3 def find_for_ldap_auth(auth, signed_in_resource = nil)
5 provider = auth.provider
6 email = auth.info.email.downcase unless auth.info.email.nil?
7 raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil?
9 if @user = User.find_by_extern_uid_and_provider(uid, provider)
11 elsif @user = User.find_by_email(email)
12 log.info "Updating legacy LDAP user #{email} with extern_uid => #{uid}"
13 @user.update_attributes(extern_uid: uid, provider: provider)
16 create_from_omniauth(auth, true)
20 def create_from_omniauth(auth, ldap = false)
21 provider = auth.provider
22 uid = auth.info.uid || auth.uid
23 uid = uid.to_s.force_encoding("utf-8")
24 name = auth.info.name.to_s.force_encoding("utf-8")
25 email = auth.info.email.to_s.downcase unless auth.info.email.nil?
27 ldap_prefix = ldap ? '(LDAP) ' : ''
28 raise OmniAuth::Error, "#{ldap_prefix}#{provider} does not provide an email"\
29 " address" if auth.info.email.blank?
31 log.info "#{ldap_prefix}Creating user from #{provider} login"\
32 " {uid => #{uid}, name => #{name}, email => #{email}}"
33 password = Devise.friendly_token[0, 8].downcase
38 username: email.match(/^[^@]*/)[0],
41 password_confirmation: password,
42 }, as: :admin).with_defaults
45 if Gitlab.config.omniauth['block_auto_created_users'] && !ldap
52 def find_or_new_for_omniauth(auth)
53 provider, uid = auth.provider, auth.uid
54 email = auth.info.email.downcase unless auth.info.email.nil?
56 if @user = User.find_by_provider_and_extern_uid(provider, uid)
58 elsif @user = User.find_by_email(email)
59 @user.update_attributes(extern_uid: uid, provider: provider)
62 if Gitlab.config.omniauth['allow_single_sign_on']
63 @user = create_from_omniauth(auth)
73 def ldap_auth(login, password)
74 # Check user against LDAP backend if user is not authenticated
75 # Only check with valid login and password to prevent anonymous bind results
76 return nil unless ldap_conf.enabled && !login.blank? && !password.blank?
78 ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf)
79 ldap_user = ldap.bind_as(
80 filter: Net::LDAP::Filter.eq(ldap.uid, login),
85 User.find_by_extern_uid_and_provider(ldap_user.dn, 'ldap') if ldap_user
89 @ldap_conf ||= Gitlab.config.ldap