Module: AuthHelper
- Extended by:
- AuthHelper
- Included in:
- AuthHelper, OmniauthCallbacksController, Profiles::AccountsController
- Defined in:
- app/helpers/auth_helper.rb
Constant Summary collapse
- PROVIDERS_WITH_ICONS =
%w( alicloud atlassian_oauth2 auth0 authentiq azure_activedirectory_v2 azure_oauth2 bitbucket facebook dingtalk github gitlab google_oauth2 jwt openid_connect salesforce shibboleth twitter ).freeze
- LDAP_PROVIDER =
/\Aldap/.freeze
- POPULAR_PROVIDERS =
%w(google_oauth2 github).freeze
Instance Method Summary collapse
- #allow_admin_mode_password_authentication_for_web? ⇒ Boolean
- #any_form_based_providers_enabled? ⇒ Boolean
-
#auth_active?(provider) ⇒ Boolean
rubocop: disable CodeReuse/ActiveRecord.
- #auth_app_owner_text(owner) ⇒ Object
- #auth_providers ⇒ Object
- #auth_strategy_class(provider) ⇒ Object
- #button_based_providers ⇒ Object
- #button_based_providers_enabled? ⇒ Boolean
- #crowd_enabled? ⇒ Boolean
- #display_providers_on_profile? ⇒ Boolean
- #enabled_button_based_providers ⇒ Object
- #form_based_auth_provider_has_active_class?(provider) ⇒ Boolean
- #form_based_provider?(name) ⇒ Boolean
- #form_based_provider_priority ⇒ Object
- #form_based_provider_with_highest_priority ⇒ Object
- #form_based_providers ⇒ Object
- #form_enabled_for_sign_in?(provider) ⇒ Boolean
- #google_tag_manager_enabled? ⇒ Boolean
- #google_tag_manager_id ⇒ Object
- #icon_for_provider(name) ⇒ Object
- #label_for_provider(name) ⇒ Object
- #ldap_enabled? ⇒ Boolean
- #ldap_sign_in_enabled? ⇒ Boolean
- #link_provider_allowed?(provider) ⇒ Boolean
- #omniauth_enabled? ⇒ Boolean
- #popular_enabled_button_based_providers ⇒ Object
- #provider_has_builtin_icon?(name) ⇒ Boolean
- #provider_has_custom_icon?(name) ⇒ Boolean
- #provider_has_icon?(name) ⇒ Boolean
- #provider_image_tag(provider, size = 64) ⇒ Object
- #providers_for_base_controller ⇒ Object
- #qa_class_for_provider(provider) ⇒ Object
- #saml_providers ⇒ Object
-
#unlink_provider_allowed?(provider) ⇒ Boolean
rubocop: enable CodeReuse/ActiveRecord.
Instance Method Details
#allow_admin_mode_password_authentication_for_web? ⇒ Boolean
177 178 179 |
# File 'app/helpers/auth_helper.rb', line 177 def allow_admin_mode_password_authentication_for_web? current_user.allow_password_authentication_for_web? && !current_user.password_automatically_set? end |
#any_form_based_providers_enabled? ⇒ Boolean
104 105 106 |
# File 'app/helpers/auth_helper.rb', line 104 def any_form_based_providers_enabled? form_based_providers.any? { |provider| form_enabled_for_sign_in?(provider) } end |
#auth_active?(provider) ⇒ Boolean
rubocop: disable CodeReuse/ActiveRecord
162 163 164 165 166 |
# File 'app/helpers/auth_helper.rb', line 162 def auth_active?(provider) return current_user.atlassian_identity.present? if provider == :atlassian_oauth2 current_user.identities.exists?(provider: provider.to_s) end |
#auth_app_owner_text(owner) ⇒ Object
201 202 203 204 205 206 207 208 209 210 211 |
# File 'app/helpers/auth_helper.rb', line 201 def auth_app_owner_text(owner) return unless owner if owner.is_a?(Group) group_link = link_to(owner.name, group_path(owner)) _("This application was created for group %{group_link}.").html_safe % { group_link: group_link } else user_link = link_to(owner.name, user_path(owner)) _("This application was created by %{user_link}.").html_safe % { user_link: user_link } end end |
#auth_providers ⇒ Object
56 57 58 |
# File 'app/helpers/auth_helper.rb', line 56 def auth_providers Gitlab::Auth::OAuth::Provider.providers end |
#auth_strategy_class(provider) ⇒ Object
97 98 99 100 101 102 |
# File 'app/helpers/auth_helper.rb', line 97 def auth_strategy_class(provider) config = Gitlab::Auth::OAuth::Provider.config_for(provider) return if config.nil? || config['args'].blank? config.args['strategy_class'] end |
#button_based_providers ⇒ Object
118 119 120 |
# File 'app/helpers/auth_helper.rb', line 118 def auth_providers.reject { |provider| form_based_provider?(provider) } end |
#button_based_providers_enabled? ⇒ Boolean
143 144 145 |
# File 'app/helpers/auth_helper.rb', line 143 def .any? end |
#crowd_enabled? ⇒ Boolean
114 115 116 |
# File 'app/helpers/auth_helper.rb', line 114 def crowd_enabled? auth_providers.include? :crowd end |
#display_providers_on_profile? ⇒ Boolean
122 123 124 |
# File 'app/helpers/auth_helper.rb', line 122 def display_providers_on_profile? .any? end |
#enabled_button_based_providers ⇒ Object
130 131 132 133 134 135 136 137 |
# File 'app/helpers/auth_helper.rb', line 130 def disabled_providers = Gitlab::CurrentSettings.disabled_oauth_sign_in_sources || [] providers = .map(&:to_s) - disabled_providers providers.sort_by do |provider| POPULAR_PROVIDERS.index(provider) || POPULAR_PROVIDERS.length end end |
#form_based_auth_provider_has_active_class?(provider) ⇒ Boolean
81 82 83 |
# File 'app/helpers/auth_helper.rb', line 81 def form_based_auth_provider_has_active_class?(provider) form_based_provider_with_highest_priority == provider end |
#form_based_provider?(name) ⇒ Boolean
85 86 87 |
# File 'app/helpers/auth_helper.rb', line 85 def form_based_provider?(name) [LDAP_PROVIDER, 'crowd'].any? { |pattern| pattern === name.to_s } end |
#form_based_provider_priority ⇒ Object
68 69 70 |
# File 'app/helpers/auth_helper.rb', line 68 def form_based_provider_priority ['crowd', /^ldap/, 'kerberos'] end |
#form_based_provider_with_highest_priority ⇒ Object
72 73 74 75 76 77 78 79 |
# File 'app/helpers/auth_helper.rb', line 72 def form_based_provider_with_highest_priority @form_based_provider_with_highest_priority ||= begin form_based_provider_priority.each do |provider_regexp| highest_priority = form_based_providers.find { |provider| provider.match?(provider_regexp) } break highest_priority unless highest_priority.nil? end end end |
#form_based_providers ⇒ Object
89 90 91 |
# File 'app/helpers/auth_helper.rb', line 89 def form_based_providers auth_providers.select { |provider| form_based_provider?(provider) } end |
#form_enabled_for_sign_in?(provider) ⇒ Boolean
108 109 110 111 112 |
# File 'app/helpers/auth_helper.rb', line 108 def form_enabled_for_sign_in?(provider) return true unless provider.to_s.match?(LDAP_PROVIDER) ldap_sign_in_enabled? end |
#google_tag_manager_enabled? ⇒ Boolean
181 182 183 184 185 186 187 188 189 190 191 |
# File 'app/helpers/auth_helper.rb', line 181 def google_tag_manager_enabled? return false unless Gitlab.com? if Feature.enabled?(:gtm_nonce, type: :ops) extra_config.has_key?('google_tag_manager_nonce_id') && extra_config.google_tag_manager_nonce_id.present? else extra_config.has_key?('google_tag_manager_id') && extra_config.google_tag_manager_id.present? end end |
#google_tag_manager_id ⇒ Object
193 194 195 196 197 198 199 |
# File 'app/helpers/auth_helper.rb', line 193 def google_tag_manager_id return unless google_tag_manager_enabled? return extra_config.google_tag_manager_nonce_id if Feature.enabled?(:gtm_nonce, type: :ops) extra_config.google_tag_manager_id end |
#icon_for_provider(name) ⇒ Object
64 65 66 |
# File 'app/helpers/auth_helper.rb', line 64 def icon_for_provider(name) Gitlab::Auth::OAuth::Provider.icon_for(name) end |
#label_for_provider(name) ⇒ Object
60 61 62 |
# File 'app/helpers/auth_helper.rb', line 60 def label_for_provider(name) Gitlab::Auth::OAuth::Provider.label_for(name) end |
#ldap_enabled? ⇒ Boolean
26 27 28 |
# File 'app/helpers/auth_helper.rb', line 26 def ldap_enabled? Gitlab::Auth::Ldap::Config.enabled? end |
#ldap_sign_in_enabled? ⇒ Boolean
30 31 32 |
# File 'app/helpers/auth_helper.rb', line 30 def ldap_sign_in_enabled? Gitlab::Auth::Ldap::Config.sign_in_enabled? end |
#link_provider_allowed?(provider) ⇒ Boolean
173 174 175 |
# File 'app/helpers/auth_helper.rb', line 173 def link_provider_allowed?(provider) IdentityProviderPolicy.new(current_user, provider).can?(:link) end |
#omniauth_enabled? ⇒ Boolean
34 35 36 |
# File 'app/helpers/auth_helper.rb', line 34 def omniauth_enabled? Gitlab::Auth.omniauth_enabled? end |
#popular_enabled_button_based_providers ⇒ Object
139 140 141 |
# File 'app/helpers/auth_helper.rb', line 139 def & POPULAR_PROVIDERS end |
#provider_has_builtin_icon?(name) ⇒ Boolean
42 43 44 |
# File 'app/helpers/auth_helper.rb', line 42 def provider_has_builtin_icon?(name) PROVIDERS_WITH_ICONS.include?(name.to_s) end |
#provider_has_custom_icon?(name) ⇒ Boolean
38 39 40 |
# File 'app/helpers/auth_helper.rb', line 38 def provider_has_custom_icon?(name) icon_for_provider(name.to_s) end |
#provider_has_icon?(name) ⇒ Boolean
46 47 48 |
# File 'app/helpers/auth_helper.rb', line 46 def provider_has_icon?(name) provider_has_builtin_icon?(name) || provider_has_custom_icon?(name) end |
#provider_image_tag(provider, size = 64) ⇒ Object
147 148 149 150 151 152 153 154 155 156 157 158 159 |
# File 'app/helpers/auth_helper.rb', line 147 def provider_image_tag(provider, size = 64) label = label_for_provider(provider) if provider_has_custom_icon?(provider) image_tag(icon_for_provider(provider), alt: label, title: "Sign in with #{label}", class: "gl-button-icon") elsif provider_has_builtin_icon?(provider) file_name = "#{provider.to_s.split('_').first}_#{size}.png" image_tag("auth_buttons/#{file_name}", alt: label, title: "Sign in with #{label}", class: "gl-button-icon") else label end end |
#providers_for_base_controller ⇒ Object
126 127 128 |
# File 'app/helpers/auth_helper.rb', line 126 def providers_for_base_controller auth_providers.reject { |provider| LDAP_PROVIDER === provider } end |
#qa_class_for_provider(provider) ⇒ Object
50 51 52 53 54 |
# File 'app/helpers/auth_helper.rb', line 50 def qa_class_for_provider(provider) { saml: 'qa-saml-login-button' }[provider.to_sym] end |
#saml_providers ⇒ Object
93 94 95 |
# File 'app/helpers/auth_helper.rb', line 93 def saml_providers auth_providers.select { |provider| auth_strategy_class(provider) == 'OmniAuth::Strategies::SAML' } end |
#unlink_provider_allowed?(provider) ⇒ Boolean
rubocop: enable CodeReuse/ActiveRecord
169 170 171 |
# File 'app/helpers/auth_helper.rb', line 169 def unlink_provider_allowed?(provider) IdentityProviderPolicy.new(current_user, provider).can?(:unlink) end |