1# frozen_string_literal: true 2 3module AuthHelper 4 PROVIDERS_WITH_ICONS = %w( 5 atlassian_oauth2 6 authentiq 7 azure_activedirectory_v2 8 azure_oauth2 9 bitbucket 10 facebook 11 dingtalk 12 github 13 gitlab 14 google_oauth2 15 openid_connect 16 salesforce 17 twitter 18 ).freeze 19 LDAP_PROVIDER = /\Aldap/.freeze 20 POPULAR_PROVIDERS = %w(google_oauth2 github).freeze 21 22 def ldap_enabled? 23 Gitlab::Auth::Ldap::Config.enabled? 24 end 25 26 def ldap_sign_in_enabled? 27 Gitlab::Auth::Ldap::Config.sign_in_enabled? 28 end 29 30 def omniauth_enabled? 31 Gitlab::Auth.omniauth_enabled? 32 end 33 34 def provider_has_custom_icon?(name) 35 icon_for_provider(name.to_s) 36 end 37 38 def provider_has_builtin_icon?(name) 39 PROVIDERS_WITH_ICONS.include?(name.to_s) 40 end 41 42 def provider_has_icon?(name) 43 provider_has_builtin_icon?(name) || provider_has_custom_icon?(name) 44 end 45 46 def qa_class_for_provider(provider) 47 { 48 saml: 'qa-saml-login-button' 49 }[provider.to_sym] 50 end 51 52 def auth_providers 53 Gitlab::Auth::OAuth::Provider.providers 54 end 55 56 def label_for_provider(name) 57 Gitlab::Auth::OAuth::Provider.label_for(name) 58 end 59 60 def icon_for_provider(name) 61 Gitlab::Auth::OAuth::Provider.icon_for(name) 62 end 63 64 def form_based_provider_priority 65 ['crowd', /^ldap/, 'kerberos'] 66 end 67 68 def form_based_provider_with_highest_priority 69 @form_based_provider_with_highest_priority ||= begin 70 form_based_provider_priority.each do |provider_regexp| 71 highest_priority = form_based_providers.find { |provider| provider.match?(provider_regexp) } 72 break highest_priority unless highest_priority.nil? 73 end 74 end 75 end 76 77 def form_based_auth_provider_has_active_class?(provider) 78 form_based_provider_with_highest_priority == provider 79 end 80 81 def form_based_provider?(name) 82 [LDAP_PROVIDER, 'crowd'].any? { |pattern| pattern === name.to_s } 83 end 84 85 def form_based_providers 86 auth_providers.select { |provider| form_based_provider?(provider) } 87 end 88 89 def saml_providers 90 auth_providers.select { |provider| auth_strategy_class(provider) == 'OmniAuth::Strategies::SAML' } 91 end 92 93 def auth_strategy_class(provider) 94 config = Gitlab::Auth::OAuth::Provider.config_for(provider) 95 return if config.nil? || config['args'].blank? 96 97 config.args['strategy_class'] 98 end 99 100 def any_form_based_providers_enabled? 101 form_based_providers.any? { |provider| form_enabled_for_sign_in?(provider) } 102 end 103 104 def form_enabled_for_sign_in?(provider) 105 return true unless provider.to_s.match?(LDAP_PROVIDER) 106 107 ldap_sign_in_enabled? 108 end 109 110 def crowd_enabled? 111 auth_providers.include? :crowd 112 end 113 114 def button_based_providers 115 auth_providers.reject { |provider| form_based_provider?(provider) } 116 end 117 118 def display_providers_on_profile? 119 button_based_providers.any? 120 end 121 122 def providers_for_base_controller 123 auth_providers.reject { |provider| LDAP_PROVIDER === provider } 124 end 125 126 def enabled_button_based_providers 127 disabled_providers = Gitlab::CurrentSettings.disabled_oauth_sign_in_sources || [] 128 129 providers = button_based_providers.map(&:to_s) - disabled_providers 130 providers.sort_by do |provider| 131 POPULAR_PROVIDERS.index(provider) || POPULAR_PROVIDERS.length 132 end 133 end 134 135 def popular_enabled_button_based_providers 136 enabled_button_based_providers & POPULAR_PROVIDERS 137 end 138 139 def button_based_providers_enabled? 140 enabled_button_based_providers.any? 141 end 142 143 def provider_image_tag(provider, size = 64) 144 label = label_for_provider(provider) 145 146 if provider_has_custom_icon?(provider) 147 image_tag(icon_for_provider(provider), alt: label, title: "Sign in with #{label}", class: "gl-button-icon") 148 elsif provider_has_builtin_icon?(provider) 149 file_name = "#{provider.to_s.split('_').first}_#{size}.png" 150 151 image_tag("auth_buttons/#{file_name}", alt: label, title: "Sign in with #{label}", class: "gl-button-icon") 152 else 153 label 154 end 155 end 156 157 # rubocop: disable CodeReuse/ActiveRecord 158 def auth_active?(provider) 159 return current_user.atlassian_identity.present? if provider == :atlassian_oauth2 160 161 current_user.identities.exists?(provider: provider.to_s) 162 end 163 # rubocop: enable CodeReuse/ActiveRecord 164 165 def unlink_provider_allowed?(provider) 166 IdentityProviderPolicy.new(current_user, provider).can?(:unlink) 167 end 168 169 def link_provider_allowed?(provider) 170 IdentityProviderPolicy.new(current_user, provider).can?(:link) 171 end 172 173 def allow_admin_mode_password_authentication_for_web? 174 current_user.allow_password_authentication_for_web? && !current_user.password_automatically_set? 175 end 176 177 def google_tag_manager_enabled? 178 return false unless Gitlab.dev_env_or_com? 179 180 has_config_key = if Feature.enabled?(:gtm_nonce, type: :ops) 181 extra_config.has_key?('google_tag_manager_nonce_id') && 182 extra_config.google_tag_manager_nonce_id.present? 183 else 184 extra_config.has_key?('google_tag_manager_id') && 185 extra_config.google_tag_manager_id.present? 186 end 187 188 has_config_key && !current_user 189 end 190 191 def google_tag_manager_id 192 return unless google_tag_manager_enabled? 193 194 return extra_config.google_tag_manager_nonce_id if Feature.enabled?(:gtm_nonce, type: :ops) 195 196 extra_config.google_tag_manager_id 197 end 198 199 def auth_app_owner_text(owner) 200 return unless owner 201 202 if owner.is_a?(Group) 203 group_link = link_to(owner.name, group_path(owner)) 204 _("This application was created for group %{group_link}.").html_safe % { group_link: group_link } 205 else 206 user_link = link_to(owner.name, user_path(owner)) 207 _("This application was created by %{user_link}.").html_safe % { user_link: user_link } 208 end 209 end 210 211 extend self 212end 213 214AuthHelper.prepend_mod_with('AuthHelper') 215 216# The methods added in EE should be available as both class and instance 217# methods, just like the methods provided by `AuthHelper` itself. 218AuthHelper.extend_mod_with('AuthHelper') 219