debian-mirror-gitlab/lib/gitlab/auth/saml/identity_linker.rb
2022-07-17 14:43:12 +02:00

36 lines
826 B
Ruby

# frozen_string_literal: true
module Gitlab
module Auth
module Saml
class IdentityLinker < OmniauthIdentityLinkerBase
extend ::Gitlab::Utils::Override
UnverifiedRequest = Class.new(StandardError)
override :link
def link
raise_unless_request_is_gitlab_initiated! if unlinked?
super
end
protected
def raise_unless_request_is_gitlab_initiated!
raise UnverifiedRequest unless valid_gitlab_initiated_request?
end
def valid_gitlab_initiated_request?
OriginValidator.new(session).gitlab_initiated?(saml_response)
end
def saml_response
oauth.fetch(:extra, {}).fetch(:response_object, {})
end
end
end
end
end
Gitlab::Auth::Saml::IdentityLinker.prepend_mod