2016-04-02 18:10:28 +05:30
|
|
|
# SAML extension for User model
|
|
|
|
#
|
|
|
|
# * Find GitLab user based on SAML uid and provider
|
|
|
|
# * Create new user from SAML data
|
|
|
|
#
|
|
|
|
module Gitlab
|
|
|
|
module Saml
|
|
|
|
class User < Gitlab::OAuth::User
|
|
|
|
|
|
|
|
def save
|
|
|
|
super('SAML')
|
|
|
|
end
|
|
|
|
|
|
|
|
def gl_user
|
|
|
|
if auto_link_ldap_user?
|
|
|
|
@user ||= find_or_create_ldap_user
|
|
|
|
end
|
|
|
|
|
2016-06-16 23:09:34 +05:30
|
|
|
@user ||= find_by_uid_and_provider
|
|
|
|
|
2016-06-02 11:05:42 +05:30
|
|
|
if auto_link_saml_user?
|
2016-04-02 18:10:28 +05:30
|
|
|
@user ||= find_by_email
|
|
|
|
end
|
|
|
|
|
|
|
|
if signup_enabled?
|
|
|
|
@user ||= build_new_user
|
|
|
|
end
|
|
|
|
|
2016-06-02 11:05:42 +05:30
|
|
|
if external_users_enabled? && @user
|
|
|
|
# Check if there is overlap between the user's groups and the external groups
|
|
|
|
# setting then set user as external or internal.
|
|
|
|
if (auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
|
|
|
|
@user.external = false
|
|
|
|
else
|
|
|
|
@user.external = true
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-04-02 18:10:28 +05:30
|
|
|
@user
|
|
|
|
end
|
|
|
|
|
|
|
|
def find_by_email
|
|
|
|
if auth_hash.has_email?
|
|
|
|
user = ::User.find_by(email: auth_hash.email.downcase)
|
|
|
|
user.identities.new(extern_uid: auth_hash.uid, provider: auth_hash.provider) if user
|
|
|
|
user
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-06-02 11:05:42 +05:30
|
|
|
def changed?
|
|
|
|
return true unless gl_user
|
|
|
|
gl_user.changed? || gl_user.identities.any?(&:changed?)
|
|
|
|
end
|
|
|
|
|
2016-04-02 18:10:28 +05:30
|
|
|
protected
|
|
|
|
|
2016-06-02 11:05:42 +05:30
|
|
|
def auto_link_saml_user?
|
2016-04-02 18:10:28 +05:30
|
|
|
Gitlab.config.omniauth.auto_link_saml_user
|
|
|
|
end
|
2016-06-02 11:05:42 +05:30
|
|
|
|
|
|
|
def external_users_enabled?
|
|
|
|
!Gitlab::Saml::Config.external_groups.nil?
|
|
|
|
end
|
|
|
|
|
|
|
|
def auth_hash=(auth_hash)
|
|
|
|
@auth_hash = Gitlab::Saml::AuthHash.new(auth_hash)
|
|
|
|
end
|
2016-04-02 18:10:28 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|