Module: AuthHelper
- Extended by:
- AuthHelper
- Included in:
- AuthHelper, OmniauthCallbacksController, Profiles::AccountsController
- Defined in:
- app/helpers/auth_helper.rb
Constant Summary collapse
- PROVIDERS_WITH_ICONS =
%w[ alicloud atlassian_oauth2 auth0 azure_activedirectory_v2 azure_oauth2 bitbucket facebook dingtalk github gitlab google_oauth2 jwt openid_connect shibboleth twitter ].freeze
- LDAP_PROVIDER =
/\Aldap/
- POPULAR_PROVIDERS =
%w[google_oauth2 github].freeze
Instance Method Summary collapse
- #allow_admin_mode_password_authentication_for_web? ⇒ Boolean
- #any_form_based_providers_enabled? ⇒ Boolean
-
#auth_active?(provider) ⇒ Boolean
rubocop: disable CodeReuse/ActiveRecord.
- #auth_app_owner_text(owner) ⇒ Object
- #auth_providers ⇒ Object
- #auth_strategy_class(provider) ⇒ Object
- #button_based_providers ⇒ Object
- #button_based_providers_enabled? ⇒ Boolean
- #crowd_enabled? ⇒ Boolean
- #display_providers_on_profile? ⇒ Boolean
- #enabled_button_based_providers ⇒ Object
- #form_based_auth_provider_has_active_class?(provider) ⇒ Boolean
- #form_based_provider?(name) ⇒ Boolean
- #form_based_provider_priority ⇒ Object
- #form_based_provider_with_highest_priority ⇒ Object
- #form_based_providers ⇒ Object
- #form_enabled_for_sign_in?(provider) ⇒ Boolean
- #google_tag_manager_enabled? ⇒ Boolean
- #google_tag_manager_id ⇒ Object
- #icon_for_provider(name) ⇒ Object
- #label_for_provider(name) ⇒ Object
- #ldap_enabled? ⇒ Boolean
- #ldap_sign_in_enabled? ⇒ Boolean
- #link_provider_allowed?(provider) ⇒ Boolean
- #omniauth_enabled? ⇒ Boolean
- #popular_enabled_button_based_providers ⇒ Object
- #provider_has_builtin_icon?(name) ⇒ Boolean
- #provider_has_custom_icon?(name) ⇒ Boolean
- #provider_has_icon?(name) ⇒ Boolean
- #provider_image_tag(provider, size = 64) ⇒ Object
- #providers_for_base_controller ⇒ Object
- #qa_selector_for_provider(provider) ⇒ Object
- #saml_providers ⇒ Object
-
#unlink_provider_allowed?(provider) ⇒ Boolean
rubocop: enable CodeReuse/ActiveRecord.
Instance Method Details
#allow_admin_mode_password_authentication_for_web? ⇒ Boolean
181 182 183 |
# File 'app/helpers/auth_helper.rb', line 181 def allow_admin_mode_password_authentication_for_web? current_user.allow_password_authentication_for_web? && !current_user.password_automatically_set? end |
#any_form_based_providers_enabled? ⇒ Boolean
108 109 110 |
# File 'app/helpers/auth_helper.rb', line 108 def any_form_based_providers_enabled? form_based_providers.any? { |provider| form_enabled_for_sign_in?(provider) } end |
#auth_active?(provider) ⇒ Boolean
rubocop: disable CodeReuse/ActiveRecord
166 167 168 169 170 |
# File 'app/helpers/auth_helper.rb', line 166 def auth_active?(provider) return current_user.atlassian_identity.present? if provider == :atlassian_oauth2 current_user.identities.exists?(provider: provider.to_s) end |
#auth_app_owner_text(owner) ⇒ Object
205 206 207 208 209 210 211 212 213 214 215 |
# File 'app/helpers/auth_helper.rb', line 205 def auth_app_owner_text(owner) return unless owner if owner.is_a?(Group) group_link = link_to(owner.name, group_path(owner)) _("This application was created for group %{group_link}.").html_safe % { group_link: group_link } else user_link = link_to(owner.name, user_path(owner)) _("This application was created by %{user_link}.").html_safe % { user_link: user_link } end end |
#auth_providers ⇒ Object
60 61 62 |
# File 'app/helpers/auth_helper.rb', line 60 def auth_providers Gitlab::Auth::OAuth::Provider.providers end |
#auth_strategy_class(provider) ⇒ Object
101 102 103 104 105 106 |
# File 'app/helpers/auth_helper.rb', line 101 def auth_strategy_class(provider) config = Gitlab::Auth::OAuth::Provider.config_for(provider) return if config.nil? || config['args'].blank? config.args['strategy_class'] end |
#button_based_providers ⇒ Object
122 123 124 |
# File 'app/helpers/auth_helper.rb', line 122 def auth_providers.reject { |provider| form_based_provider?(provider) } end |
#button_based_providers_enabled? ⇒ Boolean
147 148 149 |
# File 'app/helpers/auth_helper.rb', line 147 def .any? end |
#crowd_enabled? ⇒ Boolean
118 119 120 |
# File 'app/helpers/auth_helper.rb', line 118 def crowd_enabled? auth_providers.include? :crowd end |
#display_providers_on_profile? ⇒ Boolean
126 127 128 |
# File 'app/helpers/auth_helper.rb', line 126 def display_providers_on_profile? .any? end |
#enabled_button_based_providers ⇒ Object
134 135 136 137 138 139 140 141 |
# File 'app/helpers/auth_helper.rb', line 134 def disabled_providers = Gitlab::CurrentSettings.disabled_oauth_sign_in_sources || [] providers = .map(&:to_s) - disabled_providers providers.sort_by do |provider| POPULAR_PROVIDERS.index(provider) || POPULAR_PROVIDERS.length end end |
#form_based_auth_provider_has_active_class?(provider) ⇒ Boolean
83 84 85 |
# File 'app/helpers/auth_helper.rb', line 83 def form_based_auth_provider_has_active_class?(provider) form_based_provider_with_highest_priority == provider end |
#form_based_provider?(name) ⇒ Boolean
87 88 89 |
# File 'app/helpers/auth_helper.rb', line 87 def form_based_provider?(name) [LDAP_PROVIDER, 'crowd'].any? { |pattern| pattern === name.to_s } end |
#form_based_provider_priority ⇒ Object
72 73 74 |
# File 'app/helpers/auth_helper.rb', line 72 def form_based_provider_priority ['crowd', /^ldap/, 'kerberos'] end |
#form_based_provider_with_highest_priority ⇒ Object
76 77 78 79 80 81 |
# File 'app/helpers/auth_helper.rb', line 76 def form_based_provider_with_highest_priority @form_based_provider_with_highest_priority ||= form_based_provider_priority.each do |provider_regexp| highest_priority = form_based_providers.find { |provider| provider.match?(provider_regexp) } break highest_priority unless highest_priority.nil? end end |
#form_based_providers ⇒ Object
91 92 93 |
# File 'app/helpers/auth_helper.rb', line 91 def form_based_providers auth_providers.select { |provider| form_based_provider?(provider) } end |
#form_enabled_for_sign_in?(provider) ⇒ Boolean
112 113 114 115 116 |
# File 'app/helpers/auth_helper.rb', line 112 def form_enabled_for_sign_in?(provider) return true unless provider.to_s.match?(LDAP_PROVIDER) ldap_sign_in_enabled? end |
#google_tag_manager_enabled? ⇒ Boolean
185 186 187 188 189 190 191 192 193 194 195 |
# File 'app/helpers/auth_helper.rb', line 185 def google_tag_manager_enabled? return false unless Gitlab.com? if Feature.enabled?(:gtm_nonce, type: :ops) extra_config.has_key?('google_tag_manager_nonce_id') && extra_config.google_tag_manager_nonce_id.present? else extra_config.has_key?('google_tag_manager_id') && extra_config.google_tag_manager_id.present? end end |
#google_tag_manager_id ⇒ Object
197 198 199 200 201 202 203 |
# File 'app/helpers/auth_helper.rb', line 197 def google_tag_manager_id return unless google_tag_manager_enabled? return extra_config.google_tag_manager_nonce_id if Feature.enabled?(:gtm_nonce, type: :ops) extra_config.google_tag_manager_id end |
#icon_for_provider(name) ⇒ Object
68 69 70 |
# File 'app/helpers/auth_helper.rb', line 68 def icon_for_provider(name) Gitlab::Auth::OAuth::Provider.icon_for(name) end |
#label_for_provider(name) ⇒ Object
64 65 66 |
# File 'app/helpers/auth_helper.rb', line 64 def label_for_provider(name) Gitlab::Auth::OAuth::Provider.label_for(name) end |
#ldap_enabled? ⇒ Boolean
26 27 28 |
# File 'app/helpers/auth_helper.rb', line 26 def ldap_enabled? Gitlab::Auth::Ldap::Config.enabled? end |
#ldap_sign_in_enabled? ⇒ Boolean
30 31 32 |
# File 'app/helpers/auth_helper.rb', line 30 def ldap_sign_in_enabled? Gitlab::Auth::Ldap::Config.sign_in_enabled? end |
#link_provider_allowed?(provider) ⇒ Boolean
177 178 179 |
# File 'app/helpers/auth_helper.rb', line 177 def link_provider_allowed?(provider) IdentityProviderPolicy.new(current_user, provider).can?(:link) end |
#omniauth_enabled? ⇒ Boolean
34 35 36 |
# File 'app/helpers/auth_helper.rb', line 34 def omniauth_enabled? Gitlab::Auth.omniauth_enabled? end |
#popular_enabled_button_based_providers ⇒ Object
143 144 145 |
# File 'app/helpers/auth_helper.rb', line 143 def & POPULAR_PROVIDERS end |
#provider_has_builtin_icon?(name) ⇒ Boolean
42 43 44 |
# File 'app/helpers/auth_helper.rb', line 42 def provider_has_builtin_icon?(name) PROVIDERS_WITH_ICONS.include?(name.to_s) end |
#provider_has_custom_icon?(name) ⇒ Boolean
38 39 40 |
# File 'app/helpers/auth_helper.rb', line 38 def provider_has_custom_icon?(name) icon_for_provider(name.to_s) end |
#provider_has_icon?(name) ⇒ Boolean
46 47 48 |
# File 'app/helpers/auth_helper.rb', line 46 def provider_has_icon?(name) provider_has_builtin_icon?(name) || provider_has_custom_icon?(name) end |
#provider_image_tag(provider, size = 64) ⇒ Object
151 152 153 154 155 156 157 158 159 160 161 162 163 |
# File 'app/helpers/auth_helper.rb', line 151 def provider_image_tag(provider, size = 64) label = label_for_provider(provider) if provider_has_custom_icon?(provider) image_tag(icon_for_provider(provider), alt: label, title: "Sign in with #{label}", class: "gl-button-icon") elsif provider_has_builtin_icon?(provider) file_name = "#{provider.to_s.split('_').first}_#{size}.png" image_tag("auth_buttons/#{file_name}", alt: label, title: "Sign in with #{label}", class: "gl-button-icon") else label end end |
#providers_for_base_controller ⇒ Object
130 131 132 |
# File 'app/helpers/auth_helper.rb', line 130 def providers_for_base_controller auth_providers.reject { |provider| LDAP_PROVIDER === provider } end |
#qa_selector_for_provider(provider) ⇒ Object
50 51 52 53 54 55 56 57 58 |
# File 'app/helpers/auth_helper.rb', line 50 def qa_selector_for_provider(provider) { saml: 'saml_login_button', openid_connect: 'oidc_login_button', github: 'github_login_button', gitlab: 'gitlab_oauth_login_button', facebook: 'facebook_login_button' }[provider.to_sym] end |
#saml_providers ⇒ Object
95 96 97 98 99 |
# File 'app/helpers/auth_helper.rb', line 95 def saml_providers auth_providers.select do |provider| provider == :saml || auth_strategy_class(provider) == 'OmniAuth::Strategies::SAML' end end |
#unlink_provider_allowed?(provider) ⇒ Boolean
rubocop: enable CodeReuse/ActiveRecord
173 174 175 |
# File 'app/helpers/auth_helper.rb', line 173 def unlink_provider_allowed?(provider) IdentityProviderPolicy.new(current_user, provider).can?(:unlink) end |