Module: AuthHelper

Extended by:
AuthHelper
Included in:
AuthHelper, OmniauthCallbacksController, Profiles::AccountsController
Defined in:
app/helpers/auth_helper.rb

Constant Summary collapse

PROVIDERS_WITH_ICONS =
%w(
  alicloud
  atlassian_oauth2
  auth0
  authentiq
  azure_activedirectory_v2
  azure_oauth2
  bitbucket
  facebook
  dingtalk
  github
  gitlab
  google_oauth2
  jwt
  openid_connect
  salesforce
  shibboleth
  twitter
).freeze
LDAP_PROVIDER =
/\Aldap/.freeze
%w(google_oauth2 github).freeze

Instance Method Summary collapse

Instance Method Details

#allow_admin_mode_password_authentication_for_web?Boolean

Returns:

  • (Boolean)

177
178
179
# File 'app/helpers/auth_helper.rb', line 177

def allow_admin_mode_password_authentication_for_web?
  current_user.allow_password_authentication_for_web? && !current_user.password_automatically_set?
end

#any_form_based_providers_enabled?Boolean

Returns:

  • (Boolean)

104
105
106
# File 'app/helpers/auth_helper.rb', line 104

def any_form_based_providers_enabled?
  form_based_providers.any? { |provider| form_enabled_for_sign_in?(provider) }
end

#auth_active?(provider) ⇒ Boolean

rubocop: disable CodeReuse/ActiveRecord

Returns:

  • (Boolean)

162
163
164
165
166
# File 'app/helpers/auth_helper.rb', line 162

def auth_active?(provider)
  return current_user.atlassian_identity.present? if provider == :atlassian_oauth2

  current_user.identities.exists?(provider: provider.to_s)
end

#auth_app_owner_text(owner) ⇒ Object


201
202
203
204
205
206
207
208
209
210
211
# File 'app/helpers/auth_helper.rb', line 201

def auth_app_owner_text(owner)
  return unless owner

  if owner.is_a?(Group)
    group_link = link_to(owner.name, group_path(owner))
    _("This application was created for group %{group_link}.").html_safe % { group_link: group_link }
  else
    user_link = link_to(owner.name, user_path(owner))
    _("This application was created by %{user_link}.").html_safe % { user_link: user_link }
  end
end

#auth_providersObject


56
57
58
# File 'app/helpers/auth_helper.rb', line 56

def auth_providers
  Gitlab::Auth::OAuth::Provider.providers
end

#auth_strategy_class(provider) ⇒ Object


97
98
99
100
101
102
# File 'app/helpers/auth_helper.rb', line 97

def auth_strategy_class(provider)
  config = Gitlab::Auth::OAuth::Provider.config_for(provider)
  return if config.nil? || config['args'].blank?

  config.args['strategy_class']
end

#button_based_providersObject


118
119
120
# File 'app/helpers/auth_helper.rb', line 118

def button_based_providers
  auth_providers.reject { |provider| form_based_provider?(provider) }
end

#button_based_providers_enabled?Boolean

Returns:

  • (Boolean)

143
144
145
# File 'app/helpers/auth_helper.rb', line 143

def button_based_providers_enabled?
  enabled_button_based_providers.any?
end

#crowd_enabled?Boolean

Returns:

  • (Boolean)

114
115
116
# File 'app/helpers/auth_helper.rb', line 114

def crowd_enabled?
  auth_providers.include? :crowd
end

#display_providers_on_profile?Boolean

Returns:

  • (Boolean)

122
123
124
# File 'app/helpers/auth_helper.rb', line 122

def display_providers_on_profile?
  button_based_providers.any?
end

#enabled_button_based_providersObject


130
131
132
133
134
135
136
137
# File 'app/helpers/auth_helper.rb', line 130

def enabled_button_based_providers
  disabled_providers = Gitlab::CurrentSettings. || []

  providers = button_based_providers.map(&:to_s) - disabled_providers
  providers.sort_by do |provider|
    POPULAR_PROVIDERS.index(provider) || POPULAR_PROVIDERS.length
  end
end

#form_based_auth_provider_has_active_class?(provider) ⇒ Boolean

Returns:

  • (Boolean)

81
82
83
# File 'app/helpers/auth_helper.rb', line 81

def form_based_auth_provider_has_active_class?(provider)
  form_based_provider_with_highest_priority == provider
end

#form_based_provider?(name) ⇒ Boolean

Returns:

  • (Boolean)

85
86
87
# File 'app/helpers/auth_helper.rb', line 85

def form_based_provider?(name)
  [LDAP_PROVIDER, 'crowd'].any? { |pattern| pattern === name.to_s }
end

#form_based_provider_priorityObject


68
69
70
# File 'app/helpers/auth_helper.rb', line 68

def form_based_provider_priority
  ['crowd', /^ldap/, 'kerberos']
end

#form_based_provider_with_highest_priorityObject


72
73
74
75
76
77
78
79
# File 'app/helpers/auth_helper.rb', line 72

def form_based_provider_with_highest_priority
  @form_based_provider_with_highest_priority ||= begin
    form_based_provider_priority.each do |provider_regexp|
      highest_priority = form_based_providers.find { |provider| provider.match?(provider_regexp) }
      break highest_priority unless highest_priority.nil?
    end
  end
end

#form_based_providersObject


89
90
91
# File 'app/helpers/auth_helper.rb', line 89

def form_based_providers
  auth_providers.select { |provider| form_based_provider?(provider) }
end

#form_enabled_for_sign_in?(provider) ⇒ Boolean

Returns:

  • (Boolean)

108
109
110
111
112
# File 'app/helpers/auth_helper.rb', line 108

def form_enabled_for_sign_in?(provider)
  return true unless provider.to_s.match?(LDAP_PROVIDER)

  
end

#google_tag_manager_enabled?Boolean

Returns:

  • (Boolean)

181
182
183
184
185
186
187
188
189
190
191
# File 'app/helpers/auth_helper.rb', line 181

def google_tag_manager_enabled?
  return false unless Gitlab.com?

  if Feature.enabled?(:gtm_nonce, type: :ops)
    extra_config.has_key?('google_tag_manager_nonce_id') &&
       extra_config.google_tag_manager_nonce_id.present?
  else
    extra_config.has_key?('google_tag_manager_id') &&
       extra_config.google_tag_manager_id.present?
  end
end

#google_tag_manager_idObject


193
194
195
196
197
198
199
# File 'app/helpers/auth_helper.rb', line 193

def google_tag_manager_id
  return unless google_tag_manager_enabled?

  return extra_config.google_tag_manager_nonce_id if Feature.enabled?(:gtm_nonce, type: :ops)

  extra_config.google_tag_manager_id
end

#icon_for_provider(name) ⇒ Object


64
65
66
# File 'app/helpers/auth_helper.rb', line 64

def icon_for_provider(name)
  Gitlab::Auth::OAuth::Provider.icon_for(name)
end

#label_for_provider(name) ⇒ Object


60
61
62
# File 'app/helpers/auth_helper.rb', line 60

def label_for_provider(name)
  Gitlab::Auth::OAuth::Provider.label_for(name)
end

#ldap_enabled?Boolean

Returns:

  • (Boolean)

26
27
28
# File 'app/helpers/auth_helper.rb', line 26

def ldap_enabled?
  Gitlab::Auth::Ldap::Config.enabled?
end

#ldap_sign_in_enabled?Boolean

Returns:

  • (Boolean)

30
31
32
# File 'app/helpers/auth_helper.rb', line 30

def 
  Gitlab::Auth::Ldap::Config.
end

Returns:

  • (Boolean)

173
174
175
# File 'app/helpers/auth_helper.rb', line 173

def link_provider_allowed?(provider)
  IdentityProviderPolicy.new(current_user, provider).can?(:link)
end

#omniauth_enabled?Boolean

Returns:

  • (Boolean)

34
35
36
# File 'app/helpers/auth_helper.rb', line 34

def omniauth_enabled?
  Gitlab::Auth.omniauth_enabled?
end

139
140
141
# File 'app/helpers/auth_helper.rb', line 139

def popular_enabled_button_based_providers
  enabled_button_based_providers & POPULAR_PROVIDERS
end

#provider_has_builtin_icon?(name) ⇒ Boolean

Returns:

  • (Boolean)

42
43
44
# File 'app/helpers/auth_helper.rb', line 42

def provider_has_builtin_icon?(name)
  PROVIDERS_WITH_ICONS.include?(name.to_s)
end

#provider_has_custom_icon?(name) ⇒ Boolean

Returns:

  • (Boolean)

38
39
40
# File 'app/helpers/auth_helper.rb', line 38

def provider_has_custom_icon?(name)
  icon_for_provider(name.to_s)
end

#provider_has_icon?(name) ⇒ Boolean

Returns:

  • (Boolean)

46
47
48
# File 'app/helpers/auth_helper.rb', line 46

def provider_has_icon?(name)
  provider_has_builtin_icon?(name) || provider_has_custom_icon?(name)
end

#provider_image_tag(provider, size = 64) ⇒ Object


147
148
149
150
151
152
153
154
155
156
157
158
159
# File 'app/helpers/auth_helper.rb', line 147

def provider_image_tag(provider, size = 64)
  label = label_for_provider(provider)

  if provider_has_custom_icon?(provider)
    image_tag(icon_for_provider(provider), alt: label, title: "Sign in with #{label}", class: "gl-button-icon")
  elsif provider_has_builtin_icon?(provider)
    file_name = "#{provider.to_s.split('_').first}_#{size}.png"

    image_tag("auth_buttons/#{file_name}", alt: label, title: "Sign in with #{label}", class: "gl-button-icon")
  else
    label
  end
end

#providers_for_base_controllerObject


126
127
128
# File 'app/helpers/auth_helper.rb', line 126

def providers_for_base_controller
  auth_providers.reject { |provider| LDAP_PROVIDER === provider }
end

#qa_class_for_provider(provider) ⇒ Object


50
51
52
53
54
# File 'app/helpers/auth_helper.rb', line 50

def qa_class_for_provider(provider)
  {
    saml: 'qa-saml-login-button'
  }[provider.to_sym]
end

#saml_providersObject


93
94
95
# File 'app/helpers/auth_helper.rb', line 93

def saml_providers
  auth_providers.select { |provider| auth_strategy_class(provider) == 'OmniAuth::Strategies::SAML' }
end

rubocop: enable CodeReuse/ActiveRecord

Returns:

  • (Boolean)

169
170
171
# File 'app/helpers/auth_helper.rb', line 169

def unlink_provider_allowed?(provider)
  IdentityProviderPolicy.new(current_user, provider).can?(:unlink)
end