66 lines
1.7 KiB
Ruby
66 lines
1.7 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
# LDAP extension for User model
|
|
#
|
|
# * Find or create user from omniauth.auth data
|
|
# * Links LDAP account with existing user
|
|
# * Auth LDAP user with login and password
|
|
#
|
|
module Gitlab
|
|
module Auth
|
|
module Ldap
|
|
class User < Gitlab::Auth::OAuth::User
|
|
extend ::Gitlab::Utils::Override
|
|
prepend_if_ee('::EE::Gitlab::Auth::Ldap::User') # rubocop: disable Cop/InjectEnterpriseEditionModule
|
|
|
|
class << self
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
|
def find_by_uid_and_provider(uid, provider)
|
|
identity = ::Identity.with_extern_uid(provider, uid).take
|
|
|
|
identity && identity.user
|
|
end
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
|
end
|
|
|
|
def save
|
|
super('LDAP')
|
|
end
|
|
|
|
# instance methods
|
|
def find_user
|
|
find_by_uid_and_provider || find_by_email || build_new_user
|
|
end
|
|
|
|
def find_by_uid_and_provider
|
|
self.class.find_by_uid_and_provider(auth_hash.uid, auth_hash.provider)
|
|
end
|
|
|
|
override :should_save?
|
|
def should_save?
|
|
gl_user.changed? || gl_user.identities.any?(&:changed?)
|
|
end
|
|
|
|
def block_after_signup?
|
|
ldap_config.block_auto_created_users
|
|
end
|
|
|
|
def allowed?
|
|
Gitlab::Auth::Ldap::Access.allowed?(gl_user)
|
|
end
|
|
|
|
def valid_sign_in?
|
|
allowed? && super
|
|
end
|
|
|
|
def ldap_config
|
|
Gitlab::Auth::Ldap::Config.new(auth_hash.provider)
|
|
end
|
|
|
|
def auth_hash=(auth_hash)
|
|
@auth_hash = Gitlab::Auth::Ldap::AuthHash.new(auth_hash)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|