From 1331d4f69c64709e81f9004d704a5b5a42cd4035 Mon Sep 17 00:00:00 2001 From: Jeremy Slater Date: Thu, 10 Jan 2013 17:17:12 -0500 Subject: [PATCH] Authenticate LDAP users in the grack module --- lib/gitlab/backend/grack_auth.rb | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb index cfad532a06c..ba91ffade72 100644 --- a/lib/gitlab/backend/grack_auth.rb +++ b/lib/gitlab/backend/grack_auth.rb @@ -3,17 +3,34 @@ module Grack attr_accessor :user, :project def valid? + gl = Gitlab.config + # Authentication with username and password login, password = @auth.credentials self.user = User.find_by_email(login) || User.find_by_username(login) + self.user = nil unless user.try(:valid_password?, password) + + # Check user against LDAP backend if user is not authenticated + # Only check with valid login and password to prevent anonymous bind results + if user.nil? && gl.ldap.enabled && !login.blank? && !password.blank? + require "omniauth-ldap" + ldap = OmniAuth::LDAP::Adaptor.new(gl.ldap) + ldap_user = ldap.bind_as( + filter: Net::LDAP::Filter.eq(ldap.uid, login), + size: 1, + password: password + ) - return false unless user.try(:valid_password?, password) + if ldap_user + self.user = User.find_by_extern_uid_and_provider(ldap_user.dn, 'ldap') + end + end - email = user.email + return false unless user # Set GL_USER env variable - ENV['GL_USER'] = email + ENV['GL_USER'] = user.email # Pass Gitolite update hook ENV['GL_BYPASS_UPDATE_HOOK'] = "true" -- GitLab