config.rb 3.93 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11
# Load a specific server configuration
module Gitlab
  module LDAP
    class Config
      attr_accessor :provider, :options

      def self.enabled?
        Gitlab.config.ldap.enabled
      end

      def self.servers
12
        Gitlab.config.ldap.servers.values
13 14 15
      end

      def self.providers
16
        servers.map { |server| server['provider_name'] }
17 18
      end

19 20 21 22 23 24 25 26
      def self.valid_provider?(provider)
        providers.include?(provider)
      end

      def self.invalid_provider(provider)
        raise "Unknown provider (#{provider}). Available providers: #{providers}"
      end

27
      def initialize(provider)
28 29 30 31 32 33
        if self.class.valid_provider?(provider)
          @provider = provider
        else
          self.class.invalid_provider(provider)
        end
        @options = config_for(@provider) # Use @provider, not provider
34 35 36 37 38 39 40
      end

      def enabled?
        base_config.enabled
      end

      def adapter_options
41
        opts = base_options.merge(
42
          encryption: encryption
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
        )

        opts.merge!(auth_options) if has_auth?

        opts
      end

      def omniauth_options
        opts = base_options.merge(
          base: base,
          method: options['method'],
          filter: omniauth_user_filter,
          name_proc: name_proc
        )

        if has_auth?
          opts.merge!(
            bind_dn: options['bind_dn'],
            password: options['password']
          )
63
        end
64 65

        opts
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88
      end

      def base
        options['base']
      end

      def uid
        options['uid']
      end

      def sync_ssh_keys?
        sync_ssh_keys.present?
      end

      # The LDAP attribute in which the ssh keys are stored
      def sync_ssh_keys
        options['sync_ssh_keys']
      end

      def user_filter
        options['user_filter']
      end

89 90 91 92
      def constructed_user_filter
        @constructed_user_filter ||= Net::LDAP::Filter.construct(user_filter)
      end

93 94 95 96 97 98 99 100 101 102 103 104
      def group_base
        options['group_base']
      end

      def admin_group
        options['admin_group']
      end

      def active_directory
        options['active_directory']
      end

105 106 107 108
      def block_auto_created_users
        options['block_auto_created_users']
      end

109
      def attributes
110
        default_attributes.merge(options['attributes'])
111 112
      end

113 114 115 116
      def timeout
        options['timeout'].to_i
      end

117 118 119 120
      def has_auth?
        options['password'] || options['bind_dn']
      end

121 122 123 124 125 126
      def allow_username_or_email_login
        options['allow_username_or_email_login']
      end

      def name_proc
        if allow_username_or_email_login
127
          proc { |name| name.gsub(/@.*\z/, '') }
128
        else
129
          proc { |name| name }
130 131 132
        end
      end

133 134 135 136 137 138 139 140 141 142
      def default_attributes
        {
          'username'    => %w(uid userid sAMAccountName),
          'email'       => %w(mail email userPrincipalName),
          'name'        => 'cn',
          'first_name'  => 'givenName',
          'last_name'   => 'sn'
        }
      end

143
      protected
144

145 146 147 148 149 150 151
      def base_options
        {
          host: options['host'],
          port: options['port']
        }
      end

152 153 154 155 156
      def base_config
        Gitlab.config.ldap
      end

      def config_for(provider)
157
        base_config.servers.values.find { |server| server['provider_name'] == provider }
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179
      end

      def encryption
        case options['method'].to_s
        when 'ssl'
          :simple_tls
        when 'tls'
          :start_tls
        else
          nil
        end
      end

      def auth_options
        {
          auth: {
            method: :simple,
            username: options['bind_dn'],
            password: options['password']
          }
        }
      end
180 181 182 183 184 185 186 187 188 189

      def omniauth_user_filter
        uid_filter = Net::LDAP::Filter.eq(uid, '%{username}')

        if user_filter.present?
          Net::LDAP::Filter.join(uid_filter, constructed_user_filter).to_s
        else
          uid_filter.to_s
        end
      end
190 191 192
    end
  end
end