Merge branch 'better_ldap' of https://github.com/jirutka/gitlabhq into jirutka-better_ldap

Conflicts:
	app/models/user.rb

4 files changed, 36 insertions, 14 deletions

diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
index d19931e93d7..d472936b4b4 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -12,8 +12,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
  
   def ldap
     # We only find ourselves here if the authentication to LDAP was successful.
-    info = request.env["omniauth.auth"]["info"]
-    @user = User.find_for_ldap_auth(info)
+    @user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user)
     if @user.persisted?
       @user.remember_me = true
     end
diff --git a/app/models/user.rb b/app/models/user.rb
index 92c81c83d41..ad6af6a6dd0 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -7,7 +7,7 @@ class User < ActiveRecord::Base
 
   attr_accessible :email, :password, :password_confirmation, :remember_me, :bio,
                   :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme,
-                  :theme_id, :force_random_password
+                  :theme_id, :force_random_password, :extern_uid, :provider
 
   attr_accessor :force_random_password
 
@@ -54,6 +54,8 @@ class User < ActiveRecord::Base
 
   validates :bio, length: { within: 0..255 }
 
+  validates :extern_uid, :allow_blank => true, :uniqueness => {:scope => :provider}
+
   before_save :ensure_authentication_token
   alias_attribute :private_token, :authentication_token
 
@@ -84,21 +86,31 @@ class User < ActiveRecord::Base
     where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)')
   end
 
-  def self.find_for_ldap_auth(omniauth_info)
-    name = omniauth_info.name.force_encoding("utf-8")
-    email = omniauth_info.email.downcase unless omniauth_info.email.nil?
-    raise OmniAuth::Error, "LDAP accounts must provide an email address" if email.nil?
+  def self.find_for_ldap_auth(auth, signed_in_resource=nil)
+    uid = auth.info.uid
+    provider = auth.provider
+    name = auth.info.name.force_encoding("utf-8")
+    email = auth.info.email.downcase unless auth.info.email.nil?
+    raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil?
 
-    if @user = User.find_by_email(email)
+    if @user = User.find_by_extern_uid_and_provider(uid, provider)
+      @user
+    # workaround for backward compatibility
+    elsif @user = User.find_by_email(email)
+      logger.info "Updating legacy LDAP user #{email} with extern_uid => #{uid}"
+      @user.update_attributes(:extern_uid => uid, :provider => provider)
       @user
     else
+      logger.info "Creating user from LDAP login {uid => #{uid}, name => #{name}, email => #{email}}"
       password = Devise.friendly_token[0, 8].downcase
       @user = User.create(
-        name: name,
-        email: email,
-        password: password,
-        password_confirmation: password,
-        projects_limit: Gitlab.config.default_projects_limit
+        :extern_uid => uid,
+        :provider => provider,
+        :name => name,
+        :email => email,
+        :password => password,
+        :password_confirmation => password,
+        :projects_limit => Gitlab.config.default_projects_limit
       )
     end
   end
diff --git a/db/migrate/20120729131232_add_extern_auth_provider_to_users.rb b/db/migrate/20120729131232_add_extern_auth_provider_to_users.rb
new file mode 100644
index 00000000000..d5e66ba4d3b
--- /dev/null
+++ b/db/migrate/20120729131232_add_extern_auth_provider_to_users.rb
@@ -0,0 +1,8 @@
+class AddExternAuthProviderToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :extern_uid, :string
+    add_column :users, :provider, :string
+
+    add_index :users, [:extern_uid, :provider], :unique => true
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index c4c54f562a3..46461e44aad 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20120712080407) do
+ActiveRecord::Schema.define(:version => 20120729131232) do
 
   create_table "events", :force => true do |t|
     t.string   "target_type"
@@ -171,9 +171,12 @@ ActiveRecord::Schema.define(:version => 20120712080407) do
     t.boolean  "blocked",                               :default => false, :null => false
     t.integer  "failed_attempts",                       :default => 0
     t.datetime "locked_at"
+    t.string   "extern_uid"
+    t.string   "provider"
   end
 
   add_index "users", ["email"], :name => "index_users_on_email", :unique => true
+  add_index "users", ["extern_uid", "provider"], :name => "index_users_on_extern_uid_and_provider", :unique => true
   add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true
 
   create_table "users_projects", :force => true do |t|