debian-mirror-gitlab/lib/gitlab/ldap/access.rb

69 lines
1.6 KiB
Ruby
Raw Normal View History

2015-04-26 12:48:37 +05:30
# LDAP authorization model
#
# * Check if we are allowed access (not blocked)
#
2014-09-02 18:07:02 +05:30
module Gitlab
module LDAP
class Access
attr_reader :provider, :user
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
def self.open(user, &block)
Gitlab::LDAP::Adapter.open(user.ldap_identity.provider) do |adapter|
block.call(self.new(user, adapter))
2014-09-02 18:07:02 +05:30
end
end
def self.allowed?(user)
2015-04-26 12:48:37 +05:30
self.open(user) do |access|
if access.allowed?
2014-09-02 18:07:02 +05:30
user.last_credential_check_at = Time.now
user.save
true
else
false
end
end
end
2015-04-26 12:48:37 +05:30
def initialize(user, adapter=nil)
2014-09-02 18:07:02 +05:30
@adapter = adapter
2015-04-26 12:48:37 +05:30
@user = user
@provider = user.ldap_identity.provider
2014-09-02 18:07:02 +05:30
end
2015-04-26 12:48:37 +05:30
def allowed?
if ldap_user
2015-04-26 12:48:37 +05:30
return true unless ldap_config.active_directory
# Block user in GitLab if he/she was blocked in AD
if Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter)
2015-12-23 02:04:40 +05:30
user.block
2015-04-26 12:48:37 +05:30
false
else
2015-09-11 14:41:01 +05:30
user.activate if user.blocked? && !ldap_config.block_auto_created_users
2015-04-26 12:48:37 +05:30
true
end
2014-09-02 18:07:02 +05:30
else
2015-12-23 02:04:40 +05:30
# Block the user if they no longer exist in LDAP/AD
user.block
2014-09-02 18:07:02 +05:30
false
end
rescue
false
end
2015-04-26 12:48:37 +05:30
def adapter
@adapter ||= Gitlab::LDAP::Adapter.new(provider)
end
def ldap_config
Gitlab::LDAP::Config.new(provider)
end
def ldap_user
@ldap_user ||= Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter)
end
2014-09-02 18:07:02 +05:30
end
end
end