
Imported Upstream version 8.5.8+dfsg 2016-04-02 18:10:28 +05:30			`log.info "(#{provider}) Error saving user: #{gl_user.errors.full_messages}"`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`return self, e.record.errors`
			`end`

			`def gl_user`
			`@user \|\|= find_by_uid_and_provider`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`if auto_link_ldap_user?`
			`@user \|\|= find_or_create_ldap_user`
			`end`

Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`if signup_enabled?`
			`@user \|\|= build_new_user`
			`end`

			`@user`
			`end`

			`protected`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`def find_or_create_ldap_user`
			`return unless ldap_person`

			`# If a corresponding person exists with same uid in a LDAP server,`
			`# set up a Gitlab user with dual LDAP and Omniauth identities.`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`if user = Gitlab::LDAP::User.find_by_uid_and_provider(ldap_person.dn, ldap_person.provider)`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`# Case when a LDAP user already exists in Gitlab. Add the Omniauth identity to existing account.`
			`user.identities.build(extern_uid: auth_hash.uid, provider: auth_hash.provider)`
			`else`
			`# No account in Gitlab yet: create it and add the LDAP identity`
			`user = build_new_user`
			`user.identities.new(provider: ldap_person.provider, extern_uid: ldap_person.dn)`
			`end`

			`user`
			`end`

			`def auto_link_ldap_user?`
			`Gitlab.config.omniauth.auto_link_ldap_user`
			`end`

			`def creating_linked_ldap_user?`
			`auto_link_ldap_user? && ldap_person`
			`end`

			`def ldap_person`
			`return @ldap_person if defined?(@ldap_person)`

			`# Look for a corresponding person with same uid in any of the configured LDAP providers`
			`Gitlab::LDAP::Config.providers.each do \|provider\|`
			`adapter = Gitlab::LDAP::Adapter.new(provider)`
			`@ldap_person = Gitlab::LDAP::Person.find_by_uid(auth_hash.uid, adapter)`
			`break if @ldap_person`
			`end`
			`@ldap_person`
			`end`

			`def ldap_config`
			`Gitlab::LDAP::Config.new(ldap_person.provider) if ldap_person`
			`end`

Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`def needs_blocking?`
			`new? && block_after_signup?`
			`end`

			`def signup_enabled?`
Imported Upstream version 8.5.8+dfsg 2016-04-02 18:10:28 +05:30			`providers = Gitlab.config.omniauth.allow_single_sign_on`
			`if providers.is_a?(Array)`
			`providers.include?(auth_hash.provider)`
			`else`
			`providers`
			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`

			`def block_after_signup?`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`if creating_linked_ldap_user?`
			`ldap_config.block_auto_created_users`
Imported Upstream version 8.4.0+dfsg 2016-01-29 22:53:50 +05:30			`else`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`Gitlab.config.omniauth.block_auto_created_users`
			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`

			`def auth_hash=(auth_hash)`
			`@auth_hash = AuthHash.new(auth_hash)`
			`end`

			`def find_by_uid_and_provider`
			`identity = Identity.find_by(provider: auth_hash.provider, extern_uid: auth_hash.uid)`
			`identity && identity.user`
			`end`

			`def build_new_user`
			`user = ::User.new(user_attributes)`
			`user.skip_confirmation!`
			`user.identities.new(extern_uid: auth_hash.uid, provider: auth_hash.provider)`
			`user`
			`end`

			`def user_attributes`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`# Give preference to LDAP for sensitive information when creating a linked account`
			`if creating_linked_ldap_user?`
Imported Upstream version 8.4.0+dfsg 2016-01-29 22:53:50 +05:30			`username = ldap_person.username.presence`
			`email = ldap_person.email.first.presence`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`
Imported Upstream version 8.4.0+dfsg~rc2 2016-01-19 16:12:03 +05:30
Imported Upstream version 8.4.0+dfsg 2016-01-29 22:53:50 +05:30			`username \|\|= auth_hash.username`
			`email \|\|= auth_hash.email`

Imported Upstream version 8.4.0+dfsg~rc2 2016-01-19 16:12:03 +05:30			`name = auth_hash.name`
			`name = ::Namespace.clean_path(username) if name.strip.empty?`
Imported Upstream version 8.4.0+dfsg 2016-01-29 22:53:50 +05:30
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`{`
Imported Upstream version 8.4.0+dfsg~rc2 2016-01-19 16:12:03 +05:30			`name: name,`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`username: ::Namespace.clean_path(username),`
			`email: email,`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`password: auth_hash.password,`
			`password_confirmation: auth_hash.password,`
			`password_automatically_set: true`
			`}`
			`end`

			`def log`
			`Gitlab::AppLogger`
			`end`

			`def unauthorized_to_create`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`raise SignupDisabledError`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`
			`end`
			`end`
			`end`