Class: OmniauthCallbacksController

Inherits:

Devise::OmniauthCallbacksController

• Object
• Devise::OmniauthCallbacksController
• OmniauthCallbacksController

Includes:

AuthenticatesWithTwoFactor

Defined in:

app/controllers/omniauth_callbacks_controller.rb

Instance Method Summary

• #cas3 ⇒ Object
• #failure_message ⇒ Object

  Extend the standard message generation to accept our custom exception.

• #ldap ⇒ Object

  We only find ourselves here if the authentication to LDAP was successful.

• #omniauth_error ⇒ Object
• #saml ⇒ Object

Methods included from AuthenticatesWithTwoFactor

#prompt_for_two_factor

Instance Method Details

#cas3 ⇒ Object

# File 'app/controllers/omniauth_callbacks_controller.rb', line 73

def cas3
  ticket = params['ticket']
  if ticket
    handle_service_ticket oauth['provider'], ticket
  end
  handle_omniauth
end

#failure_message ⇒ Object

Extend the standard message generation to accept our custom exception

# File 'app/controllers/omniauth_callbacks_controller.rb', line 13

def failure_message
  exception = env["omniauth.error"]
  error   = exception.error_reason if exception.respond_to?(:error_reason)
  error ||= exception.error        if exception.respond_to?(:error)
  error ||= exception.message      if exception.respond_to?(:message)
  error ||= env["omniauth.error.type"].to_s
  error.to_s.humanize if error
end

#ldap ⇒ Object

We only find ourselves here if the authentication to LDAP was successful.

# File 'app/controllers/omniauth_callbacks_controller.rb', line 24

def ldap
  ldap_user = Gitlab::LDAP::User.new(oauth)
  ldap_user.save if ldap_user.changed? # will also save new users

  @user = ldap_user.gl_user
  @user.remember_me = params[:remember_me] if ldap_user.persisted?

  # Do additional LDAP checks for the user filter and EE features
  if ldap_user.allowed?
    if @user.two_factor_enabled?
      prompt_for_two_factor(@user)
    else
      log_audit_event(@user, with: :ldap)
      sign_in_and_redirect(@user)
    end
  else
    flash[:alert] = "Access denied for your LDAP account."
    redirect_to new_user_session_path
  end
end

#omniauth_error ⇒ Object

# File 'app/controllers/omniauth_callbacks_controller.rb', line 67

def omniauth_error
  @provider = params[:provider]
  @error = params[:error]
  render 'errors/omniauth_error', layout: "errors", status: 422
end

#saml ⇒ Object

# File 'app/controllers/omniauth_callbacks_controller.rb', line 45

def saml
  if current_user
    log_audit_event(current_user, with: :saml)
    # Update SAML identity if data has changed.
    identity = current_user.identities.find_by(extern_uid: oauth['uid'], provider: :saml)
    if identity.nil?
      current_user.identities.create(extern_uid: oauth['uid'], provider: :saml)
      redirect_to profile_account_path, notice: 'Authentication method updated'
    else
      redirect_to after_sign_in_path_for(current_user)
    end
  else
    saml_user = Gitlab::Saml::User.new(oauth)
    saml_user.save if saml_user.changed?
    @user = saml_user.gl_user

    continue_login_process
  end
rescue Gitlab::OAuth::SignupDisabledError
  handle_signup_error
end