GitLab steht wegen Wartungsarbeiten am Montag, den 10. Mai, zwischen 17:00 und 19:00 Uhr nicht zur Verfügung.

Unverified Commit 1ec106b8 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'ldap_connections'

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Conflicts:
	CHANGELOG
parents bce8edbb 48e90540
......@@ -18,6 +18,7 @@ v 6.7.0
- Add webhook when a new tag is pushed (Jeroen van Baarsen)
- Add button for toggling inline comments in diff view
- Add retry feature for repository import
- Reuse the GitLab LDAP connection within each request
v 6.6.2
- Fix 500 error on branch/tag create or remove via UI
......
......@@ -182,13 +182,15 @@ def check_password_expiration
def ldap_security_check
if current_user && current_user.requires_ldap_check?
if gitlab_ldap_access.allowed?(current_user)
current_user.last_credential_check_at = Time.now
current_user.save
else
sign_out current_user
flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path
gitlab_ldap_access do |access|
if access.allowed?(current_user)
current_user.last_credential_check_at = Time.now
current_user.save
else
sign_out current_user
flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path
end
end
end
end
......@@ -198,8 +200,8 @@ def event_filter
@event_filter ||= EventFilter.new(filters)
end
def gitlab_ldap_access
Gitlab::LDAP::Access.new
def gitlab_ldap_access(&block)
Gitlab::LDAP::Access.open { |access| block.call(access) }
end
# JSON for infinite scroll via Pager object
......
module Gitlab
module LDAP
class Access
attr_reader :adapter
def self.open(&block)
Gitlab::LDAP::Adapter.open do |adapter|
block.call(self.new(adapter))
end
end
def initialize(adapter=nil)
@adapter = adapter
end
def allowed?(user)
!!Gitlab::LDAP::Person.find_by_dn(user.extern_uid)
!!Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter)
rescue
false
end
......
......@@ -3,7 +3,17 @@ module LDAP
class Adapter
attr_reader :ldap
def initialize
def self.open(&block)
Net::LDAP.open(adapter_options) do |ldap|
block.call(self.new(ldap))
end
end
def self.config
Gitlab.config.ldap
end
def self.adapter_options
encryption = config['method'].to_s == 'ssl' ? :simple_tls : nil
options = {
......@@ -23,8 +33,12 @@ def initialize
if config['password'] || config['bind_dn']
options.merge!(auth_options)
end
options
end
@ldap = Net::LDAP.new(options)
def initialize(ldap=nil)
@ldap = ldap || Net::LDAP.new(self.class.adapter_options)
end
def users(field, value)
......@@ -65,7 +79,7 @@ def user(*args)
private
def config
@config ||= Gitlab.config.ldap
@config ||= self.class.config
end
end
end
......
module Gitlab
module LDAP
class Person
def self.find_by_uid(uid)
Gitlab::LDAP::Adapter.new.user(config.uid, uid)
def self.find_by_uid(uid, adapter=nil)
adapter ||= Gitlab::LDAP::Adapter.new
adapter.user(config.uid, uid)
end
def self.find_by_dn(dn)
Gitlab::LDAP::Adapter.new.user('dn', dn)
def self.find_by_dn(dn, adapter=nil)
adapter ||= Gitlab::LDAP::Adapter.new
adapter.user('dn', dn)
end
def initialize(entry)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment