Module: AuthHelper

Extended by:
AuthHelper
Included in:
AuthHelper, OmniauthCallbacksController, Profiles::AccountsController
Defined in:
app/helpers/auth_helper.rb

Constant Summary collapse

PROVIDERS_WITH_ICONS =
%w(twitter github gitlab bitbucket google_oauth2 facebook azure_oauth2 authentiq salesforce atlassian_oauth2).freeze
LDAP_PROVIDER =
/\Aldap/.freeze

Instance Method Summary collapse

Instance Method Details

#allow_admin_mode_password_authentication_for_web?Boolean

Returns:

  • (Boolean)

150
151
152
# File 'app/helpers/auth_helper.rb', line 150

def allow_admin_mode_password_authentication_for_web?
  current_user.allow_password_authentication_for_web? && !current_user.password_automatically_set?
end

#any_form_based_providers_enabled?Boolean

Returns:

  • (Boolean)

74
75
76
# File 'app/helpers/auth_helper.rb', line 74

def any_form_based_providers_enabled?
  form_based_providers.any? { |provider| form_enabled_for_sign_in?(provider) }
end

#auth_active?(provider) ⇒ Boolean

rubocop: disable CodeReuse/ActiveRecord

Returns:

  • (Boolean)

135
136
137
138
139
# File 'app/helpers/auth_helper.rb', line 135

def auth_active?(provider)
  return current_user.atlassian_identity.present? if provider == :atlassian_oauth2

  current_user.identities.exists?(provider: provider.to_s)
end

#auth_providersObject


37
38
39
# File 'app/helpers/auth_helper.rb', line 37

def auth_providers
  Gitlab::Auth::OAuth::Provider.providers
end

#button_based_providersObject


88
89
90
# File 'app/helpers/auth_helper.rb', line 88

def button_based_providers
  auth_providers.reject { |provider| form_based_provider?(provider) }
end

#button_based_providers_enabled?Boolean

Returns:

  • (Boolean)

116
117
118
# File 'app/helpers/auth_helper.rb', line 116

def button_based_providers_enabled?
  enabled_button_based_providers.any?
end

#crowd_enabled?Boolean

Returns:

  • (Boolean)

84
85
86
# File 'app/helpers/auth_helper.rb', line 84

def crowd_enabled?
  auth_providers.include? :crowd
end

#display_providers_on_profile?Boolean

Returns:

  • (Boolean)

92
93
94
# File 'app/helpers/auth_helper.rb', line 92

def display_providers_on_profile?
  button_based_providers.any?
end

#enabled_button_based_providersObject


100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# File 'app/helpers/auth_helper.rb', line 100

def enabled_button_based_providers
  disabled_providers = Gitlab::CurrentSettings. || []

  providers = button_based_providers.map(&:to_s) - disabled_providers
  providers.sort_by do |provider|
    case provider
    when 'google_oauth2'
      0
    when 'github'
      1
    else
      2
    end
  end
end

#form_based_auth_provider_has_active_class?(provider) ⇒ Boolean

Returns:

  • (Boolean)

62
63
64
# File 'app/helpers/auth_helper.rb', line 62

def form_based_auth_provider_has_active_class?(provider)
  form_based_provider_with_highest_priority == provider
end

#form_based_provider?(name) ⇒ Boolean

Returns:

  • (Boolean)

66
67
68
# File 'app/helpers/auth_helper.rb', line 66

def form_based_provider?(name)
  [LDAP_PROVIDER, 'crowd'].any? { |pattern| pattern === name.to_s }
end

#form_based_provider_priorityObject


49
50
51
# File 'app/helpers/auth_helper.rb', line 49

def form_based_provider_priority
  ['crowd', /^ldap/, 'kerberos']
end

#form_based_provider_with_highest_priorityObject


53
54
55
56
57
58
59
60
# File 'app/helpers/auth_helper.rb', line 53

def form_based_provider_with_highest_priority
  @form_based_provider_with_highest_priority ||= begin
    form_based_provider_priority.each do |provider_regexp|
      highest_priority = form_based_providers.find { |provider| provider.match?(provider_regexp) }
      break highest_priority unless highest_priority.nil?
    end
  end
end

#form_based_providersObject


70
71
72
# File 'app/helpers/auth_helper.rb', line 70

def form_based_providers
  auth_providers.select { |provider| form_based_provider?(provider) }
end

#form_enabled_for_sign_in?(provider) ⇒ Boolean

Returns:

  • (Boolean)

78
79
80
81
82
# File 'app/helpers/auth_helper.rb', line 78

def form_enabled_for_sign_in?(provider)
  return true unless provider.to_s.match?(LDAP_PROVIDER)

  
end

#icon_for_provider(name) ⇒ Object


45
46
47
# File 'app/helpers/auth_helper.rb', line 45

def icon_for_provider(name)
  Gitlab::Auth::OAuth::Provider.icon_for(name)
end

#label_for_provider(name) ⇒ Object


41
42
43
# File 'app/helpers/auth_helper.rb', line 41

def label_for_provider(name)
  Gitlab::Auth::OAuth::Provider.label_for(name)
end

#ldap_enabled?Boolean

Returns:

  • (Boolean)

7
8
9
# File 'app/helpers/auth_helper.rb', line 7

def ldap_enabled?
  Gitlab::Auth::Ldap::Config.enabled?
end

#ldap_sign_in_enabled?Boolean

Returns:

  • (Boolean)

11
12
13
# File 'app/helpers/auth_helper.rb', line 11

def 
  Gitlab::Auth::Ldap::Config.
end

Returns:

  • (Boolean)

146
147
148
# File 'app/helpers/auth_helper.rb', line 146

def link_provider_allowed?(provider)
  IdentityProviderPolicy.new(current_user, provider).can?(:link)
end

#omniauth_enabled?Boolean

Returns:

  • (Boolean)

15
16
17
# File 'app/helpers/auth_helper.rb', line 15

def omniauth_enabled?
  Gitlab::Auth.omniauth_enabled?
end

#provider_has_builtin_icon?(name) ⇒ Boolean

Returns:

  • (Boolean)

23
24
25
# File 'app/helpers/auth_helper.rb', line 23

def provider_has_builtin_icon?(name)
  PROVIDERS_WITH_ICONS.include?(name.to_s)
end

#provider_has_custom_icon?(name) ⇒ Boolean

Returns:

  • (Boolean)

19
20
21
# File 'app/helpers/auth_helper.rb', line 19

def provider_has_custom_icon?(name)
  icon_for_provider(name.to_s)
end

#provider_has_icon?(name) ⇒ Boolean

Returns:

  • (Boolean)

27
28
29
# File 'app/helpers/auth_helper.rb', line 27

def provider_has_icon?(name)
  provider_has_builtin_icon?(name) || provider_has_custom_icon?(name)
end

#provider_image_tag(provider, size = 64) ⇒ Object


120
121
122
123
124
125
126
127
128
129
130
131
132
# File 'app/helpers/auth_helper.rb', line 120

def provider_image_tag(provider, size = 64)
  label = label_for_provider(provider)

  if provider_has_custom_icon?(provider)
    image_tag(icon_for_provider(provider), alt: label, title: "Sign in with #{label}")
  elsif provider_has_builtin_icon?(provider)
    file_name = "#{provider.to_s.split('_').first}_#{size}.png"

    image_tag("auth_buttons/#{file_name}", alt: label, title: "Sign in with #{label}")
  else
    label
  end
end

#providers_for_base_controllerObject


96
97
98
# File 'app/helpers/auth_helper.rb', line 96

def providers_for_base_controller
  auth_providers.reject { |provider| LDAP_PROVIDER === provider }
end

#qa_class_for_provider(provider) ⇒ Object


31
32
33
34
35
# File 'app/helpers/auth_helper.rb', line 31

def qa_class_for_provider(provider)
  {
    saml: 'qa-saml-login-button'
  }[provider.to_sym]
end

rubocop: enable CodeReuse/ActiveRecord

Returns:

  • (Boolean)

142
143
144
# File 'app/helpers/auth_helper.rb', line 142

def unlink_provider_allowed?(provider)
  IdentityProviderPolicy.new(current_user, provider).can?(:unlink)
end