gitlab-ce

Commit Graph

Author	SHA1	Message	Date
Alexander Keramidas	4df54f2607	Profile updates from providers	2017-09-06 16:38:52 +03:00
Douwe Maan	c1cf5f4101	Support simple string LDAP attribute specifications, and search for name rather than username attributes	2017-08-23 22:06:22 +02:00
Rémy Coutable	fcce6c3168	Merge branch 'rs-more-public-send-whitelists' into 'master' Whitelist or fix additional `Gitlab/PublicSend` cop violations See merge request !13467	2017-08-16 11:25:26 +00:00
Robert Speicher	4edfad9678	Enable Layout/TrailingWhitespace cop and auto-correct offenses	2017-08-15 13:44:37 -04:00
Robert Speicher	260c8da060	Whitelist or fix additional `Gitlab/PublicSend` cop violations An upcoming update to rubocop-gitlab-security added additional violations.	2017-08-14 12:14:11 -04:00
Douwe Maan	ebd2ed8f64	Pass OmniAuth formatted options to OmniAuth::LDAP::Adaptor	2017-07-31 11:43:35 +02:00
Rubén Dávila	ef97cb54ae	Backport some recent changes related to LDAP from EE	2017-07-27 08:45:16 -05:00
Casper	a5d2ce8e61	Use LDAP-attributes configured in gitlab.yml in lookup instead of just hard-coded attributes.	2017-07-26 16:48:13 +00:00
Michael Kozono	7f92a36a36	Fix plain LDAP (no encryption)	2017-07-26 02:43:40 -07:00
Michael Kozono	0b4eb7f218	Fix code style	2017-07-26 02:43:37 -07:00
Michael Kozono	72d8b1e40a	Move backwards compatibility logic out of the code And closer to the configuration setup. The code doesn’t need to know about this.	2017-07-26 02:43:36 -07:00
Michael Kozono	2d7d1fa69d	Pass configured `ssl_version` to `omniauth-ldap`	2017-07-26 02:43:36 -07:00
Michael Kozono	c8dd77de81	Pass configured `ca_file` to `omniauth-ldap`	2017-07-26 02:43:35 -07:00
Michael Kozono	cd13e4ae73	Verify certificates in `omniauth-ldap`	2017-07-26 02:43:35 -07:00
Michael Kozono	612b386450	Set `Net::LDAP` `ssl_version` option	2017-07-26 02:43:34 -07:00
Michael Kozono	dcc12505aa	Set `Net::LDAP` `ca_file` option	2017-07-26 02:43:34 -07:00
Michael Kozono	b67c007842	Set `Net::LDAP` encryption properly	2017-07-26 02:43:33 -07:00
Michael Kozono	94b4c9f34f	Use encryption instead of method The method key is deprecated in the `gitlab_omniauth-ldap` gem.	2017-07-26 02:43:33 -07:00
Bob Van Landuyt	d2eb5bbd9c	Fix setting `last_credential_check` on LDAP-login	2017-06-28 09:30:18 +02:00
James Lopez	b804db2648	refactor update user service not to do auth checks	2017-06-23 11:41:43 +02:00
James Lopez	c9fd3dc42c	more refactoring based on feedback	2017-06-23 11:41:42 +02:00
James Lopez	158550cf37	added service in the rest of controllers and classes	2017-06-23 11:41:42 +02:00
Grzegorz Bizon	0430b76441	Enable Style/DotPosition Rubocop 👮	2017-06-21 13:48:12 +00:00
Robin Bobbitt	469acd190e	Sync email address from specified omniauth provider	2017-06-07 11:13:57 -04:00
Rémy Coutable	3db37e0562	Enable the Style/TrailingCommaInArguments cop Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me>	2017-05-10 18:25:45 +02:00
mhasbini	0a09925dce	Enable Style/Proc cop for rubocop	2017-04-02 12:48:43 +03:00
Rémy Coutable	c5e34da01d	Remove explicit `require` calls, and use `require_dependency` when needed See http://guides.rubyonrails.org/autoloading_and_reloading_constants.html for more info. Signed-off-by: Rémy Coutable <remy@rymai.me>	2017-03-13 14:29:55 +01:00
Douwe Maan	1fe7501b49	Revert "Prefer leading style for Style/DotPosition" This reverts commit cb10b725c8929b8b4460f89c9d96c773af39ba6b.	2017-02-23 09:33:05 -06:00
Douwe Maan	75f5fa997d	Enable Rails/Delegate	2017-02-23 09:32:42 -06:00
Douwe Maan	206953a430	Prefer leading style for Style/DotPosition	2017-02-23 09:32:22 -06:00
Grzegorz Bizon	cff423449f	Fix Rubocop offenses in LDAP related code and spec	2017-01-10 14:31:21 +01:00
Rémy Coutable	6056903265	Merge branch 'feature/log-ldap-to-application-log' into 'master' Log LDAP blocking/unblocking events to application log See merge request !8042	2017-01-09 13:39:19 +00:00
Drew Blessing	de4eee0894	LDAP attributes needs default values	2017-01-06 00:24:33 -06:00
Drew Blessing	babb7d5260	Gitlab::LDAP::Person uses LDAP attributes configuration We allow users to configure LDAP attribute preferences. For example, email can be configured to use `mail`, `email` and `userPrincipalName`, falling through to the next until a value is found. Prior to this change, Gitlab::LDAP::Person did not honor this configuration. Now, the class will honor `name` and `mail` configuration. It does not handle `username`, or fallback to `first_name` + `last_name` in the absence of `name`.	2017-01-03 13:26:47 -06:00
Markus Koller	bd0c171c55	fixup! Log messages when blocking/unblocking LDAP accounts	2016-12-20 19:54:37 +01:00
Markus Koller	e87e280598	Log messages when blocking/unblocking LDAP accounts	2016-12-20 19:51:45 +01:00
Drew Blessing	c50b98da72	Centralize LDAP config/filter logic Centralize all LDAP config logic in `GitLab::LDAP::Config`. Previously, some logic was in the Devise initializer and it was not honoring the `user_filter`. If a user outside the configured `user_filter` signed in, an account would be created but they would then be denied access. Now that logic is centralized, the filter is honored and users outside the filter are never created.	2016-11-11 15:58:33 -06:00
Drew Blessing	dc30783057	Introduce better credential and error checking to `rake gitlab:ldap:check` It was previously possible for invalid credential errors to go unnoticed in this task. Users would believe everything was configured correctly and then sign in would fail with 'invalid credentials'. This adds a specific bind check, plus catches errors connecting to the server. Also, specs :)	2016-11-08 15:46:10 -06:00
Markus Koller	68364fe2f0	Log LDAP lookup errors and don't swallow unrelated exceptions Signed-off-by: Roger Meier <r.meier@siemens.com>	2016-09-28 07:44:58 +02:00
Drew Blessing	08714d2bcd	Move LDAP user attributes to a method	2016-09-15 22:46:22 -05:00
Drew Blessing	bf8a48e179	Request only the LDAP attributes we need	2016-09-09 13:14:57 -05:00
Gabriel Mazetto	c9aa19881c	Enable Style/SpaceAroundEqualsInParameterDefault cop	2016-08-06 04:03:01 +02:00
Grzegorz Bizon	e052daa08a	Enable Style/EmptyLinesAroundAccessModifier rubocop cop See #17478	2016-06-03 10:34:20 +02:00
Gabriel Mazetto	5ee6badade	Unblocks user when active_directory is disabled and it can be found	2016-04-05 16:34:31 -03:00
Patricio Cano	06376be56a	Decouple SAML authentication from the default Omniauth logic	2016-02-18 17:01:07 -05:00
Douwe Maan	873b0db220	Revert "Merge branch 'saml-decoupling' into 'master' " This reverts commit `c04e22fba8`, reversing changes made to `0feab326d5`.	2016-02-18 22:14:53 +01:00
Patricio Cano	f014127e17	Decouple SAML authentication from the default Omniauth logic	2016-02-18 13:22:19 -05:00
Douwe Maan	98e1a5b634	Allow LDAP users to change their email if it was not set by the LDAP server	2016-01-19 16:25:38 +01:00
Douwe Maan	4d64a32c88	Merge branch 'feature/ldap-sync-edgecases' into 'master' LDAP Sync blocked user edgecases Allow GitLab admins to block otherwise valid GitLab LDAP users (https://gitlab.com/gitlab-org/gitlab-ce/issues/3462) Based on the discussion on the original issue, we are going to differentiate "normal" block operations to the ldap automatic ones in order to make some decisions when its one or the other. Expected behavior: - [x] "ldap_blocked" users respond to both `blocked?` and `ldap_blocked?` - [x] "ldap_blocked" users can't be unblocked by the Admin UI - [x] "ldap_blocked" users can't be unblocked by the API - [x] Block operations that are originated from LDAP synchronization will flag user as "ldap_blocked" - [x] Only "ldap_blocked" users will be automatically unblocked by LDAP synchronization - [x] When LDAP identity is removed, we should convert `ldap_blocked` into `blocked` Mockup for the Admin UI with both "ldap_blocked" and normal "blocked" users: ![image](/uploads/4f56fc17b73cb2c9e2a154a22e7ad291/image.png) There will be another MR for the EE version. See merge request !2242	2016-01-14 11:00:08 +00:00
Gabriel Mazetto	dd6fc01ff8	fixed LDAP activation on login to use new ldap_blocked state	2016-01-14 03:31:27 -02:00

1 2 3

133 Commits