debian-mirror-gitlab/lib/gitlab/ldap/access.rb

# LDAP authorization model
#
# * Check if we are allowed access (not blocked)
#
module Gitlab
  module LDAP
    class Access
      attr_reader :provider, :user

      def self.open(user, &block)
        Gitlab::LDAP::Adapter.open(user.ldap_identity.provider) do |adapter|
          block.call(self.new(user, adapter))
        end
      end

      def self.allowed?(user)
        self.open(user) do |access|
          if access.allowed?
            user.last_credential_check_at = Time.now
            user.save
            true
          else
            false
          end
        end
      end

      def initialize(user, adapter=nil)
        @adapter = adapter
        @user = user
        @provider = user.ldap_identity.provider
      end

      def allowed?
        if ldap_user
          unless ldap_config.active_directory
            user.activate if user.ldap_blocked?
            return true
          end

          # Block user in GitLab if he/she was blocked in AD
          if Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter)
            user.ldap_block
            false
          else
            user.activate if user.ldap_blocked?
            true
          end
        else
          # Block the user if they no longer exist in LDAP/AD
          user.ldap_block
          false
        end
      rescue
        false
      end

      def adapter
        @adapter ||= Gitlab::LDAP::Adapter.new(provider)
      end

      def ldap_config
        Gitlab::LDAP::Config.new(provider)
      end

      def ldap_user
        @ldap_user ||= Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter)
      end
    end
  end
end
Imported Upstream version 7.10.0 2015-04-26 09:18:37 +02:00			`# LDAP authorization model`
			`#`
			`# * Check if we are allowed access (not blocked)`
			`#`
Imported Upstream version 7.2.1 2014-09-02 14:37:02 +02:00			`module Gitlab`
			`module LDAP`
			`class Access`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`attr_reader :provider, :user`
Imported Upstream version 7.2.1 2014-09-02 14:37:02 +02:00
Imported Upstream version 7.10.0 2015-04-26 09:18:37 +02:00			`def self.open(user, &block)`
			`Gitlab::LDAP::Adapter.open(user.ldap_identity.provider) do \|adapter\|`
			`block.call(self.new(user, adapter))`
Imported Upstream version 7.2.1 2014-09-02 14:37:02 +02:00			`end`
			`end`

			`def self.allowed?(user)`
Imported Upstream version 7.10.0 2015-04-26 09:18:37 +02:00			`self.open(user) do \|access\|`
			`if access.allowed?`
Imported Upstream version 7.2.1 2014-09-02 14:37:02 +02:00			`user.last_credential_check_at = Time.now`
			`user.save`
			`true`
			`else`
			`false`
			`end`
			`end`
			`end`

Imported Upstream version 7.10.0 2015-04-26 09:18:37 +02:00			`def initialize(user, adapter=nil)`
Imported Upstream version 7.2.1 2014-09-02 14:37:02 +02:00			`@adapter = adapter`
Imported Upstream version 7.10.0 2015-04-26 09:18:37 +02:00			`@user = user`
			`@provider = user.ldap_identity.provider`
Imported Upstream version 7.2.1 2014-09-02 14:37:02 +02:00			`end`

Imported Upstream version 7.10.0 2015-04-26 09:18:37 +02:00			`def allowed?`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`if ldap_user`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`unless ldap_config.active_directory`
			`user.activate if user.ldap_blocked?`
			`return true`
			`end`
Imported Upstream version 7.10.0 2015-04-26 09:18:37 +02:00
			`# Block user in GitLab if he/she was blocked in AD`
			`if Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter)`
Imported Upstream version 8.4.0+dfsg~rc2 2016-01-19 16:12:03 +05:30			`user.ldap_block`
Imported Upstream version 7.10.0 2015-04-26 09:18:37 +02:00			`false`
			`else`
Imported Upstream version 8.4.0+dfsg~rc2 2016-01-19 16:12:03 +05:30			`user.activate if user.ldap_blocked?`
Imported Upstream version 7.10.0 2015-04-26 09:18:37 +02:00			`true`
			`end`
Imported Upstream version 7.2.1 2014-09-02 14:37:02 +02:00			`else`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`# Block the user if they no longer exist in LDAP/AD`
Imported Upstream version 8.4.0+dfsg~rc2 2016-01-19 16:12:03 +05:30			`user.ldap_block`
Imported Upstream version 7.2.1 2014-09-02 14:37:02 +02:00			`false`
			`end`
			`rescue`
			`false`
			`end`
Imported Upstream version 7.10.0 2015-04-26 09:18:37 +02:00
			`def adapter`
			`@adapter \|\|= Gitlab::LDAP::Adapter.new(provider)`
			`end`

			`def ldap_config`
			`Gitlab::LDAP::Config.new(provider)`
			`end`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30
			`def ldap_user`
			`@ldap_user \|\|= Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter)`
			`end`
Imported Upstream version 7.2.1 2014-09-02 14:37:02 +02:00			`end`
			`end`
			`end`