From 6bf117c601eda2ae3045644ab778d167955cd0c3 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Mon, 2 Sep 2013 23:35:40 +0300 Subject: Mode User+LDAP functionality from Gitlab::Auth --- app/controllers/omniauth_callbacks_controller.rb | 12 ++-- app/models/user.rb | 1 + lib/gitlab/auth.rb | 17 ----- lib/gitlab/ldap/user.rb | 92 ++++++++++++++++++++++++ 4 files changed, 99 insertions(+), 23 deletions(-) create mode 100644 lib/gitlab/ldap/user.rb diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index c4ebf0e4889..b0765672dda 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -16,12 +16,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController end def ldap - # We only find ourselves here if the authentication to LDAP was successful. - @user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user) - if @user.persisted? - @user.remember_me = true - end - sign_in_and_redirect @user + # We only find ourselves here + # if the authentication to LDAP was successful. + @user = Gitlab::LDAP::User.find_or_create(request.env["omniauth.auth"]) + @user.remember_me = true if @user.persisted? + + sign_in_and_redirect(@user) end private diff --git a/app/models/user.rb b/app/models/user.rb index b44c063c32f..823e7a24a25 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -159,6 +159,7 @@ class User < ActiveRecord::Base scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) } scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : scoped } scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') } + scope :ldap, -> { where(provider: 'ldap') } scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active } diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index de70c5ce780..5f4b6c22c2c 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -13,23 +13,6 @@ module Gitlab end end - def find_for_ldap_auth(auth, signed_in_resource = nil) - uid = auth.info.uid - provider = auth.provider - email = auth.info.email.downcase unless auth.info.email.nil? - raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil? - - if @user = User.find_by_extern_uid_and_provider(uid, provider) - @user - elsif @user = User.find_by_email(email) - log.info "Updating legacy LDAP user #{email} with extern_uid => #{uid}" - @user.update_attributes(extern_uid: uid, provider: provider) - @user - else - create_from_omniauth(auth, true) - end - end - def create_from_omniauth(auth, ldap = false) provider = auth.provider uid = auth.info.uid || auth.uid diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb new file mode 100644 index 00000000000..a7a11e5a640 --- /dev/null +++ b/lib/gitlab/ldap/user.rb @@ -0,0 +1,92 @@ +# LDAP extension for User model +# +# * Find or create user from omniauth.auth data +# * Links LDAP account with existing user +# +module Gitlab + module LDAP + class User + class << self + def find(uid, email) + # Look for user with ldap provider and same uid + user = model.ldap.where(extern_uid: uid).last + return user if user + + # Look for user with same emails + # + # Possible cases: + # * When user already has account and need to link his LDAP account. + # * LDAP uid changed for user with same email and we need to update his uid + # + user = model.find_by_email(email) + + if user + user.update_attributes(extern_uid: uid, provider: 'ldap') + log.info("(LDAP) Updating legacy LDAP user #{email} with extern_uid => #{uid}") + end + + user + end + + def create(uid, email, name) + password = Devise.friendly_token[0, 8].downcase + username = email.match(/^[^@]*/)[0] + + opts = { + extern_uid: uid, + provider: 'ldap', + name: name, + username: username, + email: email, + password: password, + password_confirmation: password, + } + + user = model.new(opts, as: :admin).with_defaults + user.save! + log.info "(LDAP) Creating user #{email} from login with extern_uid => #{uid}" + + user + end + + def find_or_create(auth) + uid, email, name = uid(auth), email(auth), name(auth) + + if uid.blank? || email.blank? + raise_error("Account must provide an uid and email address") + end + + user = find(uid, email) + user = create(uid, email, name) unless user + user + end + + private + + def uid(auth) + auth.info.uid + end + + def email(auth) + auth.info.email.downcase unless auth.info.email.nil? + end + + def name(auth) + auth.info.name.to_s.force_encoding("utf-8") + end + + def log + Gitlab::AppLogger + end + + def raise_error(message) + raise OmniAuth::Error, "(LDAP) " + message + end + + def model + ::User + end + end + end + end +end -- cgit v1.2.1 From 71abf70458ca1f6d85bc828b215931eaf3639b5d Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Mon, 2 Sep 2013 23:50:45 +0300 Subject: Move ldap auth to LDAP::User. Removed unused code --- lib/gitlab/auth.rb | 19 ++++--------------- lib/gitlab/backend/grack_ldap.rb | 24 ------------------------ lib/gitlab/ldap/user.rb | 25 ++++++++++++++++++++++++- 3 files changed, 28 insertions(+), 40 deletions(-) delete mode 100644 lib/gitlab/backend/grack_ldap.rb diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 5f4b6c22c2c..34e25bc9ccb 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -66,23 +66,12 @@ module Gitlab Gitlab::AppLogger end - def ldap_auth(login, password) - # Check user against LDAP backend if user is not authenticated - # Only check with valid login and password to prevent anonymous bind results - return nil unless ldap_conf.enabled && !login.blank? && !password.blank? - - ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf) - ldap_user = ldap.bind_as( - filter: Net::LDAP::Filter.eq(ldap.uid, login), - size: 1, - password: password - ) - - User.find_by_extern_uid_and_provider(ldap_user.dn, 'ldap') if ldap_user - end - def ldap_conf @ldap_conf ||= Gitlab.config.ldap end + + def ldap_auth(login, password) + Gitlab::LDAP::User.auth(login, password) + end end end diff --git a/lib/gitlab/backend/grack_ldap.rb b/lib/gitlab/backend/grack_ldap.rb deleted file mode 100644 index 45e98fbac1e..00000000000 --- a/lib/gitlab/backend/grack_ldap.rb +++ /dev/null @@ -1,24 +0,0 @@ -require 'omniauth-ldap' - -module Grack - module LDAP - def ldap_auth(login, password) - # Check user against LDAP backend if user is not authenticated - # Only check with valid login and password to prevent anonymous bind results - return nil unless ldap_conf.enabled && !login.blank? && !password.blank? - - ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf) - ldap_user = ldap.bind_as( - filter: Net::LDAP::Filter.eq(ldap.uid, login), - size: 1, - password: password - ) - - User.find_by_extern_uid_and_provider(ldap_user.dn, 'ldap') if ldap_user - end - - def ldap_conf - @ldap_conf ||= Gitlab.config.ldap - end - end -end diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb index a7a11e5a640..fe4a93f3fe7 100644 --- a/lib/gitlab/ldap/user.rb +++ b/lib/gitlab/ldap/user.rb @@ -9,7 +9,7 @@ module Gitlab class << self def find(uid, email) # Look for user with ldap provider and same uid - user = model.ldap.where(extern_uid: uid).last + user = find_by_uid(uid) return user if user # Look for user with same emails @@ -61,6 +61,25 @@ module Gitlab user end + def find_by_uid(uid) + model.ldap.where(extern_uid: uid).last + end + + def auth(login, password) + # Check user against LDAP backend if user is not authenticated + # Only check with valid login and password to prevent anonymous bind results + return nil unless ldap_conf.enabled && login.present? && password.present? + + ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf) + ldap_user = ldap.bind_as( + filter: Net::LDAP::Filter.eq(ldap.uid, login), + size: 1, + password: password + ) + + find_by_uid(ldap_user.dn) if ldap_user + end + private def uid(auth) @@ -86,6 +105,10 @@ module Gitlab def model ::User end + + def ldap_conf + Gitlab.config.ldap + end end end end -- cgit v1.2.1 From 7dfb2b6379719cd6c3ee7b919f973146e9dbc645 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Mon, 2 Sep 2013 23:52:58 +0300 Subject: Remove include of grack_ldap --- lib/gitlab/backend/grack_auth.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb index be5c58bb5a6..c522e0a413b 100644 --- a/lib/gitlab/backend/grack_auth.rb +++ b/lib/gitlab/backend/grack_auth.rb @@ -1,10 +1,8 @@ require_relative 'shell_env' -require_relative 'grack_ldap' require_relative 'grack_helpers' module Grack class Auth < Rack::Auth::Basic - include LDAP include Helpers attr_accessor :user, :project, :ref, :env -- cgit v1.2.1 From cdc4d64da6fc6fbb6c3b78c5e07cdddd91a4c900 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Tue, 3 Sep 2013 23:58:42 +0300 Subject: Dont show remove user button for ldap user --- app/views/profiles/account.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/profiles/account.html.haml b/app/views/profiles/account.html.haml index d711d55ec99..42214a1b46f 100644 --- a/app/views/profiles/account.html.haml +++ b/app/views/profiles/account.html.haml @@ -86,7 +86,7 @@ .controls = f.submit 'Save username', class: "btn btn-save" -- if gitlab_config.signup_enabled +- if gitlab_config.signup_enabled && !current_user.ldap_user? %fieldset.remove-account %legend Remove account -- cgit v1.2.1 From b45e92646e3f91c60e25197d68f72f50b1754c99 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Wed, 4 Sep 2013 00:04:27 +0300 Subject: Added Gitlab::OAuth::User class Authenticate or create users from OAuth providers --- lib/gitlab/oauth/user.rb | 85 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 lib/gitlab/oauth/user.rb diff --git a/lib/gitlab/oauth/user.rb b/lib/gitlab/oauth/user.rb new file mode 100644 index 00000000000..515c5b769e5 --- /dev/null +++ b/lib/gitlab/oauth/user.rb @@ -0,0 +1,85 @@ +# OAuth extension for User model +# +# * Find GitLab user based on omniauth uid and provider +# * Create new user from omniauth data +# +module Gitlab + module OAuth + class User + class << self + attr_reader :auth + + def find(auth) + @auth = auth + find_by_uid_and_provider + end + + def create(auth) + @auth = auth + password = Devise.friendly_token[0, 8].downcase + opts = { + extern_uid: uid, + provider: provider, + name: name, + username: username, + email: email, + password: password, + password_confirmation: password, + } + + user = model.new(opts, as: :admin).with_defaults + user.save! + log.info "(OAuth) Creating user #{email} from login with extern_uid => #{uid}" + + if Gitlab.config.omniauth['block_auto_created_users'] && !ldap? + user.block + end + + user + end + + private + + def find_by_uid_and_provider + model.where(provider: provider, extern_uid: uid).last + end + + def uid + auth.info.uid || auth.uid + end + + def email + auth.info.email.downcase unless auth.info.email.nil? + end + + def name + auth.info.name.to_s.force_encoding("utf-8") + end + + def username + email.match(/^[^@]*/)[0] + end + + def provider + auth.provider + end + + def log + Gitlab::AppLogger + end + + def model + ::User + end + + def raise_error(message) + raise OmniAuth::Error, "(OAuth) " + message + end + + def ldap? + provider == 'ldap' + end + end + end + end +end -- cgit v1.2.1 From 0df1cf7fcceee10db1e66ecf99dcd453d9e687a4 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Wed, 4 Sep 2013 00:06:13 +0300 Subject: Inherit Gitlab::LDAP::User from Gitlab::OAuth::User --- lib/gitlab/ldap/user.rb | 100 ++++++++++++++++-------------------------------- 1 file changed, 33 insertions(+), 67 deletions(-) diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb index fe4a93f3fe7..c8f3a69376a 100644 --- a/lib/gitlab/ldap/user.rb +++ b/lib/gitlab/ldap/user.rb @@ -1,71 +1,49 @@ +require 'gitlab/oauth/user' + # LDAP extension for User model # # * Find or create user from omniauth.auth data # * Links LDAP account with existing user +# * Auth LDAP user with login and password # module Gitlab module LDAP - class User + class User < Gitlab::OAuth::User class << self - def find(uid, email) - # Look for user with ldap provider and same uid - user = find_by_uid(uid) - return user if user - - # Look for user with same emails - # - # Possible cases: - # * When user already has account and need to link his LDAP account. - # * LDAP uid changed for user with same email and we need to update his uid - # - user = model.find_by_email(email) - - if user - user.update_attributes(extern_uid: uid, provider: 'ldap') - log.info("(LDAP) Updating legacy LDAP user #{email} with extern_uid => #{uid}") - end - - user - end - - def create(uid, email, name) - password = Devise.friendly_token[0, 8].downcase - username = email.match(/^[^@]*/)[0] - - opts = { - extern_uid: uid, - provider: 'ldap', - name: name, - username: username, - email: email, - password: password, - password_confirmation: password, - } - - user = model.new(opts, as: :admin).with_defaults - user.save! - log.info "(LDAP) Creating user #{email} from login with extern_uid => #{uid}" - - user - end - def find_or_create(auth) - uid, email, name = uid(auth), email(auth), name(auth) + @auth = auth if uid.blank? || email.blank? raise_error("Account must provide an uid and email address") end - user = find(uid, email) - user = create(uid, email, name) unless user - user - end + user = find(auth) + + unless user + # Look for user with same emails + # + # Possible cases: + # * When user already has account and need to link his LDAP account. + # * LDAP uid changed for user with same email and we need to update his uid + # + user = model.find_by_email(email) + + if user + user.update_attributes(extern_uid: uid, provider: provider) + log.info("(LDAP) Updating legacy LDAP user #{email} with extern_uid => #{uid}") + else + # Create a new user inside GitLab database + # based on LDAP credentials + # + # + user = create(auth) + end + end - def find_by_uid(uid) - model.ldap.where(extern_uid: uid).last + user end - def auth(login, password) + def authenticate(login, password) # Check user against LDAP backend if user is not authenticated # Only check with valid login and password to prevent anonymous bind results return nil unless ldap_conf.enabled && login.present? && password.present? @@ -82,30 +60,18 @@ module Gitlab private - def uid(auth) - auth.info.uid - end - - def email(auth) - auth.info.email.downcase unless auth.info.email.nil? - end - - def name(auth) - auth.info.name.to_s.force_encoding("utf-8") + def find_by_uid(uid) + model.where(provider: provider, extern_uid: uid).last end - def log - Gitlab::AppLogger + def provider + 'ldap' end def raise_error(message) raise OmniAuth::Error, "(LDAP) " + message end - def model - ::User - end - def ldap_conf Gitlab.config.ldap end -- cgit v1.2.1 From 9028999c933a3db790ef4645474d7b04888a308f Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Wed, 4 Sep 2013 00:06:29 +0300 Subject: Use new OAuth classes --- app/controllers/omniauth_callbacks_controller.rb | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index b0765672dda..7131e0fe181 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -18,33 +18,39 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController def ldap # We only find ourselves here # if the authentication to LDAP was successful. - @user = Gitlab::LDAP::User.find_or_create(request.env["omniauth.auth"]) + @user = Gitlab::LDAP::User.find_or_create(oauth) @user.remember_me = true if @user.persisted? - sign_in_and_redirect(@user) end private def handle_omniauth - oauth = request.env['omniauth.auth'] - provider, uid = oauth['provider'], oauth['uid'] - if current_user # Change a logged-in user's authentication method: - current_user.extern_uid = uid - current_user.provider = provider + current_user.extern_uid = oauth['uid'] + current_user.provider = oauth['provider'] current_user.save redirect_to profile_path else - @user = User.find_or_new_for_omniauth(oauth) + @user = Gitlab::OAuth::User.find(oauth) + + # Create user if does not exist + # and allow_single_sign_on is true + if Gitlab.config.omniauth['allow_single_sign_on'] + @user ||= Gitlab::OAuth::User.create(oauth) + end if @user - sign_in_and_redirect @user + sign_in_and_redirect(@user) else flash[:notice] = "There's no such user!" redirect_to new_user_session_path end end end + + def oauth + @oauth ||= request.env['omniauth.auth'] + end end -- cgit v1.2.1 From 3707cc119b291c06703ebf31456c4b8140c324c6 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Wed, 4 Sep 2013 00:12:00 +0300 Subject: Refactor Gitlab::Auth --- app/models/user.rb | 16 ---------------- lib/gitlab/auth.rb | 55 +----------------------------------------------------- 2 files changed, 1 insertion(+), 70 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index 823e7a24a25..b593c22fde3 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -187,22 +187,6 @@ class User < ActiveRecord::Base end end - def create_from_omniauth(auth, ldap = false) - gitlab_auth.create_from_omniauth(auth, ldap) - end - - def find_or_new_for_omniauth(auth) - gitlab_auth.find_or_new_for_omniauth(auth) - end - - def find_for_ldap_auth(auth, signed_in_resource = nil) - gitlab_auth.find_for_ldap_auth(auth, signed_in_resource) - end - - def gitlab_auth - Gitlab::Auth.new - end - def search query where("name LIKE :query OR email LIKE :query OR username LIKE :query", query: "%#{query}%") end diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 34e25bc9ccb..0f196297477 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -7,61 +7,12 @@ module Gitlab # Second chance - try LDAP authentication return nil unless ldap_conf.enabled - ldap_auth(login, password) + Gitlab::LDAP::User.authenticate(login, password) else user if user.valid_password?(password) end end - def create_from_omniauth(auth, ldap = false) - provider = auth.provider - uid = auth.info.uid || auth.uid - uid = uid.to_s.force_encoding("utf-8") - name = auth.info.name.to_s.force_encoding("utf-8") - email = auth.info.email.to_s.downcase unless auth.info.email.nil? - - ldap_prefix = ldap ? '(LDAP) ' : '' - raise OmniAuth::Error, "#{ldap_prefix}#{provider} does not provide an email"\ - " address" if auth.info.email.blank? - - log.info "#{ldap_prefix}Creating user from #{provider} login"\ - " {uid => #{uid}, name => #{name}, email => #{email}}" - password = Devise.friendly_token[0, 8].downcase - @user = User.new({ - extern_uid: uid, - provider: provider, - name: name, - username: email.match(/^[^@]*/)[0], - email: email, - password: password, - password_confirmation: password, - }, as: :admin).with_defaults - @user.save! - - if Gitlab.config.omniauth['block_auto_created_users'] && !ldap - @user.block - end - - @user - end - - def find_or_new_for_omniauth(auth) - provider, uid = auth.provider, auth.uid - email = auth.info.email.downcase unless auth.info.email.nil? - - if @user = User.find_by_provider_and_extern_uid(provider, uid) - @user - elsif @user = User.find_by_email(email) - @user.update_attributes(extern_uid: uid, provider: provider) - @user - else - if Gitlab.config.omniauth['allow_single_sign_on'] - @user = create_from_omniauth(auth) - @user - end - end - end - def log Gitlab::AppLogger end @@ -69,9 +20,5 @@ module Gitlab def ldap_conf @ldap_conf ||= Gitlab.config.ldap end - - def ldap_auth(login, password) - Gitlab::LDAP::User.auth(login, password) - end end end -- cgit v1.2.1 From 3832b2aa679d71dc857f4a6083f0038a2eeb7a9f Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Wed, 4 Sep 2013 00:53:01 +0300 Subject: Improve Profile#account page --- app/helpers/profile_helper.rb | 12 +++ app/views/profiles/account.html.haml | 195 +++++++++++++++++++++-------------- 2 files changed, 128 insertions(+), 79 deletions(-) diff --git a/app/helpers/profile_helper.rb b/app/helpers/profile_helper.rb index 80d67009f59..88d9f184d0e 100644 --- a/app/helpers/profile_helper.rb +++ b/app/helpers/profile_helper.rb @@ -4,4 +4,16 @@ module ProfileHelper 'active' end end + + def show_profile_username_tab? + current_user.can_change_username? + end + + def show_profile_social_tab? + Gitlab.config.omniauth.enabled && !current_user.ldap_user? + end + + def show_profile_remove_tab? + Gitlab.config.gitlab.signup_enabled && !current_user.ldap_user? + end end diff --git a/app/views/profiles/account.html.haml b/app/views/profiles/account.html.haml index 42214a1b46f..8f43db66249 100644 --- a/app/views/profiles/account.html.haml +++ b/app/views/profiles/account.html.haml @@ -5,91 +5,128 @@ - if current_user.ldap_user? Some options are unavailable for LDAP accounts %hr -- unless current_user.ldap_user? - - if Gitlab.config.omniauth.enabled - %fieldset - %legend Social Accounts - .oauth_select_holder - %p.hint Tip: Click on icon to activate signin with one of the following services - - enabled_social_providers.each do |provider| - %span{class: oauth_active_class(provider) } - = link_to authbutton(provider, 32), omniauth_authorize_path(User, provider) - %fieldset.update-password - %legend Password - = form_for @user, url: update_password_profile_path, method: :put do |f| - .padded - %p.slead After a successful password update you will be redirected to login page where you should login with your new password - -if @user.errors.any? - .alert.alert-error - %ul - - @user.errors.full_messages.each do |msg| - %li= msg +.row + .span2 + %ul.nav.nav-pills.nav-stacked.nav-stacked-menu + %li.active + = link_to '#tab-token', 'data-toggle' => 'tab' do + Private Token + %li + = link_to '#tab-password', 'data-toggle' => 'tab' do + Password - .control-group - = f.label :password - .controls= f.password_field :password, required: true - .control-group - = f.label :password_confirmation - .controls - = f.password_field :password_confirmation, required: true - .control-group - .controls - = f.submit 'Save password', class: "btn btn-save" + - if show_profile_social_tab? + %li + = link_to '#tab-social', 'data-toggle' => 'tab' do + Social Accounts + - if show_profile_username_tab? + %li + = link_to '#tab-username', 'data-toggle' => 'tab' do + Change Username + - if show_profile_remove_tab? + %li + = link_to '#tab-remove', 'data-toggle' => 'tab' do + Remove Account + .span10 + .tab-content + .tab-pane.active#tab-token + %fieldset.update-token + %legend + Private token + %span.cred.pull-right + keep it secret! + %div + = form_for @user, url: reset_private_token_profile_path, method: :put do |f| + .data + %p.slead + Your private token is used to access application resources without authentication. + %br + It can be used for atom feeds or the API. + %p.cgray + - if current_user.private_token + = text_field_tag "token", current_user.private_token, class: "input-xxlarge large_text input-xpadding" + = f.submit 'Reset', confirm: "Are you sure?", class: "btn btn-primary btn-build-token" + - else + %span You don`t have one yet. Click generate to fix it. + = f.submit 'Generate', class: "btn success btn-build-token" -%fieldset.update-token - %legend - Private token - %span.cred.pull-right - keep it secret! - .padded - = form_for @user, url: reset_private_token_profile_path, method: :put do |f| - .data - %p.slead - Your private token is used to access application resources without authentication. - %br - It can be used for atom feeds or the API. - %p.cgray - - if current_user.private_token - = text_field_tag "token", current_user.private_token, class: "input-xxlarge large_text input-xpadding" - = f.submit 'Reset', confirm: "Are you sure?", class: "btn btn-primary btn-build-token" - - else - %span You don`t have one yet. Click generate to fix it. - = f.submit 'Generate', class: "btn success btn-build-token" + .tab-pane#tab-password + %fieldset.update-password + %legend Password + = form_for @user, url: update_password_profile_path, method: :put do |f| + %div + %p.slead After a successful password update you will be redirected to login page where you should login with your new password + -if @user.errors.any? + .alert.alert-error + %ul + - @user.errors.full_messages.each do |msg| + %li= msg + .control-group + = f.label :password + .controls= f.password_field :password, required: true + .control-group + = f.label :password_confirmation + .controls + = f.password_field :password_confirmation, required: true + .control-group + .controls + = f.submit 'Save password', class: "btn btn-save" + - if show_profile_social_tab? + .tab-pane#tab-social + %fieldset + %legend Social Accounts + .oauth_select_holder + %p.hint Tip: Click on icon to activate signin with one of the following services + - enabled_social_providers.each do |provider| + %span{class: oauth_active_class(provider) } + = link_to authbutton(provider, 32), omniauth_authorize_path(User, provider) -- if current_user.can_change_username? - %fieldset.update-username - %legend - Username - %small.cred.pull-right - Changing your username can have unintended side effects! - = form_for @user, url: update_username_profile_path, method: :put, remote: true do |f| - .padded - = f.label :username - .controls - = f.text_field :username, required: true -   - %span.loading-gif.hide= image_tag "ajax_loader.gif" - %span.update-success.cgreen.hide - %i.icon-ok - Saved - %span.update-failed.cred.hide - %i.icon-remove - Failed - %ul.cred - %li This will change the web URL for personal projects. - %li This will change the git path to repositories for personal projects. - .controls - = f.submit 'Save username', class: "btn btn-save" + - if show_profile_username_tab? + .tab-pane#tab-username + %fieldset.update-username + %legend + Username + %small.cred.pull-right + Changing your username can have unintended side effects! + = form_for @user, url: update_username_profile_path, method: :put, remote: true do |f| + %div + .control-group + = f.label :username + .controls + = f.text_field :username, required: true +   + %span.loading-gif.hide= image_tag "ajax_loader.gif" + %span.update-success.cgreen.hide + %i.icon-ok + Saved + %span.update-failed.cred.hide + %i.icon-remove + Failed + %ul.cred + %li This will change the web URL for personal projects. + %li This will change the git path to repositories for personal projects. + .controls + = f.submit 'Save username', class: "btn btn-save" -- if gitlab_config.signup_enabled && !current_user.ldap_user? - %fieldset.remove-account - %legend - Remove account - %small.cred.pull-right - Before removing the account you must remove all projects! - = link_to 'Delete account', user_registration_path, confirm: "REMOVE #{current_user.name}? Are you sure?", method: :delete, class: "btn btn-remove delete-key btn-small pull-right" + - if show_profile_remove_tab? + .tab-pane#tab-remove + %fieldset.remove-account + %legend + Remove account + %div + %p Deleting an account has the following effects: + %ul + %li All user content like authored issues, snippets, comments will be removed + - rp = current_user.personal_projects.count + - unless rp.zero? + %li #{pluralize rp, 'personal project'} will be removed and cannot be restored + - if current_user.solo_owned_groups.present? + %li + Next groups will be abandoned. You should transfer or remove them: + %strong #{current_user.solo_owned_groups.map(&:name).join(', ')} + = link_to 'Delete account', user_registration_path, confirm: "REMOVE #{current_user.name}? Are you sure?", method: :delete, class: "btn btn-remove" -- cgit v1.2.1 From 7b8bd93e673a6ace673cab00e0cc10489d64437d Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Wed, 4 Sep 2013 00:53:13 +0300 Subject: Rewrite OAuth specs --- spec/lib/auth_spec.rb | 100 ++++++------------------------------------------- spec/lib/oauth_spec.rb | 44 ++++++++++++++++++++++ 2 files changed, 56 insertions(+), 88 deletions(-) create mode 100644 spec/lib/oauth_spec.rb diff --git a/spec/lib/auth_spec.rb b/spec/lib/auth_spec.rb index 2784d4e2fbe..e05fde95731 100644 --- a/spec/lib/auth_spec.rb +++ b/spec/lib/auth_spec.rb @@ -3,102 +3,26 @@ require 'spec_helper' describe Gitlab::Auth do let(:gl_auth) { Gitlab::Auth.new } - before do - Gitlab.config.stub(omniauth: {}) - - @info = mock( - uid: '12djsak321', - name: 'John', - email: 'john@mail.com' - ) - end - - describe :find_for_ldap_auth do + describe :find do before do - @auth = mock( - uid: '12djsak321', - info: @info, - provider: 'ldap' + @user = create( + :user, + username: 'john', + password: '888777', + password_confirmation: '888777' ) end - it "should find by uid & provider" do - User.should_receive :find_by_extern_uid_and_provider - gl_auth.find_for_ldap_auth(@auth) - end - - it "should update credentials by email if missing uid" do - user = double('User') - User.stub find_by_extern_uid_and_provider: nil - User.stub find_by_email: user - user.should_receive :update_attributes - gl_auth.find_for_ldap_auth(@auth) - end - - - it "should create from auth if user does not exist"do - User.stub find_by_extern_uid_and_provider: nil - User.stub find_by_email: nil - gl_auth.should_receive :create_from_omniauth - gl_auth.find_for_ldap_auth(@auth) - end - end - - describe :find_or_new_for_omniauth do - before do - @auth = mock( - info: @info, - provider: 'twitter', - uid: '12djsak321', - ) + it "should find user by valid login/password" do + gl_auth.find('john', '888777').should == @user end - it "should find user"do - User.should_receive :find_by_provider_and_extern_uid - gl_auth.should_not_receive :create_from_omniauth - gl_auth.find_or_new_for_omniauth(@auth) + it "should not find user with invalid password" do + gl_auth.find('john', 'invalid').should_not == @user end - it "should not create user"do - User.stub find_by_provider_and_extern_uid: nil - gl_auth.should_not_receive :create_from_omniauth - gl_auth.find_or_new_for_omniauth(@auth) - end - - it "should create user if single_sing_on"do - Gitlab.config.omniauth['allow_single_sign_on'] = true - User.stub find_by_provider_and_extern_uid: nil - gl_auth.should_receive :create_from_omniauth - gl_auth.find_or_new_for_omniauth(@auth) - end - end - - describe :create_from_omniauth do - it "should create user from LDAP" do - @auth = mock(info: @info, provider: 'ldap') - user = gl_auth.create_from_omniauth(@auth, true) - - user.should be_valid - user.extern_uid.should == @info.uid - user.provider.should == 'ldap' - end - - it "should create user from Omniauth" do - @auth = mock(info: @info, provider: 'twitter') - user = gl_auth.create_from_omniauth(@auth, false) - - user.should be_valid - user.extern_uid.should == @info.uid - user.provider.should == 'twitter' - end - - it "should apply defaults to user" do - @auth = mock(info: @info, provider: 'ldap') - user = gl_auth.create_from_omniauth(@auth, true) - - user.should be_valid - user.projects_limit.should == Gitlab.config.gitlab.default_projects_limit - user.can_create_group.should == Gitlab.config.gitlab.default_can_create_group + it "should not find user with invalid login and password" do + gl_auth.find('jon', 'invalid').should_not == @user end end end diff --git a/spec/lib/oauth_spec.rb b/spec/lib/oauth_spec.rb new file mode 100644 index 00000000000..e21074554b6 --- /dev/null +++ b/spec/lib/oauth_spec.rb @@ -0,0 +1,44 @@ +require 'spec_helper' + +describe Gitlab::OAuth::User do + let(:gl_auth) { Gitlab::OAuth::User } + + before do + Gitlab.config.stub(omniauth: {}) + + @info = mock( + uid: '12djsak321', + name: 'John', + email: 'john@mail.com' + ) + end + + describe :create do + it "should create user from LDAP" do + @auth = mock(info: @info, provider: 'ldap') + user = gl_auth.create(@auth) + + user.should be_valid + user.extern_uid.should == @info.uid + user.provider.should == 'ldap' + end + + it "should create user from Omniauth" do + @auth = mock(info: @info, provider: 'twitter') + user = gl_auth.create(@auth) + + user.should be_valid + user.extern_uid.should == @info.uid + user.provider.should == 'twitter' + end + + it "should apply defaults to user" do + @auth = mock(info: @info, provider: 'ldap') + user = gl_auth.create(@auth) + + user.should be_valid + user.projects_limit.should == Gitlab.config.gitlab.default_projects_limit + user.can_create_group.should == Gitlab.config.gitlab.default_can_create_group + end + end +end -- cgit v1.2.1 From 8e238f42732e5968dc46e3f08d853d0f3c9b2760 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Wed, 4 Sep 2013 16:20:40 +0300 Subject: Fix user remove tests. Remove user even if he has projects --- app/controllers/registrations_controller.rb | 3 --- spec/features/profile_spec.rb | 16 +--------------- 2 files changed, 1 insertion(+), 18 deletions(-) diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index 194dfcd4122..5f18bac82ed 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -2,9 +2,6 @@ class RegistrationsController < Devise::RegistrationsController before_filter :signup_enabled? def destroy - if current_user.owned_projects.count > 0 - redirect_to account_profile_path, alert: "Remove projects and groups before removing account." and return - end current_user.destroy respond_to do |format| diff --git a/spec/features/profile_spec.rb b/spec/features/profile_spec.rb index 7fa474d0ea1..80c9f5d7f14 100644 --- a/spec/features/profile_spec.rb +++ b/spec/features/profile_spec.rb @@ -17,26 +17,12 @@ describe "Profile account page" do it { page.should have_content("Remove account") } - it "should delete the account", js: true do + it "should delete the account" do expect { click_link "Delete account" }.to change {User.count}.by(-1) current_path.should == new_user_session_path end end - describe "when signup is enabled and user has a project" do - before do - Gitlab.config.gitlab.stub(:signup_enabled).and_return(true) - @project = create(:project, namespace: @user.namespace) - @project.team << [@user, :master] - visit account_profile_path - end - it { page.should have_content("Remove account") } - - it "should not allow user to delete the account" do - expect { click_link "Delete account" }.not_to change {User.count}.by(-1) - end - end - describe "when signup is disabled" do before do Gitlab.config.gitlab.stub(:signup_enabled).and_return(false) -- cgit v1.2.1