BigW Consortium Gitlab

user.rb 1.62 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
# SAML extension for User model
#
# * Find GitLab user based on SAML uid and provider
# * Create new user from SAML data
#
module Gitlab
  module Saml
    class User < Gitlab::OAuth::User

      def save
        super('SAML')
      end

      def gl_user
        if auto_link_ldap_user?
          @user ||= find_or_create_ldap_user
        end

19 20
        @user ||= find_by_uid_and_provider

21
        if auto_link_saml_user?
22 23 24 25 26 27 28
          @user ||= find_by_email
        end

        if signup_enabled?
          @user ||= build_new_user
        end

29 30 31 32 33 34 35
        if external_users_enabled? && @user
          # Check if there is overlap between the user's groups and the external groups
          # setting then set user as external or internal.
          if (auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
            @user.external = false
          else
            @user.external = true
36 37 38
          end
        end

39 40 41 42 43 44 45 46 47 48 49
        @user
      end

      def find_by_email
        if auth_hash.has_email?
          user = ::User.find_by(email: auth_hash.email.downcase)
          user.identities.new(extern_uid: auth_hash.uid, provider: auth_hash.provider) if user
          user
        end
      end

50
      def changed?
51 52
        return true unless gl_user
        gl_user.changed? || gl_user.identities.any?(&:changed?)
53 54
      end

55 56
      protected

57
      def auto_link_saml_user?
58 59
        Gitlab.config.omniauth.auto_link_saml_user
      end
60 61 62 63 64 65 66 67

      def external_users_enabled?
        !Gitlab::Saml::Config.external_groups.nil?
      end

      def auth_hash=(auth_hash)
        @auth_hash = Gitlab::Saml::AuthHash.new(auth_hash)
      end
68 69 70
    end
  end
end