Permalink
Browse files

Change identification of users with extern auth provider (LDAP)

  • Loading branch information...
1 parent 8b7e404 commit fa5a53f5ed2914052e07ef8fd46879576c978563 @jirutka jirutka committed Jul 29, 2012
@@ -15,8 +15,7 @@ def failure_message
def ldap
# We only find ourselves here if the authentication to LDAP was successful.
- info = request.env["omniauth.auth"]["info"]
- @user = User.find_for_ldap_auth(info)
+ @user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user)
if @user.persisted?
@user.remember_me = true
end
View
@@ -7,7 +7,7 @@ class User < ActiveRecord::Base
attr_accessible :email, :password, :password_confirmation, :remember_me, :bio,
:name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme,
- :theme_id, :force_random_password
+ :theme_id, :force_random_password, :extern_uid, :provider
attr_accessor :force_random_password
@@ -54,6 +54,8 @@ class User < ActiveRecord::Base
validates :bio, :length => { :within => 0..255 }
+ validates :extern_uid, :allow_blank => true, :uniqueness => {:scope => :provider}
+
before_save :ensure_authentication_token
alias_attribute :private_token, :authentication_token
@@ -84,16 +86,21 @@ def self.without_projects
where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)')
end
- def self.find_for_ldap_auth(omniauth_info)
- name = omniauth_info.name.force_encoding("utf-8")
- email = omniauth_info.email.downcase unless omniauth_info.email.nil?
- raise OmniAuth::Error, "LDAP accounts must provide an email address" if email.nil?
+ def self.find_for_ldap_auth(auth, signed_in_resource=nil)
+ uid = auth.info.uid
+ provider = auth.provider
+ name = auth.info.name.force_encoding("utf-8")
+ email = auth.info.email.downcase unless auth.info.email.nil?
+ raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? and email.nil?
- if @user = User.find_by_email(email)
+ if @user = User.find_by_extern_uid_and_provider(uid, provider)
@user
else
+ logger.info "Creating user from LDAP login; uid = #{uid}, name = #{name}, email = #{email}"
password = Devise.friendly_token[0, 8].downcase
@user = User.create(
+ :extern_uid => uid,
+ :provider => provider,
:name => name,
:email => email,
:password => password,
@@ -0,0 +1,8 @@
+class AddExternAuthProviderToUsers < ActiveRecord::Migration
+ def change
+ add_column :users, :extern_uid, :string
+ add_column :users, :provider, :string
+
+ add_index :users, [:extern_uid, :provider], :unique => true
+ end
+end
View
@@ -11,7 +11,7 @@
#
# It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20120712080407) do
+ActiveRecord::Schema.define(:version => 20120729131232) do
create_table "events", :force => true do |t|
t.string "target_type"
@@ -171,9 +171,12 @@
t.boolean "blocked", :default => false, :null => false
t.integer "failed_attempts", :default => 0
t.datetime "locked_at"
+ t.string "extern_uid"
+ t.string "provider"
end
add_index "users", ["email"], :name => "index_users_on_email", :unique => true
+ add_index "users", ["extern_uid", "provider"], :name => "index_users_on_extern_uid_and_provider", :unique => true
add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true
create_table "users_projects", :force => true do |t|

0 comments on commit fa5a53f

Please sign in to comment.