debian-mirror-gitlab/lib/gitlab/ldap/user.rb

88 lines
2.3 KiB
Ruby
Raw Normal View History

2015-04-26 12:48:37 +05:30
require 'gitlab/o_auth/user'
2014-09-02 18:07:02 +05:30
# LDAP extension for User model
#
# * Find or create user from omniauth.auth data
# * Links LDAP account with existing user
# * Auth LDAP user with login and password
#
module Gitlab
module LDAP
class User < Gitlab::OAuth::User
class << self
2015-04-26 12:48:37 +05:30
def find_by_uid_and_provider(uid, provider)
# LDAP distinguished name is case-insensitive
identity = ::Identity.
where(provider: provider).
iwhere(extern_uid: uid).last
2015-04-26 12:48:37 +05:30
identity && identity.user
2014-09-02 18:07:02 +05:30
end
2015-04-26 12:48:37 +05:30
end
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
def initialize(auth_hash)
super
update_user_attributes
end
2014-09-02 18:07:02 +05:30
2016-04-02 18:10:28 +05:30
def save
super('LDAP')
end
2015-04-26 12:48:37 +05:30
# instance methods
def gl_user
@gl_user ||= find_by_uid_and_provider || find_by_email || build_new_user
end
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
def find_by_uid_and_provider
2016-01-29 22:53:50 +05:30
self.class.find_by_uid_and_provider(auth_hash.uid, auth_hash.provider)
2015-04-26 12:48:37 +05:30
end
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
def find_by_email
2016-01-29 22:53:50 +05:30
::User.find_by(email: auth_hash.email.downcase) if auth_hash.has_email?
2015-04-26 12:48:37 +05:30
end
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
def update_user_attributes
2016-01-29 22:53:50 +05:30
if persisted?
if auth_hash.has_email?
gl_user.skip_reconfirmation!
gl_user.email = auth_hash.email
end
2014-09-02 18:07:02 +05:30
2016-01-29 22:53:50 +05:30
# find_or_initialize_by doesn't update `gl_user.identities`, and isn't autosaved.
identity = gl_user.identities.find { |identity| identity.provider == auth_hash.provider }
identity ||= gl_user.identities.build(provider: auth_hash.provider)
2014-09-02 18:07:02 +05:30
2016-01-29 22:53:50 +05:30
# For a new identity set extern_uid to the LDAP DN
# For an existing identity with matching email but changed DN, update the DN.
# For an existing identity with no change in DN, this line changes nothing.
identity.extern_uid = auth_hash.uid
end
2016-01-29 22:53:50 +05:30
gl_user.ldap_email = auth_hash.has_email?
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
gl_user
end
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
def changed?
gl_user.changed? || gl_user.identities.any?(&:changed?)
end
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
def block_after_signup?
ldap_config.block_auto_created_users
end
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
def allowed?
Gitlab::LDAP::Access.allowed?(gl_user)
end
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
def ldap_config
Gitlab::LDAP::Config.new(auth_hash.provider)
2014-09-02 18:07:02 +05:30
end
2015-09-25 12:07:36 +05:30
def auth_hash=(auth_hash)
@auth_hash = Gitlab::LDAP::AuthHash.new(auth_hash)
end
2014-09-02 18:07:02 +05:30
end
end
end