Commit 66968268 authored by Jacob Vosmaer's avatar Jacob Vosmaer

Move LDAP timeout code to Gitlab::LDAP::Access

parent 68a9203b
......@@ -201,15 +201,10 @@ class ApplicationController < ActionController::Base
def ldap_security_check
if current_user && current_user.requires_ldap_check?
gitlab_ldap_access do |access|
if access.allowed?(current_user)
current_user.last_credential_check_at = Time.now
current_user.save
else
sign_out current_user
flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path
end
unless Gitlab::LDAP::Access.allowed?(current_user)
sign_out current_user
flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path
end
end
end
......
......@@ -21,13 +21,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
@user = Gitlab::LDAP::User.find_or_create(oauth)
@user.remember_me = true if @user.persisted?
gitlab_ldap_access do |access|
if access.allowed?(@user)
sign_in_and_redirect(@user)
else
flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path
end
# Do additional LDAP checks for the user filter and EE features
if Gitlab::LDAP::Access.allowed?(@user)
sign_in_and_redirect(@user)
else
flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path
end
end
......
......@@ -9,6 +9,19 @@ module Gitlab
end
end
def self.allowed?(user)
self.open do |access|
if access.allowed?(user)
# GitLab EE LDAP code goes here
user.last_credential_check_at = Time.now
user.save
true
else
false
end
end
end
def initialize(adapter=nil)
@adapter = adapter
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment