Permalink
Browse files

Merge branch 'master' of https://github.com/funglaub/gitlabhq into fu…

…nglaub-master

Conflicts:
	Gemfile.lock
	app/helpers/application_helper.rb
	app/views/devise/sessions/new.html.erb
	db/schema.rb
  • Loading branch information...
dzaporozhets committed Sep 12, 2012
2 parents 40eec08 + 0dd94cd commit 621affecb59b8ce5304370cfd7979fba2b73ff4e
View
@@ -16,6 +16,10 @@ gem "mysql2"
# Auth
gem "devise", "~> 2.1.0"
+gem 'omniauth'
+gem 'omniauth-google-oauth2'
+gem 'omniauth-twitter'
+gem 'omniauth-github'
# GITLAB patched libs
gem "grit", :git => "https://github.com/gitlabhq/grit.git", :ref => "7f35cb98ff17d534a07e3ce6ec3d580f67402837"
@@ -0,0 +1,10 @@
+.auth_methods {
+ &ul {
+ margin: 0;
+ text-align:center;
+ padding: 5px;
+ &li {
+ display: inline;
+ }
+ }
+}
@@ -134,7 +134,7 @@ $hover: #fdf5d9;
* TODO: clean it
*/
@import "common.scss";
-
+@import "auth_methods.scss";
/**
* Styles related to specific part of app
@@ -9,7 +9,7 @@ def failure_message
error ||= env["omniauth.error.type"].to_s
error.to_s.humanize if error
end
-
+
def ldap
# We only find ourselves here if the authentication to LDAP was successful.
@user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user)
@@ -19,4 +19,33 @@ def ldap
sign_in_and_redirect @user
end
+ Settings.omniauth_providers.each do |provider|
+ define_method provider['name'] do
+ handle_omniauth
+ end
+ end
+
+ private
+
+ def handle_omniauth
+ oauth = request.env['omniauth.auth']
+ provider, uid = oauth['provider'], oauth['uid']
+
+ if current_user
+ # Change a logged-in user's authentication method:
+ current_user.extern_uid = uid
+ current_user.provider = provider
+ current_user.save
+ redirect_to profile_path
+ else
+ @user = User.find_or_new_for_omniauth(oauth)
+
+ if @user
+ sign_in_and_redirect @user
+ else
+ flash[:notice] = "There's no such user!"
+ redirect_to new_user_session_path
+ end
+ end
+ end
end
@@ -135,4 +135,9 @@ def project_last_activity project
"Never"
end
end
+
+ def authbutton(provider, size = 64)
+ image_tag("authbuttons/#{provider.to_s.split('_').first}_#{size}.png",
+ alt: "Sign in with #{provider.to_s.titleize}" )
+ end
end
View
@@ -86,10 +86,50 @@ def self.without_projects
where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)')
end
+ def self.create_from_omniauth(auth, ldap = false)
+ provider, uid = auth.provider, auth.uid
+ name = auth.info.name.force_encoding("utf-8")
+ email = auth.info.email.downcase unless auth.info.email.nil?
+
+ ldap_prefix = ldap ? '(LDAP) ' : ''
+ raise OmniAuth::Error, "#{ldap_prefix}#{provider} does not provide an email"\
+ " address" if auth.info.email.blank?
+
+ logger.info "#{ldap_prefix}Creating user from #{provider} login"\
+ " {uid => #{uid}, name => #{name}, email => #{email}}"
+ password = Devise.friendly_token[0, 8].downcase
+ @user = User.new(
+ extern_uid: uid,
+ provider: provider,
+ name: name,
+ email: email,
+ password: password,
+ password_confirmation: password,
+ projects_limit: Gitlab.config.default_projects_limit,
+ )
+ if Gitlab.config.omniauth.block_auto_created_users && !ldap
+ @user.blocked = true
+ end
+ @user.save!
+ @user
+ end
+
+ def self.find_or_new_for_omniauth(auth)
+ provider, uid = auth.provider, auth.uid
+
+ if @user = User.find_by_provider_and_extern_uid(provider, uid)
+ @user
+ else
+ if Gitlab.config.omniauth.allow_single_sign_on
+ @user = User.create_from_omniauth(auth)
+ @user
+ end
+ end
+ end
+
def self.find_for_ldap_auth(auth, signed_in_resource=nil)
uid = auth.info.uid
provider = auth.provider
- name = auth.info.name.force_encoding("utf-8")
email = auth.info.email.downcase unless auth.info.email.nil?
raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil?
@@ -101,17 +141,7 @@ def self.find_for_ldap_auth(auth, signed_in_resource=nil)
@user.update_attributes(:extern_uid => uid, :provider => provider)
@user
else
- logger.info "Creating user from LDAP login {uid => #{uid}, name => #{name}, email => #{email}}"
- password = Devise.friendly_token[0, 8].downcase
- @user = User.create(
- :extern_uid => uid,
- :provider => provider,
- :name => name,
- :email => email,
- :password => password,
- :password_confirmation => password,
- :projects_limit => Gitlab.config.default_projects_limit
- )
+ create_from_omniauth(auth)
end
end
@@ -148,4 +178,3 @@ def self.search query
# bio :string(255)
# blocked :boolean(1) default(FALSE), not null
#
-
@@ -0,0 +1,32 @@
+<% unless ldap_enable? -%>
+
+ <%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => { :class => "login-box" }) do |f| %>
+ <%= image_tag "login-logo.png", :width => "304", :height => "66", :class => "login-logo", :alt => "Login Logo" %>
+
+ <%= f.text_field :email, :class => "text top", :placeholder => "Email" %>
+ <%= f.password_field :password, :class => "text bottom", :placeholder => "Password" %>
+
+ <% if devise_mapping.rememberable? -%>
+ <div class="clearfix inputs-list"> <label class="checkbox remember_me" for="user_remember_me"><%= f.check_box :remember_me %><span>Remember me</span></label></div>
+ <% end -%>
+ <br/>
+ <%= f.submit "Sign in", :class => "primary btn" %>
+ <div class="right"> <%= render :partial => "devise/shared/links" %></div>
+
+ <%- if devise_mapping.omniauthable? %>
+ <hr/>
+ <div class="auth_methods">
+ <ul>
+ <%- resource_class.omniauth_providers.each do |provider| %>
+ <li><%= link_to authbutton(provider),
+ omniauth_authorize_path(resource_name, provider) %></li>
+ <% end -%>
+ </ul>
+ </div>
+ <% end -%>
+
+ <% end %>
+
+<% else %>
+ <%= render :partial => 'devise/sessions/new_ldap' %>
+<% end %>
@@ -10,7 +10,7 @@
= link_to "Profile", profile_path
%li{class: tab_class(:password)}
- = link_to "Password", profile_password_path
+ = link_to "Authentication", profile_password_path
%li{class: tab_class(:ssh_keys)}
= link_to keys_path do
@@ -1,19 +1,31 @@
%h3.page_title Password
%hr
+
= form_for @user, url: profile_password_path, method: :put do |f|
- .data
- %p.slead After successful password update you will be redirected to login page where you should login with new password
- -if @user.errors.any?
- .alert-message.block-message.error
- %ul
- - @user.errors.full_messages.each do |msg|
- %li= msg
+ .row
+ .span7
+ .data
+ %p.slead After successful password update you will be redirected to login page where you should login with new password
+ -if @user.errors.any?
+ .alert-message.block-message.error
+ %ul
+ - @user.errors.full_messages.each do |msg|
+ %li= msg
+
+ .clearfix
+ = f.label :password
+ .input= f.password_field :password
+ .clearfix
+ = f.label :password_confirmation
+ .input= f.password_field :password_confirmation
- .clearfix
- = f.label :password
- .input= f.password_field :password
- .clearfix
- = f.label :password_confirmation
- .input= f.password_field :password_confirmation
+ - if Settings.omniauth.enabled
+ .span5.right
+ .auth_methods.alert.alert-info
+ %strong Tip: Use one of the following sites to login
+ %ul
+ - User.omniauth_providers.each do |provider|
+ %li= link_to authbutton(provider), |
+ omniauth_authorize_path(User, provider) |
.actions
= f.submit 'Save', class: "btn save-btn"
@@ -50,6 +50,13 @@
%strong Tip:
You can change your avatar at gravatar.com
+ - if Settings.omniauth.enabled && @user.provider?
+ %h4
+ Omniauth Providers:
+ = link_to "Change", profile_password_path, class: "btn small right"
+ You can login through #{@user.provider.titleize}!
+ = authbutton(@user.provider, 32)
+
%h4
Personal projects:
%small.right
View
@@ -50,3 +50,21 @@ git:
git_max_size: 5242880 # 5.megabytes
# Git timeout to read commit, in seconds
git_timeout: 10
+
+# Omniauth configuration
+omniauth:
+ enabled: false
+ providers:
+ allow_single_sign_on: false
+ block_auto_created_users: true
+
+# omniauth:
+# enabled: true
+# providers:
+# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
+# app_secret: 'YOUR APP SECRET',
+# args: { access_type: 'offline', approval_prompt: '' } }
+# - { name: 'twitter', app_id: 'YOUR APP ID',
+# app_secret: 'YOUR APP SECRET'}
+# - { name: 'github', app_id: 'YOUR APP ID',
+# app_secret: 'YOUR APP SECRET' }
@@ -6,19 +6,19 @@ def web_protocol
self.web['protocol'] ||= web.https ? "https" : "http"
end
- def web_host
+ def web_host
self.web['host'] ||= 'localhost'
end
def email_from
self.email['from'] ||= ("notify@" + web_host)
end
- def url
+ def url
self['url'] ||= build_url
- end
+ end
- def web_port
+ def web_port
if web.https
web['port'] = 443
else
@@ -36,7 +36,7 @@ def build_url
raw_url << web_host
if web_custom_port?
- raw_url << ":#{web_port}"
+ raw_url << ":#{web_port}"
end
raw_url
@@ -120,6 +120,14 @@ def backup_keep_time
app['backup_keep_time'] || 0
end
+ def omniauth_enabled?
+ omniauth['enabled'] || false
+ end
+
+ def omniauth_providers
+ omniauth['providers'] || []
+ end
+
def disable_gravatar?
app['disable_gravatar'] || false
end
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.

0 comments on commit 621affe

Please sign in to comment.