Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Refactoring auth

  • Loading branch information...
commit 486de8c3f412df3e71c9045faf250941c03c8c00 1 parent 621affe
Dmitriy Zaporozhets randx authored
32 Gemfile.lock
View
@@ -158,6 +158,8 @@ GEM
factory_girl_rails (4.0.0)
factory_girl (~> 4.0.0)
railties (>= 3.0.0)
+ faraday (0.8.4)
+ multipart-post (~> 1.1)
ffaker (1.14.0)
ffi (1.0.11)
foreman (0.47.0)
@@ -194,6 +196,7 @@ GEM
httparty (0.8.3)
multi_json (~> 1.0)
multi_xml
+ httpauth (0.1)
i18n (0.6.1)
journey (1.0.4)
jquery-rails (2.0.2)
@@ -203,6 +206,8 @@ GEM
jquery-rails
railties (>= 3.1.0)
json (1.7.5)
+ jwt (0.1.5)
+ multi_json (>= 1.0)
kaminari (0.14.0)
actionpack (>= 3.0.0)
activesupport (>= 3.0.0)
@@ -225,12 +230,35 @@ GEM
sprockets (~> 2.0)
multi_json (1.3.6)
multi_xml (0.5.1)
+ multipart-post (1.1.5)
mysql2 (0.3.11)
net-ldap (0.2.2)
nokogiri (1.5.3)
+ oauth (0.4.7)
+ oauth2 (0.8.0)
+ faraday (~> 0.8)
+ httpauth (~> 0.1)
+ jwt (~> 0.1.4)
+ multi_json (~> 1.0)
+ rack (~> 1.2)
omniauth (1.1.0)
hashie (~> 1.2)
rack
+ omniauth-github (1.0.3)
+ omniauth (~> 1.0)
+ omniauth-oauth2 (~> 1.1)
+ omniauth-google-oauth2 (0.1.13)
+ omniauth (~> 1.0)
+ omniauth-oauth2
+ omniauth-oauth (1.0.1)
+ oauth
+ omniauth (~> 1.0)
+ omniauth-oauth2 (1.1.0)
+ oauth2 (~> 0.8.0)
+ omniauth (~> 1.0)
+ omniauth-twitter (0.0.13)
+ multi_json (~> 1.3)
+ omniauth-oauth (~> 1.0)
orm_adapter (0.3.0)
polyglot (0.3.3)
posix-spawn (0.3.6)
@@ -420,7 +448,11 @@ DEPENDENCIES
linguist (~> 1.0.0)!
modernizr (= 2.5.3)
mysql2
+ omniauth
+ omniauth-github
+ omniauth-google-oauth2
omniauth-ldap!
+ omniauth-twitter
pry
pygments.rb!
rack-mini-profiler
4 app/assets/stylesheets/auth_methods.scss
View
@@ -1,9 +1,9 @@
.auth_methods {
- &ul {
+ ul {
margin: 0;
text-align:center;
padding: 5px;
- &li {
+ li {
display: inline;
}
}
32 app/views/devise/sessions/new.html.erb
View
@@ -1,32 +0,0 @@
-<% unless ldap_enable? -%>
-
- <%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => { :class => "login-box" }) do |f| %>
- <%= image_tag "login-logo.png", :width => "304", :height => "66", :class => "login-logo", :alt => "Login Logo" %>
-
- <%= f.text_field :email, :class => "text top", :placeholder => "Email" %>
- <%= f.password_field :password, :class => "text bottom", :placeholder => "Password" %>
-
- <% if devise_mapping.rememberable? -%>
- <div class="clearfix inputs-list"> <label class="checkbox remember_me" for="user_remember_me"><%= f.check_box :remember_me %><span>Remember me</span></label></div>
- <% end -%>
- <br/>
- <%= f.submit "Sign in", :class => "primary btn" %>
- <div class="right"> <%= render :partial => "devise/shared/links" %></div>
-
- <%- if devise_mapping.omniauthable? %>
- <hr/>
- <div class="auth_methods">
- <ul>
- <%- resource_class.omniauth_providers.each do |provider| %>
- <li><%= link_to authbutton(provider),
- omniauth_authorize_path(resource_name, provider) %></li>
- <% end -%>
- </ul>
- </div>
- <% end -%>
-
- <% end %>
-
-<% else %>
- <%= render :partial => 'devise/sessions/new_ldap' %>
-<% end %>
50 config/gitlab.yml.example
View
@@ -25,8 +25,38 @@ app:
# backup_keep_time: 604800 # default: 0 (forever) (in seconds)
# disable_gravatar: true # default: false - Disable user avatars from Gravatar.com
+
+
+
#
-# 2. Advanced settings:
+# 2. Auth settings
+# ==========================
+ldap:
+ enabled: false
+ host: '_your_ldap_server'
+ base: '_the_base_where_you_search_for_users'
+ port: 636
+ uid: 'sAMAccountName'
+ method: 'ssl' # plain
+ bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+ password: '_the_password_of_the_bind_user'
+
+omniauth:
+ enabled: false
+ allow_single_sign_on: false
+ block_auto_created_users: true
+ providers:
+ # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
+ # app_secret: 'YOUR APP SECRET',
+ # args: { access_type: 'offline', approval_prompt: '' } }
+ # - { name: 'twitter', app_id: 'YOUR APP ID',
+ # app_secret: 'YOUR APP SECRET'}
+ # - { name: 'github', app_id: 'YOUR APP ID',
+ # app_secret: 'YOUR APP SECRET' }
+
+
+#
+# 3. Advanced settings:
# ==========================
# Git Hosting configuration
@@ -50,21 +80,3 @@ git:
git_max_size: 5242880 # 5.megabytes
# Git timeout to read commit, in seconds
git_timeout: 10
-
-# Omniauth configuration
-omniauth:
- enabled: false
- providers:
- allow_single_sign_on: false
- block_auto_created_users: true
-
-# omniauth:
-# enabled: true
-# providers:
-# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
-# app_secret: 'YOUR APP SECRET',
-# args: { access_type: 'offline', approval_prompt: '' } }
-# - { name: 'twitter', app_id: 'YOUR APP ID',
-# app_secret: 'YOUR APP SECRET'}
-# - { name: 'github', app_id: 'YOUR APP ID',
-# app_secret: 'YOUR APP SECRET' }
10 config/initializers/1_settings.rb
View
@@ -120,8 +120,16 @@ def backup_keep_time
app['backup_keep_time'] || 0
end
+ def ldap_enabled?
+ ldap['enabled']
+ rescue
+ false
+ end
+
def omniauth_enabled?
- omniauth['enabled'] || false
+ omniauth && omniauth['enabled']
+ rescue
+ false
end
def omniauth_providers
17 config/initializers/devise.rb
View
@@ -204,4 +204,21 @@
# manager.intercept_401 = false
# manager.default_strategies(:scope => :user).unshift :some_external_strategy
# end
+
+ gl = Gitlab.config
+
+ if gl.ldap_enabled?
+ config.omniauth :ldap,
+ :host => gl.ldap['host'],
+ :base => gl.ldap['base'],
+ :uid => gl.ldap['uid'],
+ :port => gl.ldap['port'],
+ :method => gl.ldap['method'],
+ :bind_dn => gl.ldap['bind_dn'],
+ :password => gl.ldap['password']
+ end
+
+ gl.omniauth_providers.each do |gl_provider|
+ config.omniauth gl_provider['name'].to_sym, gl_provider['app_id'], gl_provider['app_secret']
+ end
end
15 config/initializers/omniauth.rb.sample
View
@@ -1,15 +0,0 @@
-# Copy this file to 'omniauth.rb' and configure it as necessary.
-# The wiki has further details on configuring each provider.
-
-Devise.setup do |config|
- # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
-
- # config.omniauth :ldap,
- # :host => 'YOUR_LDAP_SERVER',
- # :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
- # :uid => 'sAMAccountName',
- # :port => 389,
- # :method => :plain,
- # :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
- # :password => 'THE_PASSWORD_OF_THE_BIND_USER'
-end

1 comment on commit 486de8c

Jaakko Kantojärvi

Can I ask why LDAP has special meaning as authentication method?
This makes it harder to integrate PAM and Shibboleth authentications... Well not harder, but then there will be special handling for all of them.

I ques you like that there is more authentication schemes than internal, ldap and github/twitter etc? At least I see PAM as very powerful module as you can implement ldap and shibboleth (or both at same time) trough pam.

I noticed that shibboleth fork has the old configuration style and I just came here to look where this change was done, so I could find out the reason behind this.

Please sign in to comment.
Something went wrong with that request. Please try again.