Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Refactoring auth

  • Loading branch information...
commit 486de8c3f412df3e71c9045faf250941c03c8c00 1 parent 621affe
@randx randx authored
View
32 Gemfile.lock
@@ -158,6 +158,8 @@ GEM
factory_girl_rails (4.0.0)
factory_girl (~> 4.0.0)
railties (>= 3.0.0)
+ faraday (0.8.4)
+ multipart-post (~> 1.1)
ffaker (1.14.0)
ffi (1.0.11)
foreman (0.47.0)
@@ -194,6 +196,7 @@ GEM
httparty (0.8.3)
multi_json (~> 1.0)
multi_xml
+ httpauth (0.1)
i18n (0.6.1)
journey (1.0.4)
jquery-rails (2.0.2)
@@ -203,6 +206,8 @@ GEM
jquery-rails
railties (>= 3.1.0)
json (1.7.5)
+ jwt (0.1.5)
+ multi_json (>= 1.0)
kaminari (0.14.0)
actionpack (>= 3.0.0)
activesupport (>= 3.0.0)
@@ -225,12 +230,35 @@ GEM
sprockets (~> 2.0)
multi_json (1.3.6)
multi_xml (0.5.1)
+ multipart-post (1.1.5)
mysql2 (0.3.11)
net-ldap (0.2.2)
nokogiri (1.5.3)
+ oauth (0.4.7)
+ oauth2 (0.8.0)
+ faraday (~> 0.8)
+ httpauth (~> 0.1)
+ jwt (~> 0.1.4)
+ multi_json (~> 1.0)
+ rack (~> 1.2)
omniauth (1.1.0)
hashie (~> 1.2)
rack
+ omniauth-github (1.0.3)
+ omniauth (~> 1.0)
+ omniauth-oauth2 (~> 1.1)
+ omniauth-google-oauth2 (0.1.13)
+ omniauth (~> 1.0)
+ omniauth-oauth2
+ omniauth-oauth (1.0.1)
+ oauth
+ omniauth (~> 1.0)
+ omniauth-oauth2 (1.1.0)
+ oauth2 (~> 0.8.0)
+ omniauth (~> 1.0)
+ omniauth-twitter (0.0.13)
+ multi_json (~> 1.3)
+ omniauth-oauth (~> 1.0)
orm_adapter (0.3.0)
polyglot (0.3.3)
posix-spawn (0.3.6)
@@ -420,7 +448,11 @@ DEPENDENCIES
linguist (~> 1.0.0)!
modernizr (= 2.5.3)
mysql2
+ omniauth
+ omniauth-github
+ omniauth-google-oauth2
omniauth-ldap!
+ omniauth-twitter
pry
pygments.rb!
rack-mini-profiler
View
4 app/assets/stylesheets/auth_methods.scss
@@ -1,9 +1,9 @@
.auth_methods {
- &ul {
+ ul {
margin: 0;
text-align:center;
padding: 5px;
- &li {
+ li {
display: inline;
}
}
View
32 app/views/devise/sessions/new.html.erb
@@ -1,32 +0,0 @@
-<% unless ldap_enable? -%>
-
- <%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => { :class => "login-box" }) do |f| %>
- <%= image_tag "login-logo.png", :width => "304", :height => "66", :class => "login-logo", :alt => "Login Logo" %>
-
- <%= f.text_field :email, :class => "text top", :placeholder => "Email" %>
- <%= f.password_field :password, :class => "text bottom", :placeholder => "Password" %>
-
- <% if devise_mapping.rememberable? -%>
- <div class="clearfix inputs-list"> <label class="checkbox remember_me" for="user_remember_me"><%= f.check_box :remember_me %><span>Remember me</span></label></div>
- <% end -%>
- <br/>
- <%= f.submit "Sign in", :class => "primary btn" %>
- <div class="right"> <%= render :partial => "devise/shared/links" %></div>
-
- <%- if devise_mapping.omniauthable? %>
- <hr/>
- <div class="auth_methods">
- <ul>
- <%- resource_class.omniauth_providers.each do |provider| %>
- <li><%= link_to authbutton(provider),
- omniauth_authorize_path(resource_name, provider) %></li>
- <% end -%>
- </ul>
- </div>
- <% end -%>
-
- <% end %>
-
-<% else %>
- <%= render :partial => 'devise/sessions/new_ldap' %>
-<% end %>
View
50 config/gitlab.yml.example
@@ -25,8 +25,38 @@ app:
# backup_keep_time: 604800 # default: 0 (forever) (in seconds)
# disable_gravatar: true # default: false - Disable user avatars from Gravatar.com
+
+
+
#
-# 2. Advanced settings:
+# 2. Auth settings
+# ==========================
+ldap:
+ enabled: false
+ host: '_your_ldap_server'
+ base: '_the_base_where_you_search_for_users'
+ port: 636
+ uid: 'sAMAccountName'
+ method: 'ssl' # plain
+ bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+ password: '_the_password_of_the_bind_user'
+
+omniauth:
+ enabled: false
+ allow_single_sign_on: false
+ block_auto_created_users: true
+ providers:
+ # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
+ # app_secret: 'YOUR APP SECRET',
+ # args: { access_type: 'offline', approval_prompt: '' } }
+ # - { name: 'twitter', app_id: 'YOUR APP ID',
+ # app_secret: 'YOUR APP SECRET'}
+ # - { name: 'github', app_id: 'YOUR APP ID',
+ # app_secret: 'YOUR APP SECRET' }
+
+
+#
+# 3. Advanced settings:
# ==========================
# Git Hosting configuration
@@ -50,21 +80,3 @@ git:
git_max_size: 5242880 # 5.megabytes
# Git timeout to read commit, in seconds
git_timeout: 10
-
-# Omniauth configuration
-omniauth:
- enabled: false
- providers:
- allow_single_sign_on: false
- block_auto_created_users: true
-
-# omniauth:
-# enabled: true
-# providers:
-# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
-# app_secret: 'YOUR APP SECRET',
-# args: { access_type: 'offline', approval_prompt: '' } }
-# - { name: 'twitter', app_id: 'YOUR APP ID',
-# app_secret: 'YOUR APP SECRET'}
-# - { name: 'github', app_id: 'YOUR APP ID',
-# app_secret: 'YOUR APP SECRET' }
View
10 config/initializers/1_settings.rb
@@ -120,8 +120,16 @@ def backup_keep_time
app['backup_keep_time'] || 0
end
+ def ldap_enabled?
+ ldap['enabled']
+ rescue
+ false
+ end
+
def omniauth_enabled?
- omniauth['enabled'] || false
+ omniauth && omniauth['enabled']
+ rescue
+ false
end
def omniauth_providers
View
17 config/initializers/devise.rb
@@ -204,4 +204,21 @@
# manager.intercept_401 = false
# manager.default_strategies(:scope => :user).unshift :some_external_strategy
# end
+
+ gl = Gitlab.config
+
+ if gl.ldap_enabled?
+ config.omniauth :ldap,
+ :host => gl.ldap['host'],
+ :base => gl.ldap['base'],
+ :uid => gl.ldap['uid'],
+ :port => gl.ldap['port'],
+ :method => gl.ldap['method'],
+ :bind_dn => gl.ldap['bind_dn'],
+ :password => gl.ldap['password']
+ end
+
+ gl.omniauth_providers.each do |gl_provider|
+ config.omniauth gl_provider['name'].to_sym, gl_provider['app_id'], gl_provider['app_secret']
+ end
end
View
15 config/initializers/omniauth.rb.sample
@@ -1,15 +0,0 @@
-# Copy this file to 'omniauth.rb' and configure it as necessary.
-# The wiki has further details on configuring each provider.
-
-Devise.setup do |config|
- # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
-
- # config.omniauth :ldap,
- # :host => 'YOUR_LDAP_SERVER',
- # :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
- # :uid => 'sAMAccountName',
- # :port => 389,
- # :method => :plain,
- # :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
- # :password => 'THE_PASSWORD_OF_THE_BIND_USER'
-end

1 comment on commit 486de8c

@raphendyr

Can I ask why LDAP has special meaning as authentication method?
This makes it harder to integrate PAM and Shibboleth authentications... Well not harder, but then there will be special handling for all of them.

I ques you like that there is more authentication schemes than internal, ldap and github/twitter etc? At least I see PAM as very powerful module as you can implement ldap and shibboleth (or both at same time) trough pam.

I noticed that shibboleth fork has the old configuration style and I just came here to look where this change was done, so I could find out the reason behind this.

Please sign in to comment.
Something went wrong with that request. Please try again.