Browse files

Refactoring auth

  • Loading branch information...
1 parent 621affe commit 486de8c3f412df3e71c9045faf250941c03c8c00 @randx randx committed Sep 12, 2012
View
32 Gemfile.lock
@@ -158,6 +158,8 @@ GEM
factory_girl_rails (4.0.0)
factory_girl (~> 4.0.0)
railties (>= 3.0.0)
+ faraday (0.8.4)
+ multipart-post (~> 1.1)
ffaker (1.14.0)
ffi (1.0.11)
foreman (0.47.0)
@@ -194,6 +196,7 @@ GEM
httparty (0.8.3)
multi_json (~> 1.0)
multi_xml
+ httpauth (0.1)
i18n (0.6.1)
journey (1.0.4)
jquery-rails (2.0.2)
@@ -203,6 +206,8 @@ GEM
jquery-rails
railties (>= 3.1.0)
json (1.7.5)
+ jwt (0.1.5)
+ multi_json (>= 1.0)
kaminari (0.14.0)
actionpack (>= 3.0.0)
activesupport (>= 3.0.0)
@@ -225,12 +230,35 @@ GEM
sprockets (~> 2.0)
multi_json (1.3.6)
multi_xml (0.5.1)
+ multipart-post (1.1.5)
mysql2 (0.3.11)
net-ldap (0.2.2)
nokogiri (1.5.3)
+ oauth (0.4.7)
+ oauth2 (0.8.0)
+ faraday (~> 0.8)
+ httpauth (~> 0.1)
+ jwt (~> 0.1.4)
+ multi_json (~> 1.0)
+ rack (~> 1.2)
omniauth (1.1.0)
hashie (~> 1.2)
rack
+ omniauth-github (1.0.3)
+ omniauth (~> 1.0)
+ omniauth-oauth2 (~> 1.1)
+ omniauth-google-oauth2 (0.1.13)
+ omniauth (~> 1.0)
+ omniauth-oauth2
+ omniauth-oauth (1.0.1)
+ oauth
+ omniauth (~> 1.0)
+ omniauth-oauth2 (1.1.0)
+ oauth2 (~> 0.8.0)
+ omniauth (~> 1.0)
+ omniauth-twitter (0.0.13)
+ multi_json (~> 1.3)
+ omniauth-oauth (~> 1.0)
orm_adapter (0.3.0)
polyglot (0.3.3)
posix-spawn (0.3.6)
@@ -420,7 +448,11 @@ DEPENDENCIES
linguist (~> 1.0.0)!
modernizr (= 2.5.3)
mysql2
+ omniauth
+ omniauth-github
+ omniauth-google-oauth2
omniauth-ldap!
+ omniauth-twitter
pry
pygments.rb!
rack-mini-profiler
View
4 app/assets/stylesheets/auth_methods.scss
@@ -1,9 +1,9 @@
.auth_methods {
- &ul {
+ ul {
margin: 0;
text-align:center;
padding: 5px;
- &li {
+ li {
display: inline;
}
}
View
32 app/views/devise/sessions/new.html.erb
@@ -1,32 +0,0 @@
-<% unless ldap_enable? -%>
-
- <%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => { :class => "login-box" }) do |f| %>
- <%= image_tag "login-logo.png", :width => "304", :height => "66", :class => "login-logo", :alt => "Login Logo" %>
-
- <%= f.text_field :email, :class => "text top", :placeholder => "Email" %>
- <%= f.password_field :password, :class => "text bottom", :placeholder => "Password" %>
-
- <% if devise_mapping.rememberable? -%>
- <div class="clearfix inputs-list"> <label class="checkbox remember_me" for="user_remember_me"><%= f.check_box :remember_me %><span>Remember me</span></label></div>
- <% end -%>
- <br/>
- <%= f.submit "Sign in", :class => "primary btn" %>
- <div class="right"> <%= render :partial => "devise/shared/links" %></div>
-
- <%- if devise_mapping.omniauthable? %>
- <hr/>
- <div class="auth_methods">
- <ul>
- <%- resource_class.omniauth_providers.each do |provider| %>
- <li><%= link_to authbutton(provider),
- omniauth_authorize_path(resource_name, provider) %></li>
- <% end -%>
- </ul>
- </div>
- <% end -%>
-
- <% end %>
-
-<% else %>
- <%= render :partial => 'devise/sessions/new_ldap' %>
-<% end %>
View
50 config/gitlab.yml.example
@@ -25,8 +25,38 @@ app:
# backup_keep_time: 604800 # default: 0 (forever) (in seconds)
# disable_gravatar: true # default: false - Disable user avatars from Gravatar.com
+
+
+
#
-# 2. Advanced settings:
+# 2. Auth settings
+# ==========================
+ldap:
+ enabled: false
+ host: '_your_ldap_server'
+ base: '_the_base_where_you_search_for_users'
+ port: 636
+ uid: 'sAMAccountName'
+ method: 'ssl' # plain
+ bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+ password: '_the_password_of_the_bind_user'
+
+omniauth:
+ enabled: false
+ allow_single_sign_on: false
+ block_auto_created_users: true
+ providers:
+ # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
+ # app_secret: 'YOUR APP SECRET',
+ # args: { access_type: 'offline', approval_prompt: '' } }
+ # - { name: 'twitter', app_id: 'YOUR APP ID',
+ # app_secret: 'YOUR APP SECRET'}
+ # - { name: 'github', app_id: 'YOUR APP ID',
+ # app_secret: 'YOUR APP SECRET' }
+
+
+#
+# 3. Advanced settings:
# ==========================
# Git Hosting configuration
@@ -50,21 +80,3 @@ git:
git_max_size: 5242880 # 5.megabytes
# Git timeout to read commit, in seconds
git_timeout: 10
-
-# Omniauth configuration
-omniauth:
- enabled: false
- providers:
- allow_single_sign_on: false
- block_auto_created_users: true
-
-# omniauth:
-# enabled: true
-# providers:
-# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
-# app_secret: 'YOUR APP SECRET',
-# args: { access_type: 'offline', approval_prompt: '' } }
-# - { name: 'twitter', app_id: 'YOUR APP ID',
-# app_secret: 'YOUR APP SECRET'}
-# - { name: 'github', app_id: 'YOUR APP ID',
-# app_secret: 'YOUR APP SECRET' }
View
10 config/initializers/1_settings.rb
@@ -120,8 +120,16 @@ def backup_keep_time
app['backup_keep_time'] || 0
end
+ def ldap_enabled?
+ ldap['enabled']
+ rescue
+ false
+ end
+
def omniauth_enabled?
- omniauth['enabled'] || false
+ omniauth && omniauth['enabled']
+ rescue
+ false
end
def omniauth_providers
View
17 config/initializers/devise.rb
@@ -204,4 +204,21 @@
# manager.intercept_401 = false
# manager.default_strategies(:scope => :user).unshift :some_external_strategy
# end
+
+ gl = Gitlab.config
+
+ if gl.ldap_enabled?
+ config.omniauth :ldap,
+ :host => gl.ldap['host'],
+ :base => gl.ldap['base'],
+ :uid => gl.ldap['uid'],
+ :port => gl.ldap['port'],
+ :method => gl.ldap['method'],
+ :bind_dn => gl.ldap['bind_dn'],
+ :password => gl.ldap['password']
+ end
+
+ gl.omniauth_providers.each do |gl_provider|
+ config.omniauth gl_provider['name'].to_sym, gl_provider['app_id'], gl_provider['app_secret']
+ end
end
View
15 config/initializers/omniauth.rb.sample
@@ -1,15 +0,0 @@
-# Copy this file to 'omniauth.rb' and configure it as necessary.
-# The wiki has further details on configuring each provider.
-
-Devise.setup do |config|
- # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
-
- # config.omniauth :ldap,
- # :host => 'YOUR_LDAP_SERVER',
- # :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
- # :uid => 'sAMAccountName',
- # :port => 389,
- # :method => :plain,
- # :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
- # :password => 'THE_PASSWORD_OF_THE_BIND_USER'
-end

1 comment on commit 486de8c

@raphendyr

Can I ask why LDAP has special meaning as authentication method?
This makes it harder to integrate PAM and Shibboleth authentications... Well not harder, but then there will be special handling for all of them.

I ques you like that there is more authentication schemes than internal, ldap and github/twitter etc? At least I see PAM as very powerful module as you can implement ldap and shibboleth (or both at same time) trough pam.

I noticed that shibboleth fork has the old configuration style and I just came here to look where this change was done, so I could find out the reason behind this.

Please sign in to comment.