Hello guys.
Before someone asks, due to some specific limitations at my job's
networking, I need to try something with this complexity. I wish it could
be simpler.
Basically, I have a Python script which authenticates users in our IMAP
server. I need Omniauth provider to call it to authenticate, get return
result (exit code) and let/refuse user login.
It doesn't get any user data, not even their emails (our emails can have
multiple suffixes. Just user and password.
Right now I've done this:
- GitLab Container (using Docker, latest version, 17.04), using GitLab
9.0.4-ce.0.
- I get a button below regular login screen, to Login via Ourprovider
- I get the form with user, password and login button (I get to the request
phase correctly)
- If I enter data and press Login, it goes to callback, where I have the
user and password
And there's where I cannot understand corretly the issue.
I'm trying to just develop a fake temporary solution, in which I just
return something like Tru/False, just for checking if user logged in
correctly or not and allow login.
User already exists and I can login normally through the normal GitLab
process.
I can't understand next phase.
Do I need to return something like True/False?
Do I need to use token for anything? If yes, how can I access it?
How do I say user can login?
How do I say to GitLab user can't login?
I "configured" this:
- Added this configuration to /etc/gitlab/gitlab.rb
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_providers'] = [
{
"name" => "Ourprovider",
"secret" => "our_secret",
"url" =>
"https://www.justsomeurl_still_not_used_and_dont_know_whats_it_for.com";,
"args" => { "user_admin" =>
"just_some_user_which_exists_for_this_not_to_be_empty" }
}
]
- Added provider to omniauth.rb
(/opt/gitlab/embedded/service/gitlab-rails/config/initializers/omniauth.rb)
> module OmniAuth
> module Strategies
> autoload :Bitbucket, Rails.root.join('lib', 'omniauth', 'strategies',
> 'bitbucket') - already there, not needed for us
> autoload :Ourprovider, Rails.root.join('lib', 'omniauth',
> 'strategies', 'ourprovider') - added this line
> end
> end
>
> Rails.application.config.middleware.use OmniAuth::Builder do
> provider :ourprovider
> end
>
- Added script provider in
/opt/gitlab/embedded/service/gitlab-rails/lib/omniauth/strategies/ourprovider.rb
> module OmniAuth
> module Strategies
> class Ourprovider
> include OmniAuth::Strategy
>
> attr_reader :token
>
> option :title, "IMAP Authentication"
> option :fields, [:name, :email]
> option :uid_field, [:name, :email]
>
> def request_phase
> File.open('/tmp/omniauth', 'a') { |file| file.write("request_phase
> (test)\n") }
>
> OmniAuth::Form.build(
> :title => "IMAP Authentication",
> :url => callback_path
> ) do |f|
> f.text_field 'Username', 'username'
> f.password_field 'Password', 'password'
> f.button "Login"
> end.to_response
> end
> def callback_phase
> File.open('/tmp/omniauth', 'a') { |file|
> file.write("callback_phase\n") }
> #File.open('/tmp/omniauth', 'a') { |file| file.write("request: " +
> request.params.to_s + "\n") }
> #File.open('/tmp/omniauth', 'a') { |file| file.write("username: "
> + request['username'].to_s + "\n") }
> end
>
> uid do
> File.open('/tmp/omniauth', 'a') { |file| file.write("uid\n") }
> end
>
> info do
> File.open('/tmp/omniauth', 'a') { |file| file.write("info\n") }
> {
> :nickname => request['username'],
> }
> end
> end
> end
> end
>
As you can see, I only have some text being written to a file in the
methods. I'm trying to understand the way it works. After I understand how
to allow/refuse login, I'll try to really authenticate users against our
IMAP server.
I'm very confused, at this point...
Can anybody help me understanding this?
Thanks a lot for all your help!
Cheers.
Best regards,
Luis Nabais
--
You received this message because you are subscribed to the Google Groups
"GitLab" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to gitlabhq+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/gitlabhq/d130da93-4df7-4a4a-832a-bca1965c08fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
