Class: Gitlab::Auth::OAuth::User

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/auth/o_auth/user.rb

Direct Known Subclasses

Atlassian::User, Ldap::User, Saml::User

Constant Summary collapse

SignupDisabledError =
Class.new(StandardError)
SigninDisabledForProviderError =
Class.new(StandardError)
IdentityWithUntrustedExternUidError =
Class.new(StandardError)

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(auth_hash, user_params = {}) ⇒ User

Returns a new instance of User.



32
33
34
35
36
37
# File 'lib/gitlab/auth/o_auth/user.rb', line 32

def initialize(auth_hash, user_params = {})
  self.auth_hash = auth_hash
  @user_params = user_params
  update_profile
  add_or_update_user_identities
end

Instance Attribute Details

#auth_hashObject

Returns the value of attribute auth_hash.



30
31
32
# File 'lib/gitlab/auth/o_auth/user.rb', line 30

def auth_hash
  @auth_hash
end

Class Method Details

.find_by_uid_and_provider(uid, provider) ⇒ Object

rubocop: disable CodeReuse/ActiveRecord



15
16
17
18
19
20
21
22
# File 'lib/gitlab/auth/o_auth/user.rb', line 15

def find_by_uid_and_provider(uid, provider)
  identity = ::Identity.with_extern_uid(provider, uid).take

  return unless identity
  raise IdentityWithUntrustedExternUidError unless identity.trusted_extern_uid?

  identity.user
end

Instance Method Details

#bypass_two_factor?Boolean

Returns:

  • (Boolean)


99
100
101
102
103
104
105
106
# File 'lib/gitlab/auth/o_auth/user.rb', line 99

def bypass_two_factor?
  providers = Gitlab.config.omniauth.allow_bypass_two_factor
  if providers.is_a?(Array)
    providers.include?(auth_hash.provider)
  else
    providers
  end
end

#find_and_update!Object



93
94
95
96
97
# File 'lib/gitlab/auth/o_auth/user.rb', line 93

def find_and_update!
  save if should_save?

  gl_user
end

#find_userObject



81
82
83
84
85
86
87
88
89
90
91
# File 'lib/gitlab/auth/o_auth/user.rb', line 81

def find_user
  user = find_by_uid_and_provider

  user ||= find_by_email if auto_link_user?
  user ||= find_or_build_ldap_user if auto_link_ldap_user?
  user ||= build_new_user if 

  user.external = true if external_provider? && user&.new_record?

  user
end

#gl_userObject



75
76
77
78
79
# File 'lib/gitlab/auth/o_auth/user.rb', line 75

def gl_user
  return @gl_user if defined?(@gl_user)

  @gl_user = find_user
end

#new?Boolean

Returns:

  • (Boolean)


43
44
45
# File 'lib/gitlab/auth/o_auth/user.rb', line 43

def new?
  !persisted?
end

#persisted?Boolean

Returns:

  • (Boolean)


39
40
41
# File 'lib/gitlab/auth/o_auth/user.rb', line 39

def persisted?
  gl_user.try(:persisted?)
end

#protocol_nameObject



108
109
110
# File 'lib/gitlab/auth/o_auth/user.rb', line 108

def protocol_name
  'OAuth'
end

#save(provider = protocol_name) ⇒ Object



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# File 'lib/gitlab/auth/o_auth/user.rb', line 55

def save(provider = protocol_name)
  return false if any_auth_hash_errors?

  raise SigninDisabledForProviderError if oauth_provider_disabled?
  raise SignupDisabledError unless gl_user

  block_after_save = needs_blocking?

  Users::UpdateService.new(gl_user, user: gl_user).execute!

  gl_user.block_pending_approval if block_after_save
  activate_user_if_user_cap_not_reached

  log.info "(#{provider}) saving user #{auth_hash.email} from login with admin => #{gl_user.admin}, extern_uid => #{auth_hash.uid}"
  gl_user
rescue ActiveRecord::RecordInvalid => e
  log.info "(#{provider}) Error saving user #{auth_hash.uid} (#{auth_hash.email}): #{gl_user.errors.full_messages}"
  [self, e.record.errors]
end

#valid?Boolean

Returns:

  • (Boolean)


47
48
49
# File 'lib/gitlab/auth/o_auth/user.rb', line 47

def valid?
  !any_auth_hash_errors? && gl_user.try(:valid?)
end

#valid_sign_in?Boolean

Returns:

  • (Boolean)


51
52
53
# File 'lib/gitlab/auth/o_auth/user.rb', line 51

def valid_sign_in?
  valid? && persisted?
end