debian-mirror-gitlab/app/helpers/auth_helper.rb

# frozen_string_literal: true

module AuthHelper
  PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2 facebook azure_oauth2 authentiq salesforce atlassian_oauth2).freeze
  LDAP_PROVIDER = /\Aldap/.freeze

  def ldap_enabled?
    Gitlab::Auth::Ldap::Config.enabled?
  end

  def ldap_sign_in_enabled?
    Gitlab::Auth::Ldap::Config.sign_in_enabled?
  end

  def omniauth_enabled?
    Gitlab::Auth.omniauth_enabled?
  end

  def provider_has_custom_icon?(name)
    icon_for_provider(name.to_s)
  end

  def provider_has_builtin_icon?(name)
    PROVIDERS_WITH_ICONS.include?(name.to_s)
  end

  def provider_has_icon?(name)
    provider_has_builtin_icon?(name) || provider_has_custom_icon?(name)
  end

  def qa_class_for_provider(provider)
    {
      saml: 'qa-saml-login-button'
    }[provider.to_sym]
  end

  def auth_providers
    Gitlab::Auth::OAuth::Provider.providers
  end

  def label_for_provider(name)
    Gitlab::Auth::OAuth::Provider.label_for(name)
  end

  def icon_for_provider(name)
    Gitlab::Auth::OAuth::Provider.icon_for(name)
  end

  def form_based_provider_priority
    ['crowd', /^ldap/, 'kerberos']
  end

  def form_based_provider_with_highest_priority
    @form_based_provider_with_highest_priority ||= begin
      form_based_provider_priority.each do |provider_regexp|
        highest_priority = form_based_providers.find { |provider| provider.match?(provider_regexp) }
        break highest_priority unless highest_priority.nil?
      end
    end
  end

  def form_based_auth_provider_has_active_class?(provider)
    form_based_provider_with_highest_priority == provider
  end

  def form_based_provider?(name)
    [LDAP_PROVIDER, 'crowd'].any? { |pattern| pattern === name.to_s }
  end

  def form_based_providers
    auth_providers.select { |provider| form_based_provider?(provider) }
  end

  def any_form_based_providers_enabled?
    form_based_providers.any? { |provider| form_enabled_for_sign_in?(provider) }
  end

  def form_enabled_for_sign_in?(provider)
    return true unless provider.to_s.match?(LDAP_PROVIDER)

    ldap_sign_in_enabled?
  end

  def crowd_enabled?
    auth_providers.include? :crowd
  end

  def button_based_providers
    auth_providers.reject { |provider| form_based_provider?(provider) }
  end

  def display_providers_on_profile?
    button_based_providers.any?
  end

  def providers_for_base_controller
    auth_providers.reject { |provider| LDAP_PROVIDER === provider }
  end

  def enabled_button_based_providers
    disabled_providers = Gitlab::CurrentSettings.disabled_oauth_sign_in_sources || []

    providers = button_based_providers.map(&:to_s) - disabled_providers
    providers.sort_by do |provider|
      case provider
      when 'google_oauth2'
        0
      when 'github'
        1
      else
        2
      end
    end
  end

  def button_based_providers_enabled?
    enabled_button_based_providers.any?
  end

  def provider_image_tag(provider, size = 64)
    label = label_for_provider(provider)

    if provider_has_custom_icon?(provider)
      image_tag(icon_for_provider(provider), alt: label, title: "Sign in with #{label}")
    elsif provider_has_builtin_icon?(provider)
      file_name = "#{provider.to_s.split('_').first}_#{size}.png"

      image_tag("auth_buttons/#{file_name}", alt: label, title: "Sign in with #{label}")
    else
      label
    end
  end

  # rubocop: disable CodeReuse/ActiveRecord
  def auth_active?(provider)
    return current_user.atlassian_identity.present? if provider == :atlassian_oauth2

    current_user.identities.exists?(provider: provider.to_s)
  end
  # rubocop: enable CodeReuse/ActiveRecord

  def unlink_provider_allowed?(provider)
    IdentityProviderPolicy.new(current_user, provider).can?(:unlink)
  end

  def link_provider_allowed?(provider)
    IdentityProviderPolicy.new(current_user, provider).can?(:link)
  end

  def allow_admin_mode_password_authentication_for_web?
    current_user.allow_password_authentication_for_web? && !current_user.password_automatically_set?
  end

  extend self
end

AuthHelper.prepend_if_ee('EE::AuthHelper')

# The methods added in EE should be available as both class and instance
# methods, just like the methods provided by `AuthHelper` itself.
AuthHelper.extend_if_ee('EE::AuthHelper')
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# frozen_string_literal: true`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`module AuthHelper`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2 facebook azure_oauth2 authentiq salesforce atlassian_oauth2).freeze`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`LDAP_PROVIDER = /\Aldap/.freeze`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30
			`def ldap_enabled?`
New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`Gitlab::Auth::Ldap::Config.enabled?`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

New upstream version 12.5.4 2019-12-26 22:10:19 +05:30			`def ldap_sign_in_enabled?`
New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`Gitlab::Auth::Ldap::Config.sign_in_enabled?`
New upstream version 12.5.4 2019-12-26 22:10:19 +05:30			`end`

Imported Upstream version 8.5.8+dfsg 2016-04-02 18:10:28 +05:30			`def omniauth_enabled?`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`Gitlab::Auth.omniauth_enabled?`
Imported Upstream version 8.5.8+dfsg 2016-04-02 18:10:28 +05:30			`end`

New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`def provider_has_custom_icon?(name)`
			`icon_for_provider(name.to_s)`
			`end`

			`def provider_has_builtin_icon?(name)`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`PROVIDERS_WITH_ICONS.include?(name.to_s)`
			`end`

New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`def provider_has_icon?(name)`
			`provider_has_builtin_icon?(name) \|\| provider_has_custom_icon?(name)`
			`end`

New upstream version 11.8.0 2019-03-02 22:35:43 +05:30			`def qa_class_for_provider(provider)`
			`{`
New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`saml: 'qa-saml-login-button'`
New upstream version 11.8.0 2019-03-02 22:35:43 +05:30			`}[provider.to_sym]`
			`end`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`def auth_providers`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`Gitlab::Auth::OAuth::Provider.providers`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

			`def label_for_provider(name)`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`Gitlab::Auth::OAuth::Provider.label_for(name)`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`def icon_for_provider(name)`
			`Gitlab::Auth::OAuth::Provider.icon_for(name)`
			`end`

New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`def form_based_provider_priority`
			`['crowd', /^ldap/, 'kerberos']`
			`end`

			`def form_based_provider_with_highest_priority`
			`@form_based_provider_with_highest_priority \|\|= begin`
			`form_based_provider_priority.each do \|provider_regexp\|`
New upstream version 11.8.0 2019-03-02 22:35:43 +05:30			`highest_priority = form_based_providers.find { \|provider\| provider.match?(provider_regexp) }`
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`break highest_priority unless highest_priority.nil?`
			`end`
			`end`
			`end`

			`def form_based_auth_provider_has_active_class?(provider)`
			`form_based_provider_with_highest_priority == provider`
			`end`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`def form_based_provider?(name)`
New upstream version 10.8.7+dfsg 2018-10-15 14:42:47 +05:30			`[LDAP_PROVIDER, 'crowd'].any? { \|pattern\| pattern === name.to_s }`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

			`def form_based_providers`
			`auth_providers.select { \|provider\| form_based_provider?(provider) }`
			`end`

New upstream version 12.5.4 2019-12-26 22:10:19 +05:30			`def any_form_based_providers_enabled?`
			`form_based_providers.any? { \|provider\| form_enabled_for_sign_in?(provider) }`
			`end`

			`def form_enabled_for_sign_in?(provider)`
			`return true unless provider.to_s.match?(LDAP_PROVIDER)`

			`ldap_sign_in_enabled?`
			`end`

Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30			`def crowd_enabled?`
			`auth_providers.include? :crowd`
			`end`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`def button_based_providers`
			`auth_providers.reject { \|provider\| form_based_provider?(provider) }`
			`end`

New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`def display_providers_on_profile?`
			`button_based_providers.any?`
			`end`

New upstream version 10.8.7+dfsg 2018-10-15 14:42:47 +05:30			`def providers_for_base_controller`
			`auth_providers.reject { \|provider\| LDAP_PROVIDER === provider }`
			`end`

Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`def enabled_button_based_providers`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`disabled_providers = Gitlab::CurrentSettings.disabled_oauth_sign_in_sources \|\| []`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`providers = button_based_providers.map(&:to_s) - disabled_providers`
			`providers.sort_by do \|provider\|`
			`case provider`
			`when 'google_oauth2'`
			`0`
			`when 'github'`
			`1`
			`else`
			`2`
			`end`
			`end`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`

			`def button_based_providers_enabled?`
			`enabled_button_based_providers.any?`
			`end`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`def provider_image_tag(provider, size = 64)`
			`label = label_for_provider(provider)`

New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`if provider_has_custom_icon?(provider)`
			`image_tag(icon_for_provider(provider), alt: label, title: "Sign in with #{label}")`
			`elsif provider_has_builtin_icon?(provider)`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`file_name = "#{provider.to_s.split('_').first}_#{size}.png"`

Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30			`image_tag("auth_buttons/#{file_name}", alt: label, title: "Sign in with #{label}")`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`else`
			`label`
			`end`
			`end`

New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# rubocop: disable CodeReuse/ActiveRecord`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`def auth_active?(provider)`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`return current_user.atlassian_identity.present? if provider == :atlassian_oauth2`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`current_user.identities.exists?(provider: provider.to_s)`
			`end`
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# rubocop: enable CodeReuse/ActiveRecord`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`def unlink_provider_allowed?(provider)`
			`IdentityProviderPolicy.new(current_user, provider).can?(:unlink)`
			`end`

			`def link_provider_allowed?(provider)`
			`IdentityProviderPolicy.new(current_user, provider).can?(:link)`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`end`

New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`def allow_admin_mode_password_authentication_for_web?`
			`current_user.allow_password_authentication_for_web? && !current_user.password_automatically_set?`
			`end`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`extend self`
			`end`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`AuthHelper.prepend_if_ee('EE::AuthHelper')`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`# The methods added in EE should be available as both class and instance`
			# methods, just like the methods provided by `AuthHelper` itself.
			`AuthHelper.extend_if_ee('EE::AuthHelper')`