BigW Consortium Gitlab

authentication.rb 1.78 KB
Newer Older
quodos committed
1
# These calls help to authenticate to LDAP by providing username and password
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
#
# Since multiple LDAP servers are supported, it will loop through all of them
# until a valid bind is found
#

module Gitlab
  module LDAP
    class Authentication
      def self.login(login, password)
        return unless Gitlab::LDAP::Config.enabled?
        return unless login.present? && password.present?

        auth = nil
        # loop through providers until valid bind
        providers.find do |provider|
          auth = new(provider)
          auth.login(login, password) # true will exit the loop
        end

21 22
        # If (login, password) was invalid for all providers, the value of auth is now the last
        # Gitlab::LDAP::Authentication instance we tried.
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
        auth.user
      end

      def self.providers
        Gitlab::LDAP::Config.providers
      end

      attr_accessor :provider, :ldap_user

      def initialize(provider)
        @provider = provider
      end

      def login(login, password)
        @ldap_user = adapter.bind_as(
          filter: user_filter(login),
          size: 1,
          password: password
        )
      end

      def adapter
45
        OmniAuth::LDAP::Adaptor.new(config.options.symbolize_keys)
46 47 48 49 50 51 52
      end

      def config
        Gitlab::LDAP::Config.new(provider)
      end

      def user_filter(login)
53
        filter = Net::LDAP::Filter.equals(config.uid, login)
54 55 56 57 58 59 60

        # Apply LDAP user filter if present
        if config.user_filter.present?
          filter = Net::LDAP::Filter.join(
            filter,
            Net::LDAP::Filter.construct(config.user_filter)
          )
61
        end
62
        filter
63 64 65 66 67 68 69 70
      end

      def user
        return nil unless ldap_user
        Gitlab::LDAP::User.find_by_uid_and_provider(ldap_user.dn, provider)
      end
    end
  end
71
end