diff --git a/Gemfile b/Gemfile
index b80dca11534ed24094fe99b774dbed8b8990e3f9..801b0aeecbbd64cab59d3e8e0206bd70fc487413 100644
--- a/Gemfile
+++ b/Gemfile
@@ -28,6 +28,7 @@ gem "resque"
gem "httparty"
gem "charlock_holmes"
gem "foreman"
+gem "omniauth-ldap"
group :assets do
gem "sass-rails", "~> 3.1.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index ec171d2c84de9fca4ae1158418fe8463c122dc1b..89d92ae43249e1e07680cac43daa805bb88234fc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -115,6 +115,7 @@ GEM
haml (~> 3.0)
railties (~> 3.0)
hashery (1.4.0)
+ hashie (1.2.0)
hike (1.2.1)
httparty (0.8.1)
multi_json
@@ -141,12 +142,22 @@ GEM
mime-types (1.17.2)
multi_json (1.0.3)
multi_xml (0.4.1)
+ net-ldap (0.2.2)
nokogiri (1.5.0)
+ omniauth (1.0.2)
+ hashie (~> 1.2)
+ rack
+ omniauth-ldap (1.0.2)
+ net-ldap (~> 0.2.2)
+ omniauth (~> 1.0)
+ pyu-ruby-sasl (~> 0.0.3.1)
+ rubyntlm (~> 0.1.1)
orm_adapter (0.0.5)
polyglot (0.3.3)
posix-spawn (0.3.6)
pygments.rb (0.2.4)
rubypython (~> 0.5.3)
+ pyu-ruby-sasl (0.0.3.3)
rack (1.3.5)
rack-cache (1.1)
rack (>= 0.4)
@@ -210,6 +221,7 @@ GEM
ruby-debug-base19 (>= 0.11.19)
ruby_core_source (0.1.5)
archive-tar-minitar (>= 0.5.2)
+ rubyntlm (0.1.1)
rubypython (0.5.3)
blankslate (>= 2.1.2.3)
ffi (~> 1.0.7)
@@ -306,6 +318,7 @@ DEPENDENCIES
kaminari
launchy
letter_opener
+ omniauth-ldap
pygments.rb (= 0.2.4)
rails (= 3.1.1)
rails-footnotes (~> 3.7.5)
diff --git a/app/assets/javascripts/users/omniauth_callbacks.js.coffee b/app/assets/javascripts/users/omniauth_callbacks.js.coffee
new file mode 100644
index 0000000000000000000000000000000000000000..761567942fc20b22ba68ce6b5f46652cf63c48c0
--- /dev/null
+++ b/app/assets/javascripts/users/omniauth_callbacks.js.coffee
@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/
diff --git a/app/assets/stylesheets/users/omniauth_callbacks.css.scss b/app/assets/stylesheets/users/omniauth_callbacks.css.scss
new file mode 100644
index 0000000000000000000000000000000000000000..155643abb7d38c5574e22690249a5c7399f8d507
--- /dev/null
+++ b/app/assets/stylesheets/users/omniauth_callbacks.css.scss
@@ -0,0 +1,3 @@
+// Place all the styles related to the Users::OmniauthCallbacks controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
new file mode 100644
index 0000000000000000000000000000000000000000..19c3879c8966de27abd5eb1cb469e261f127515b
--- /dev/null
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -0,0 +1,22 @@
+class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+
+ def ldap
+ # We only find ourselves here if the authentication to LDAP was successful.
+ ldap = request.env["omniauth.auth"]["extra"]["raw_info"]
+ username = ldap.sAMAccountName[0].to_s
+ email = ldap.proxyaddresses[0][5..-1].to_s
+
+ if @user = User.find_by_email(email)
+ sign_in_and_redirect root_path
+ else
+ password = User.generate_random_password
+ @user = User.create(:name => username,
+ :email => email,
+ :password => password,
+ :password_confirmation => password
+ )
+ sign_in_and_redirect @user
+ end
+ end
+
+end
diff --git a/app/helpers/users/omniauth_callbacks_helper.rb b/app/helpers/users/omniauth_callbacks_helper.rb
new file mode 100644
index 0000000000000000000000000000000000000000..7c6e5e0e9b12d9ae3ed379eb50e2495bc9bdfbe8
--- /dev/null
+++ b/app/helpers/users/omniauth_callbacks_helper.rb
@@ -0,0 +1,2 @@
+module Users::OmniauthCallbacksHelper
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index a13a6f77870e6d23c752c9b219e128a2c567219e..1123c00e69f55593b83cd58fe0de90819279b29c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -2,7 +2,7 @@ class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :token_authenticatable,
- :recoverable, :rememberable, :trackable, :validatable
+ :recoverable, :rememberable, :trackable, :validatable, :omniauthable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me,
@@ -62,6 +62,10 @@ class User < ActiveRecord::Base
def last_activity_project
projects.first
end
+
+ def self.generate_random_password
+ (0...8).map{ ('a'..'z').to_a[rand(26)] }.join
+ end
end
# == Schema Information
#
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb
index c17ff3f99146fef2571b7d90bb1386a9b3d35e09..6ed3edd3b719f670fd17966cb69178d1f4cb294f 100644
--- a/app/views/devise/sessions/new.html.erb
+++ b/app/views/devise/sessions/new.html.erb
@@ -9,4 +9,5 @@
<br/>
<%= f.submit "Sign in", :class => "grey-button" %>
<div class="right"> <%= render :partial => "devise/shared/links" %></div>
+ <%= user_omniauth_authorize_path(:ldap)%>
<% end %>
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 68bf5a0ea39643691f2c592ba718fb071b53ab25..ae378b731402e157aed638b2c97a080f965dc65d 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -199,6 +199,15 @@ Devise.setup do |config|
# up on your models and hooks.
# config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
+ #config.omniauth :ldap,
+ # :host => 'YOUR_LDAP_SERVER',
+ # :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
+ # :uid => 'sAMAccountName',
+ # :port => 389,
+ # :method => :plain,
+ # :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
+ # :password => 'THE_PASSWORD_OF_THE_BIND_USER'
+
# ==> Warden configuration
# If you want to use other strategies, that are not supported by Devise, or
# change the failure app, you can configure them inside the config.warden block.
diff --git a/config/routes.rb b/config/routes.rb
index bb575356d94637a358c13b37cd2e9620dc5a1677..d6951c0eb9e4d9e44c1ff6a8ff3989ffd17b28f5 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -39,7 +39,7 @@ Gitlab::Application.routes.draw do
resources :projects, :constraints => { :id => /[^\/]+/ }, :only => [:new, :create, :index]
resources :keys
- devise_for :users
+ devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
resources :projects, :constraints => { :id => /[^\/]+/ }, :except => [:new, :create, :index], :path => "/" do
member do
diff --git a/spec/controllers/users/omniauth_callbacks_controller_spec.rb b/spec/controllers/users/omniauth_callbacks_controller_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..c393cd3d7b818ff9e817e22f53a0dfd0a18d0c7c
--- /dev/null
+++ b/spec/controllers/users/omniauth_callbacks_controller_spec.rb
@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe Users::OmniauthCallbacksController do
+
+end
diff --git a/spec/helpers/users/omniauth_callbacks_helper_spec.rb b/spec/helpers/users/omniauth_callbacks_helper_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..589a257097a156116f99486aacbabd75f0bd2f8c
--- /dev/null
+++ b/spec/helpers/users/omniauth_callbacks_helper_spec.rb
@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+# Specs in this file have access to a helper object that includes
+# the Users::OmniauthCallbacksHelper. For example:
+#
+# describe Users::OmniauthCallbacksHelper do
+# describe "string concat" do
+# it "concats two strings with spaces" do
+# helper.concat_strings("this","that").should == "this that"
+# end
+# end
+# end
+describe Users::OmniauthCallbacksHelper do
+ pending "add some examples to (or delete) #{__FILE__}"
+end