diff options
| -rw-r--r-- | lib/api/session.rb | 17 | ||||
| -rw-r--r-- | lib/gitlab/auth.rb | 13 | ||||
| -rw-r--r-- | lib/gitlab/backend/grack_auth.rb | 15 |
3 files changed, 24 insertions, 21 deletions
diff --git a/lib/api/session.rb b/lib/api/session.rb index 509acded51e..cc646895914 100644 --- a/lib/api/session.rb +++ b/lib/api/session.rb @@ -3,18 +3,19 @@ module API class Session < Grape::API # Login to get token # + # Parameters: + # login (*required) - user login + # email (*required) - user email + # password (required) - user password + # # Example Request: # POST /session post "/session" do - resource = User.find_for_database_authentication(email: params[:email]) - - return unauthorized! unless resource + auth = Gitlab::Auth.new + user = auth.find(params[:email] || params[:login], params[:password]) - if resource.valid_password?(params[:password]) - present resource, with: Entities::UserLogin - else - unauthorized! - end + return unauthorized! unless user + present user, with: Entities::UserLogin end end end diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index beb4fcf0570..de70c5ce780 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -1,5 +1,18 @@ module Gitlab class Auth + def find(login, password) + user = User.find_by_email(login) || User.find_by_username(login) + + if user.nil? || user.ldap_user? + # Second chance - try LDAP authentication + return nil unless ldap_conf.enabled + + ldap_auth(login, password) + else + user if user.valid_password?(password) + end + end + def find_for_ldap_auth(auth, signed_in_resource = nil) uid = auth.info.uid provider = auth.provider diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb index e7217c7c7e6..a4f98ecd350 100644 --- a/lib/gitlab/backend/grack_auth.rb +++ b/lib/gitlab/backend/grack_auth.rb @@ -64,19 +64,8 @@ module Grack end def authenticate_user(login, password) - user = User.find_by_email(login) || User.find_by_username(login) - - # If the provided login was not a known email or username - # then user is nil - if user.nil? || user.ldap_user? - # Second chance - try LDAP authentication - return nil unless ldap_conf.enabled - - auth = Gitlab::Auth.new - auth.ldap_auth(login, password) - else - return user if user.valid_password?(password) - end + auth = Gitlab::Auth.new + auth.find(login, password) end def authorize_request(service) |