debian-mirror-gitlab/app/helpers/auth_helper.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

219 lines
5.8 KiB
Ruby
Raw Normal View History

2018-12-05 23:21:45 +05:30
# frozen_string_literal: true
2015-09-11 14:41:01 +05:30
module AuthHelper
2021-04-17 20:07:23 +05:30
PROVIDERS_WITH_ICONS = %w(
2022-06-21 17:19:12 +05:30
alicloud
2021-04-17 20:07:23 +05:30
atlassian_oauth2
2022-03-02 08:16:31 +05:30
auth0
2021-04-17 20:07:23 +05:30
azure_activedirectory_v2
azure_oauth2
bitbucket
facebook
2021-12-11 22:18:48 +05:30
dingtalk
2021-04-17 20:07:23 +05:30
github
gitlab
google_oauth2
2022-03-02 08:16:31 +05:30
jwt
2021-04-17 20:07:23 +05:30
openid_connect
salesforce
twitter
).freeze
2019-07-31 22:56:46 +05:30
LDAP_PROVIDER = /\Aldap/.freeze
2021-06-08 01:23:25 +05:30
POPULAR_PROVIDERS = %w(google_oauth2 github).freeze
2015-09-11 14:41:01 +05:30
def ldap_enabled?
2020-04-08 14:13:33 +05:30
Gitlab::Auth::Ldap::Config.enabled?
2015-09-11 14:41:01 +05:30
end
2019-12-26 22:10:19 +05:30
def ldap_sign_in_enabled?
2020-04-08 14:13:33 +05:30
Gitlab::Auth::Ldap::Config.sign_in_enabled?
2019-12-26 22:10:19 +05:30
end
2016-04-02 18:10:28 +05:30
def omniauth_enabled?
2018-11-18 11:00:15 +05:30
Gitlab::Auth.omniauth_enabled?
2016-04-02 18:10:28 +05:30
end
2020-04-08 14:13:33 +05:30
def provider_has_custom_icon?(name)
icon_for_provider(name.to_s)
end
def provider_has_builtin_icon?(name)
2015-09-11 14:41:01 +05:30
PROVIDERS_WITH_ICONS.include?(name.to_s)
end
2020-04-08 14:13:33 +05:30
def provider_has_icon?(name)
provider_has_builtin_icon?(name) || provider_has_custom_icon?(name)
end
2019-03-02 22:35:43 +05:30
def qa_class_for_provider(provider)
{
2020-04-22 19:07:51 +05:30
saml: 'qa-saml-login-button'
2019-03-02 22:35:43 +05:30
}[provider.to_sym]
end
2015-09-11 14:41:01 +05:30
def auth_providers
2018-03-27 19:54:05 +05:30
Gitlab::Auth::OAuth::Provider.providers
2015-09-11 14:41:01 +05:30
end
def label_for_provider(name)
2018-03-27 19:54:05 +05:30
Gitlab::Auth::OAuth::Provider.label_for(name)
2015-09-11 14:41:01 +05:30
end
2020-04-08 14:13:33 +05:30
def icon_for_provider(name)
Gitlab::Auth::OAuth::Provider.icon_for(name)
end
2019-02-15 15:39:39 +05:30
def form_based_provider_priority
['crowd', /^ldap/, 'kerberos']
end
def form_based_provider_with_highest_priority
2023-03-04 22:38:38 +05:30
@form_based_provider_with_highest_priority ||= form_based_provider_priority.each do |provider_regexp|
highest_priority = form_based_providers.find { |provider| provider.match?(provider_regexp) }
break highest_priority unless highest_priority.nil?
2019-02-15 15:39:39 +05:30
end
end
def form_based_auth_provider_has_active_class?(provider)
form_based_provider_with_highest_priority == provider
end
2015-09-11 14:41:01 +05:30
def form_based_provider?(name)
2018-10-15 14:42:47 +05:30
[LDAP_PROVIDER, 'crowd'].any? { |pattern| pattern === name.to_s }
2015-09-11 14:41:01 +05:30
end
def form_based_providers
auth_providers.select { |provider| form_based_provider?(provider) }
end
2022-01-26 12:08:38 +05:30
def saml_providers
2022-07-16 23:28:13 +05:30
auth_providers.select do |provider|
provider == :saml || auth_strategy_class(provider) == 'OmniAuth::Strategies::SAML'
end
2022-01-26 12:08:38 +05:30
end
def auth_strategy_class(provider)
config = Gitlab::Auth::OAuth::Provider.config_for(provider)
return if config.nil? || config['args'].blank?
config.args['strategy_class']
end
2019-12-26 22:10:19 +05:30
def any_form_based_providers_enabled?
form_based_providers.any? { |provider| form_enabled_for_sign_in?(provider) }
end
def form_enabled_for_sign_in?(provider)
return true unless provider.to_s.match?(LDAP_PROVIDER)
ldap_sign_in_enabled?
end
2015-09-25 12:07:36 +05:30
def crowd_enabled?
auth_providers.include? :crowd
end
2015-09-11 14:41:01 +05:30
def button_based_providers
auth_providers.reject { |provider| form_based_provider?(provider) }
end
2019-02-15 15:39:39 +05:30
def display_providers_on_profile?
button_based_providers.any?
end
2018-10-15 14:42:47 +05:30
def providers_for_base_controller
auth_providers.reject { |provider| LDAP_PROVIDER === provider }
end
2016-06-02 11:05:42 +05:30
def enabled_button_based_providers
2018-03-17 18:26:18 +05:30
disabled_providers = Gitlab::CurrentSettings.disabled_oauth_sign_in_sources || []
2016-06-02 11:05:42 +05:30
2020-03-13 15:44:24 +05:30
providers = button_based_providers.map(&:to_s) - disabled_providers
providers.sort_by do |provider|
2021-06-08 01:23:25 +05:30
POPULAR_PROVIDERS.index(provider) || POPULAR_PROVIDERS.length
2020-03-13 15:44:24 +05:30
end
2016-06-02 11:05:42 +05:30
end
2021-06-08 01:23:25 +05:30
def popular_enabled_button_based_providers
enabled_button_based_providers & POPULAR_PROVIDERS
2021-02-22 17:27:13 +05:30
end
2016-06-02 11:05:42 +05:30
def button_based_providers_enabled?
enabled_button_based_providers.any?
end
2015-09-11 14:41:01 +05:30
def provider_image_tag(provider, size = 64)
label = label_for_provider(provider)
2020-04-08 14:13:33 +05:30
if provider_has_custom_icon?(provider)
2021-04-17 20:07:23 +05:30
image_tag(icon_for_provider(provider), alt: label, title: "Sign in with #{label}", class: "gl-button-icon")
2020-04-08 14:13:33 +05:30
elsif provider_has_builtin_icon?(provider)
2015-09-11 14:41:01 +05:30
file_name = "#{provider.to_s.split('_').first}_#{size}.png"
2021-04-17 20:07:23 +05:30
image_tag("auth_buttons/#{file_name}", alt: label, title: "Sign in with #{label}", class: "gl-button-icon")
2015-09-11 14:41:01 +05:30
else
label
end
end
2018-12-05 23:21:45 +05:30
# rubocop: disable CodeReuse/ActiveRecord
2015-09-11 14:41:01 +05:30
def auth_active?(provider)
2020-11-24 15:15:51 +05:30
return current_user.atlassian_identity.present? if provider == :atlassian_oauth2
2015-09-11 14:41:01 +05:30
current_user.identities.exists?(provider: provider.to_s)
end
2018-12-05 23:21:45 +05:30
# rubocop: enable CodeReuse/ActiveRecord
2015-09-11 14:41:01 +05:30
2019-07-07 11:18:12 +05:30
def unlink_provider_allowed?(provider)
IdentityProviderPolicy.new(current_user, provider).can?(:unlink)
end
def link_provider_allowed?(provider)
IdentityProviderPolicy.new(current_user, provider).can?(:link)
end
2020-05-24 23:13:21 +05:30
def allow_admin_mode_password_authentication_for_web?
current_user.allow_password_authentication_for_web? && !current_user.password_automatically_set?
end
2021-01-29 00:20:46 +05:30
def google_tag_manager_enabled?
2022-05-07 20:08:51 +05:30
return false unless Gitlab.com?
2022-01-26 12:08:38 +05:30
2022-03-02 08:16:31 +05:30
if Feature.enabled?(:gtm_nonce, type: :ops)
extra_config.has_key?('google_tag_manager_nonce_id') &&
extra_config.google_tag_manager_nonce_id.present?
else
extra_config.has_key?('google_tag_manager_id') &&
extra_config.google_tag_manager_id.present?
end
2022-01-26 12:08:38 +05:30
end
def google_tag_manager_id
return unless google_tag_manager_enabled?
return extra_config.google_tag_manager_nonce_id if Feature.enabled?(:gtm_nonce, type: :ops)
extra_config.google_tag_manager_id
2021-01-29 00:20:46 +05:30
end
2021-06-08 01:23:25 +05:30
def auth_app_owner_text(owner)
return unless owner
if owner.is_a?(Group)
group_link = link_to(owner.name, group_path(owner))
_("This application was created for group %{group_link}.").html_safe % { group_link: group_link }
else
user_link = link_to(owner.name, user_path(owner))
_("This application was created by %{user_link}.").html_safe % { user_link: user_link }
end
end
2015-09-11 14:41:01 +05:30
extend self
end
2019-12-04 20:38:33 +05:30
2021-06-08 01:23:25 +05:30
AuthHelper.prepend_mod_with('AuthHelper')
2019-12-04 20:38:33 +05:30
# The methods added in EE should be available as both class and instance
# methods, just like the methods provided by `AuthHelper` itself.
2021-06-08 01:23:25 +05:30
AuthHelper.extend_mod_with('AuthHelper')