From 70a9884021dbf346ebda37094e18982e328246d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vanja=20Radovanovi=C4=87?= Date: Tue, 4 Dec 2012 14:26:11 +0100 Subject: [PATCH] added ldap authentication for http repo access --- lib/gitlab/backend/grack_auth.rb | 61 ++++++++++++++++++++++++++------ 1 file changed, 51 insertions(+), 10 deletions(-) diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb index 9fafc9617d1..27ca8724e00 100644 --- a/lib/gitlab/backend/grack_auth.rb +++ b/lib/gitlab/backend/grack_auth.rb @@ -1,15 +1,19 @@ +require "net/ldap" + +# assumes ldap login is present in User.username +# flow in general: +# * find user either by email or username (using provided login) +# * if ldap enabled and user provider is ldap, authenticate over ldap +# * else validate plain password module Grack class Auth < Rack::Auth::Basic attr_accessor :user, :project def valid? - # Authentication with username and password + # Authentication login, password = @auth.credentials - self.user = User.find_by_email(login) || User.find_by_username(login) - - return false unless user.try(:valid_password?, password) - + return false unless authenticate_user(user, password) email = user.email # Set GL_USER env variable @@ -76,10 +80,47 @@ module Grack def abilities @abilities ||= begin - abilities = Six.new - abilities << Ability - abilities - end + abilities = Six.new + abilities << Ability + abilities + end + end + + private + + def authenticate_user(user, password) + return false unless user + + if user.provider == "ldap" && Gitlab.config.ldap_enabled? + authenticate_user_from_ldap(user, password) + else + authenticate_user_with_plain_password(user, password) + end + end + + def authenticate_user_with_plain_password(user, password) + user.valid_password?(password) + end + + def authenticate_user_from_ldap(user, password) + gl = Gitlab.config + return false unless gl.ldap_enabled? + + ldap = Net::LDAP.new( + host: gl.ldap['host'], + port: gl.ldap['port'], + auth: { + method: :simple, + username: gl.ldap['bind_dn'], + password: gl.ldap['password'] + } + ) + + ldap.bind_as( + :base => gl.ldap['base'], + :filter => Net::LDAP::Filter.eq(gl.ldap['uid'], user.username), + :password => password + ) end end# Auth -end# Grack +end# Grack \ No newline at end of file -- GitLab