debian-mirror-gitlab/lib/gitlab/auth/saml/user.rb

66 lines
1.5 KiB
Ruby
Raw Normal View History

2018-12-13 13:39:08 +05:30
# frozen_string_literal: true
2018-03-27 19:54:05 +05:30
# SAML extension for User model
#
# * Find GitLab user based on SAML uid and provider
# * Create new user from SAML data
#
module Gitlab
module Auth
module Saml
class User < Gitlab::Auth::OAuth::User
2018-10-15 14:42:47 +05:30
extend ::Gitlab::Utils::Override
2018-03-27 19:54:05 +05:30
def save
super('SAML')
end
def find_user
user = find_by_uid_and_provider
user ||= find_by_email if auto_link_saml_user?
user ||= find_or_build_ldap_user if auto_link_ldap_user?
user ||= build_new_user if signup_enabled?
2018-11-08 19:23:39 +05:30
if user
user.external = !(auth_hash.groups & saml_config.external_groups).empty? if external_users_enabled?
2018-03-27 19:54:05 +05:30
end
user
end
2018-10-15 14:42:47 +05:30
override :should_save?
def should_save?
2018-03-27 19:54:05 +05:30
return true unless gl_user
gl_user.changed? || gl_user.identities.any?(&:changed?)
end
2018-11-08 19:23:39 +05:30
def bypass_two_factor?
saml_config.upstream_two_factor_authn_contexts&.include?(auth_hash.authn_context)
end
2018-03-27 19:54:05 +05:30
protected
2018-10-15 14:42:47 +05:30
def saml_config
Gitlab::Auth::Saml::Config
end
2018-03-27 19:54:05 +05:30
def auto_link_saml_user?
Gitlab.config.omniauth.auto_link_saml_user
end
def external_users_enabled?
2018-10-15 14:42:47 +05:30
!saml_config.external_groups.nil?
2018-03-27 19:54:05 +05:30
end
def auth_hash=(auth_hash)
@auth_hash = Gitlab::Auth::Saml::AuthHash.new(auth_hash)
end
end
end
end
end
2020-05-24 23:13:21 +05:30
Gitlab::Auth::Saml::User.prepend_if_ee('::EE::Gitlab::Auth::Saml::User')