100+ results for 'gitlab oauth2'
Not the results you expected?
Base.php (https://gitlab.com/x33n/kanboard) PHP · 118 lines
19 * @property \Core\Template $template
20 * @property \Core\MemoryCache $memoryCache
21 * @property \Core\OAuth2 $oauth
22 * @property \Core\Router $router
23 * @property \Core\Lexer $lexer
24 * @property \Integration\BitbucketWebhook $bitbucketWebhook
25 * @property \Integration\GithubWebhook $githubWebhook
26 * @property \Integration\GitlabWebhook $gitlabWebhook
27 * @property \Integration\HipchatWebhook $hipchatWebhook
28 * @property \Integration\Jabber $jabber
api_guard.rb (https://gitlab.com/Stretch96/gitlab-ce) Ruby · 144 lines
42 # Helper Methods for Grape Endpoint
43 module HelperMethods
44 include Gitlab::Auth::UserAuthFinders
46 def find_current_user!
98 Gitlab::Auth::InsufficientScopeError]
100 base.__send__(:rescue_from, *error_classes, oauth2_bearer_token_error_handler) # rubocop:disable GitlabSecurity/PublicSend
101 end
105 response =
106 case e
107 when Gitlab::Auth::MissingTokenError
108 Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new
130 when Gitlab::Auth::InsufficientScopeError
131 # FIXME: ForbiddenError (inherited from Bearer::Forbidden of Rack::Oauth2)
132 # does not include WWW-Authenticate header, which breaks the standard.
133 Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(
90_productivity_analytics.rb (https://gitlab.com/klml/gitlab-ee) Ruby · 157 lines
3 require './spec/support/sidekiq_middleware'
5 class Gitlab::Seeder::ProductivityAnalytics
6 def initialize(project)
7 @project = project
136 end
138 Gitlab::Seeder.quiet do
139 flag = 'SEED_PRODUCTIVITY_ANALYTICS'
147 next unless project.repository_exists? && project.repository.commit('master')
149 seeder = Gitlab::Seeder::ProductivityAnalytics.new(project)
150 seeder.seed!
151 puts "Productivity analytics seeded for project #{project.full_path}"
events_spec.rb (https://gitlab.com/markglenfletcher/gitlab-ce) Ruby · 167 lines
15 get api('/events')
17 expect(response).to have_gitlab_http_status(401)
18 end
19 end
23 get api('/events?action=closed&target_type=issue&after=2016-12-1&before=2016-12-31', user)
25 expect(response).to have_gitlab_http_status(200)
26 expect(response).to include_pagination_headers
27 expect(json_response).to be_an Array
36 get api('/events?action=closed&target_type=issue&after=2016-12-1&before=2016-12-31', personal_access_token: token)
38 expect(response).to have_gitlab_http_status(200)
39 expect(response).to include_pagination_headers
40 expect(json_response).to be_an Array
auth_spec.rb (https://gitlab.com/paulsen.jan/gitlab-ee) Ruby · 108 lines
1 require 'spec_helper'
3 describe Gitlab::Auth, lib: true do
4 let(:gl_auth) { described_class }
14 expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: 'gitlab-ci-token')
15 expect(gl_auth.find_for_git_client('gitlab-ci-token', token, project: project, ip: ip)).to eq(Gitlab::Auth::Result.new(nil, :ci))
16 end
22 expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: user.username)
23 expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, :gitlab_or_ldap))
24 end
32 expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: 'oauth2')
33 expect(gl_auth.find_for_git_client("oauth2", token.token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, :oauth))
34 end
main.go (https://gitlab.com/rvaz/orgo) Go · 79 lines
7 log "github.com/Sirupsen/logrus"
8 oauth2google "golang.org/x/oauth2/google"
9 calendar "google.golang.org/api/calendar/v3"
10 oauth2api "google.golang.org/api/oauth2/v2"
15 "gitlab.com/rvaz/orgo/dropbox"
16 "gitlab.com/rvaz/orgo/google"
17 "gitlab.com/rvaz/orgo/web"
18 "gitlab.com/rvaz/orgo/work"
19 "golang.org/x/oauth2"
40 Endpoint: oauth2google.Endpoint,
41 Scopes: []string{calendar.CalendarScope, oauth2api.UserinfoEmailScope, oauth2api.UserinfoProfileScope},
42 }
google.md (https://gitlab.com/jamedjo/gitlab-ce) Markdown · 93 lines
24 1. Fill in the required information
25 - Application type: "Web Application"
26 - Authorized JavaScript origins: This isn't really used by GitLab but go ahead and put 'https://gitlab.example.com' here.
27 - Authorized redirect URI: 'https://gitlab.example.com/users/auth/google_oauth2/callback'
34 ```sh
35 sudo editor /etc/gitlab/gitlab.rb
36 ```
78 installed GitLab via Omnibus or from source respectively.
80 On the sign in page there should now be a Google icon below the regular sign in form. Click the icon to begin the authentication process. Google will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in.
82 ## Further Configuration
92 [reconfigure]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure
93 [restart GitLab]: ../administration/restart_gitlab.md#installations-from-source
milestones_controller.rb (https://gitlab.com/Stretch96/gitlab-ce) Ruby · 152 lines
oauth_login_spec.rb (https://gitlab.com/markglenfletcher/gitlab-ee) Ruby · 128 lines
16 end
18 providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2,
19 :facebook, :cas3, :auth0, :authentiq, :salesforce]
60 it 'when bypass-two-factor is enabled' do
61 allow(Gitlab.config.omniauth).to receive_messages(allow_bypass_two_factor: true)
62 login_via(provider.to_s, user, uid, remember_me: false, additional_info: additional_info)
63 expect(current_path).to eq root_path
66 it 'when bypass-two-factor is disabled' do
67 allow(Gitlab.config.omniauth).to receive_messages(allow_bypass_two_factor: false)
68 login_with_provider(provider, enter_two_factor: true, additional_info: additional_info)
69 expect(current_path).to eq root_path
email_receiver_worker.rb (https://gitlab.com/markglenfletcher/gitlab-ce) Ruby · 54 lines
6 def perform(raw)
7 return unless Gitlab::IncomingEmail.enabled?
9 begin
10 Gitlab::Email::Receiver.new(raw).execute
11 rescue => e
12 handle_failure(raw, e)
18 def handle_failure(raw, error)
19 Rails.logger.warn("Email can not be processed: #{error}\n\n#{raw}") # rubocop:disable Gitlab/RailsLogger
21 return unless raw.present?
auth_spec.rb (https://gitlab.com/Munken/gitlab-ce) Ruby · 177 lines
23 build.update(user: create(:user))
25 expect(subject).to eq(Gitlab::Auth::Result.new(build.user, build.project, :build, build_authentication_abilities))
26 end
27 end
60 expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: user.username)
61 expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
62 end
74 key = create(:deploy_key)
75 ip = 'ip'
76 token = Gitlab::LfsToken.new(key).token
78 expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: "lfs+deploy-key-#{key.id}")
88 expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: 'oauth2')
89 expect(gl_auth.find_for_git_client("oauth2", token.token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, nil, :oauth, read_authentication_abilities))
90 end
application_setting.rb (https://gitlab.com/bendyorke/gitlab-ce) Ruby · 136 lines
53 unless value.nil?
54 value.each do |level|
55 unless Gitlab::VisibilityLevel.options.has_value?(level)
56 record.errors.add(attr, "'#{level}' is not a valid visibility level")
57 end
63 unless value.nil?
64 value.each do |source|
65 unless Gitlab::ImportSources.options.has_value?(source)
66 record.errors.add(attr, "'#{source}' is not a import source")
67 end
88 def self.create_from_defaults
89 create(
90 default_projects_limit: Settings.gitlab['default_projects_limit'],
91 default_branch_protection: Settings.gitlab['default_branch_protection'],
92 signup_enabled: Settings.gitlab['signup_enabled'],
93 signin_enabled: Settings.gitlab['signin_enabled'],
auth_spec.rb (https://gitlab.com/ivlt/gitlab-ce) Ruby · 177 lines
23 build.update(user: create(:user))
25 expect(subject).to eq(Gitlab::Auth::Result.new(build.user, build.project, :build, build_authentication_abilities))
26 end
27 end
60 expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: user.username)
61 expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
62 end
74 key = create(:deploy_key)
75 ip = 'ip'
76 token = Gitlab::LfsToken.new(key).generate
78 expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: "lfs+deploy-key-#{key.id}")
88 expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: 'oauth2')
89 expect(gl_auth.find_for_git_client("oauth2", token.token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, nil, :oauth, read_authentication_abilities))
90 end
wiki_pipeline.rb (https://gitlab.com/523/gitlab-ce) Ruby · 55 lines
22 wiki = context.portable.wiki
23 url = data[:url].sub("://", "://oauth2:#{context.configuration.access_token}@")
25 Gitlab::UrlBlocker.validate!(url, allow_local_network: allow_local_requests?, allow_localhost: allow_local_requests?)
34 wiki_path = parent_path + ".wiki.git"
35 root = context.configuration.url
36 Gitlab::Utils.append_path(root, wiki_path)
37 end
39 def allow_local_requests?
40 Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
41 end
create_note_handler_spec.rb (https://gitlab.com/Munken/gitlab-ce) Ruby · 179 lines
2 require_relative '../email_shared_blocks'
4 describe Gitlab::Email::Handler::CreateNoteHandler, lib: true do
5 include_context :email_shared_context
6 it_behaves_like :email_shared_examples
26 it "raises a UnknownIncomingEmail" do
27 expect { receiver.execute }.to raise_error(Gitlab::Email::UnknownIncomingEmail)
28 end
29 end
34 it "raises a SentNotificationNotFoundError" do
35 expect { receiver.execute }.to raise_error(Gitlab::Email::SentNotificationNotFoundError)
36 end
37 end
help_controller.rb (https://gitlab.com/artofhuman/gitlab-ce) Ruby · 108 lines
vulnerability_type.rb (https://gitlab.com/realsatomic/gitlab) Ruby · 178 lines
109 def confirmed_by
110 ::Gitlab::Graphql::Loaders::BatchModelLoader.new(::User, object.confirmed_by_id).find
111 end
113 def resolved_by
114 ::Gitlab::Graphql::Loaders::BatchModelLoader.new(::User, object.resolved_by_id).find
115 end
117 def dismissed_by
118 ::Gitlab::Graphql::Loaders::BatchModelLoader.new(::User, object.dismissed_by_id).find
119 end
omniauth_callbacks_controller.rb (https://gitlab.com/twang2218/gitlab) Ruby · 186 lines
5 protect_from_forgery except: [:kerberos, :saml, :cas3]
7 Gitlab.config.omniauth.providers.each do |provider|
8 define_method provider['name'] do
9 handle_omniauth
11 end
13 if Gitlab::LDAP::Config.enabled?
14 Gitlab::LDAP::Config.available_servers.each do |server|
32 # if the authentication to LDAP was successful.
33 def ldap
34 ldap_user = Gitlab::LDAP::User.new(oauth)
35 ldap_user.save if ldap_user.changed? # will also save new users
63 end
64 else
65 saml_user = Gitlab::Saml::User.new(oauth)
66 saml_user.save if saml_user.changed?
67 @user = saml_user.gl_user
atlassian.md (https://gitlab.com/klml/gitlab-ee) Markdown · 86 lines
23 1. In the left sidebar under **APIS AND FEATURES**, click **OAuth 2.0 (3LO)**.
25 1. Enter the GitLab callback URL using the format `https://gitlab.example.com/users/auth/atlassian_oauth2/callback` and click **Save changes**.
27 1. Click **+ Add** in the left sidebar under **APIS AND FEATURES**.
42 ```shell
43 sudo editor /etc/gitlab/gitlab.rb
44 ```
80 1. Save the configuration file.
82 1. [Reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) or [restart GitLab](../restart_gitlab.md#installations-from-source) for the changes to take effect if you installed GitLab via Omnibus or from source respectively.
84 On the sign-in page there should now be an Atlassian icon below the regular sign in form. Click the icon to begin the authentication process.
2021-03-06-tokens-pls.md (https://gitlab.com/jamietanna/jvt.me) Markdown · 52 lines
1 ---
2 title: "Introducing tokens-pls, a Web Application to Test OAuth2 Code Flows"
3 description: "Announcing my new project, tokens-pls, which allows for easier manual testing with the OAuth2 code flow for Public Clients."
4 tags:
5 - indieauth
6 - oauth2
7 - token-pls
8 license_code: Apache-2.0
16 Since I've been working a bit more with Micropub and IndieAuth, I've always had cases where I've wanted to test things locally, which requires retrieving an access token.
18 Fortunately, the OAuth2 Authorization Code grant is pretty straightforward, so doing this locally with i.e. `curl` is an OK process to go through, as well as using a guided tool such as <span class="h-card"><a class="u-url" href="https://seblog.nl">Sebastiaan Andeweg</a></span>'s <a href="http://gimme-a-token.5eb.nl/">gimme-a-token.5eb.nl</a>.
20 However, with [Proof of Key Code Exchange (PKCE)](https://oauth.net/2/pkce/) support now a requirement of IndieAuth, gimme-a-token isn't applicable, and the logic to run this locally with `curl` is a bit more complex, so I looked to script it.
22 I was thinking of creating a small script to go through the OAuth2 flow locally, with me copying-and-pasting the callback URL with granted authorization code, but thought I'd think a bit better about making this as easy as possible.
24 I've created a Sinatra app, [tokens-pls](https://gitlab.com/jamietanna/tokens-pls) for this, which provides an easy tool for going through the Authorization Code flow for a [Public Client](https://tools.ietf.org/html/draft-ietf-oauth-v2-1-01#section-2.1), which is currently hosted on Heroku at [tokens-pls.herokuapp.com](https://tokens-pls.herokuapp.com).
2018-05-03-gitlab-10-7-3-released.html.md (https://gitlab.com/syedahmedz1/www-gitlab-com) Markdown · 60 lines
24 - [Fix errors on pushing to an empty repository.](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/18462)
25 - [Update `doorkeeper` to 4.3.2 to fix GitLab OAuth authentication.](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/18543)
26 - [Ports `omniauth-jwt` gem onto GitLab OmniAuth Strategies suite.](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/18580)
29 - [Fix `file_store` for artifacts and lfs when saving.](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/18624)
30 - [Fix users not seeing labels from private groups when being a member of a child project.](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/18544)
32 Available in GitLab Starter, Premium, and Ultimate:
35 - [Geo: Admin page will not crash with 500 because of InvalidSignatureTimeError.](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/5495)
36 - [Fix DB LB errors when escaping input.](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/5481)
38 ## Omnibus GitLab
39 - [Add support for the -daemon-inplace-chroot command-line flag to GitLab Pages](https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/2483)
41 ## Upgrade barometer
pages_spec.rb (https://gitlab.com/rymai/gitlab) Ruby · 257 lines
38 context 'authenticated' do
39 def query_host(host)
40 jwt_token = JWT.encode({ 'iss' => 'gitlab-pages' }, Gitlab::Pages.secret, 'HS256')
41 headers = { Gitlab::Pages::INTERNAL_API_REQUEST_HEADER => jwt_token }
112 query_host(serverless_domain.uri.host)
114 expect(response).to have_gitlab_http_status(:ok)
115 expect(response).to match_response_schema('internal/serverless/virtual_domain')
181 'source' => {
182 'type' => 'file',
183 'path' => 'gitlab-org/gitlab-ce/public/'
184 }
185 }
196 allow(Settings.pages).to receive(:host).and_return('gitlab-pages.io')
197 allow(Gitlab.config.pages).to receive(:url).and_return("http://gitlab-pages.io")
198 end
gitlab_controller.rb (https://gitlab.com/wolfgang42/gitlab-ce) Ruby · 76 lines
36 if current_user.can?(:create_projects, target_namespace)
37 project = Gitlab::GitlabImport::ProjectCreator.new(repo, target_namespace, current_user, access_params).execute
39 if project.persisted?
51 def client
52 @client ||= Gitlab::GitlabImport::Client.new(session[:gitlab_access_token])
53 end
73 def access_params
74 { gitlab_access_token: session[:gitlab_access_token] }
75 end
76 end
index.md (https://gitlab.com/artofhuman/gitlab-ce) Markdown · 48 lines
12 - [Security Webcast with Yubico](https://about.gitlab.com/2016/08/31/gitlab-and-yubico-security-webcast/)
13 - **Integrations:**
14 - [GitLab as OAuth2 authentication service provider](../../integration/oauth_provider.md#introduction-to-oauth)
15 - [GitLab as OpenID Connect identity provider](../../integration/openid_connect_provider.md)
23 - [How to Configure LDAP with GitLab CE](../../administration/auth/how_to_configure_ldap_gitlab_ce/index.md)
24 - [How to Configure LDAP with GitLab EE](https://docs.gitlab.com/ee/articles/how_to_configure_ldap_gitlab_ee/)
25 - [Feature Highlight: LDAP Integration](https://about.gitlab.com/2014/07/10/feature-highlight-ldap-sync/)
32 - [SAML OmniAuth Provider](../../integration/saml.md)
33 - [Okta SSO provider](../../administration/auth/okta.md)
34 - [Kerberos integration (GitLab EE)](https://docs.gitlab.com/ee/integration/kerberos.html)
36 ## API
39 - [Personal access tokens](../../api/README.md#personal-access-tokens)
40 - [Impersonation tokens](../../api/README.md#impersonation-tokens)
41 - [GitLab as an OAuth2 provider](../../api/oauth2.md#gitlab-as-an-oauth2-provider)
43 ## Third-party resources
snippets_controller.rb (https://gitlab.com/rymai/gitlab) Ruby · 167 lines
twitter.md (https://gitlab.com/wolfgang42/gitlab-ce) Markdown · 84 lines
9 1. Fill in the application details.
10 - Name: This can be anything. Consider something like `<Organization>'s GitLab` or `<Your Name>'s GitLab` or
11 something else descriptive.
12 - Description: Create a description.
13 - Website: The URL to your GitLab installation. `https://gitlab.example.com`
14 - Callback URL: `https://gitlab.example.com/users/auth/twitter/callback`
79 installed GitLab via Omnibus or from source respectively.
81 On the sign in page there should now be a Twitter icon below the regular sign in form. Click the icon to begin the authentication process. Twitter will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in.
83 [reconfigure]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure
84 [restart GitLab]: ../administration/restart_gitlab.md#installations-from-source
user.go (https://gitlab.com/vafl/vafl) Go · 117 lines
3 import (
4 "gitlab.com/vafl/vafl/utils"
5 "golang.org/x/net/context"
6 "golang.org/x/oauth2"
19 func (u *User) InitializeService() {
20 ctx := context.Background()
21 client := oauth2.NewClient(ctx, oauth2.StaticTokenSource(&oauth2.Token{AccessToken: u.AccessToken}))
23 srv, err := classroom.New(client)
README.md (https://gitlab.com/Munken/gitlab-ce) Markdown · 65 lines
1 # GitLab Integration
3 GitLab integrates with multiple third-party services to allow external issue
4 trackers and external authentication.
9 - [External issue tracker](external-issue-tracker.md) Redmine, JIRA, etc.
10 - [LDAP](ldap.md) Set up sign in via LDAP
11 - [OmniAuth](omniauth.md) Sign in via Twitter, GitHub, GitLab.com, Google, Bitbucket, Facebook, Shibboleth, SAML, Crowd and Azure
12 - [SAML](saml.md) Configure GitLab as a SAML 2.0 Service Provider
13 - [CAS](cas.md) Configure GitLab to sign in using CAS
14 - [OAuth2 provider](oauth_provider.md) OAuth2 application creation
15 - [Gmail actions buttons](gmail_action_buttons_for_gitlab.md) Adds GitLab actions to messages
18 - [Koding](../administration/integration/koding.md) Configure Koding to use IDE integration
20 GitLab Enterprise Edition contains [advanced Jenkins support][jenkins].
22 [jenkins]: http://docs.gitlab.com/ee/integration/jenkins.html
auth.rb (https://gitlab.com/nacredata/gitlab-ee) Ruby · 124 lines
1 module Gitlab
2 module Auth
3 Result = Struct.new(:user, :type)
25 if Devise.omniauth_providers.include?(:kerberos)
26 kerberos_user = Gitlab::Kerberos::Authentication.login(login, password)
27 return kerberos_user if kerberos_user
28 end
32 if user.nil? || user.ldap_user?
33 # Second chance - try LDAP authentication
34 return nil unless Gitlab::LDAP::Config.enabled?
36 Gitlab::LDAP::Authentication.login(login, password)
42 def rate_limit!(ip, success:, login:)
43 rate_limiter = Gitlab::Auth::IpRateLimiter.new(ip)
44 return unless rate_limiter.enabled?
events_spec.rb (https://gitlab.com/tbeadle/gitlab-ce) Ruby · 200 lines
15 get api('/events')
17 expect(response).to have_gitlab_http_status(401)
18 end
19 end
23 get api('/events?action=closed&target_type=issue&after=2016-12-1&before=2016-12-31', user)
25 expect(response).to have_gitlab_http_status(200)
26 expect(response).to include_pagination_headers
27 expect(json_response).to be_an Array
36 get api("/users/#{user.id}/events", other_user)
38 expect(response).to have_gitlab_http_status(200)
39 expect(json_response).to be_empty
40 end
icons_helper_spec.rb (https://gitlab.com/artofhuman/gitlab-ce) Ruby · 215 lines
index.md (https://gitlab.com/mehlah/gitlab-ce) Markdown · 48 lines
11 - [Security Webcast with Yubico](https://about.gitlab.com/2016/08/31/gitlab-and-yubico-security-webcast/)
12 - **Integrations:**
13 - [GitLab as OAuth2 authentication service provider](../../integration/oauth_provider.md#introduction-to-oauth)
14 - [GitLab as OpenID Connect identity provider](../../integration/openid_connect_provider.md)
22 - [How to Configure LDAP with GitLab CE](../../articles/how_to_configure_ldap_gitlab_ce/index.md)
23 - [How to Configure LDAP with GitLab EE](https://docs.gitlab.com/ee/articles/how_to_configure_ldap_gitlab_ee/)
24 - [Feature Highlight: LDAP Integration](https://about.gitlab.com/2014/07/10/feature-highlight-ldap-sync/)
31 - [SAML OmniAuth Provider](../../integration/saml.md)
32 - [Okta SSO provider](../../administration/auth/okta.md)
33 - [Kerberos integration (GitLab EE)](https://docs.gitlab.com/ee/integration/kerberos.html)
35 ## API
38 - [Private Tokens](../../api/README.md#private-tokens)
39 - [Impersonation tokens](../../api/README.md#impersonation-tokens)
40 - [GitLab as an OAuth2 provider](../../api/oauth2.md#gitlab-as-an-oauth2-provider)
42 ## Third-party resources
auth_helper.rb (https://gitlab.com/jacobvosmaer-gitlab/gitlab-ce) Ruby · 80 lines
1 module AuthHelper
2 PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2 facebook azure_oauth2 authentiq).freeze
3 FORM_BASED_PROVIDERS = [/\Aldap/, 'crowd'].freeze
5 def ldap_enabled?
6 Gitlab::LDAP::Config.enabled?
7 end
9 def omniauth_enabled?
10 Gitlab.config.omniauth.enabled
11 end
17 def auth_providers
18 Gitlab::OAuth::Provider.providers
19 end
overview.rst (https://gitlab.com/superiorthreads/django-allauth) ReStructuredText · 160 lines
README.md (https://gitlab.com/klml/gitlab-ee) Markdown · 52 lines
4 stage: Manage
5 group: Access
6 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
7 ---
9 # GitLab authentication and authorization **(FREE SELF)**
11 GitLab integrates with the following external authentication and authorization
22 - [Facebook](../../integration/facebook.md)
23 - [GitHub](../../integration/github.md)
24 - [GitLab.com](../../integration/gitlab.md)
25 - [Google OAuth](../../integration/google.md)
26 - [JWT](jwt.md)
email_receiver_worker.rb (https://gitlab.com/artofhuman/gitlab-ce) Ruby · 54 lines
6 def perform(raw)
7 return unless Gitlab::IncomingEmail.enabled?
9 begin
10 Gitlab::Email::Receiver.new(raw).execute
11 rescue => e
12 handle_failure(raw, e)
24 reason =
25 case error
26 when Gitlab::Email::UnknownIncomingEmail
27 "We couldn't figure out what the email is for. Please create your issue or comment through the web interface."
28 when Gitlab::Email::SentNotificationNotFoundError
oauth_provider.md (https://gitlab.com/lavvy/artifacts-browser-demo) Markdown · 35 lines
1 ## GitLab as OAuth2 authentication service provider
3 This document is about using GitLab as an OAuth authentication service provider to sign into other services.
4 If you want to use other OAuth authentication service providers to sign into GitLab please see the [OAuth2 client documentation](../api/oauth2.md)
6 OAuth2 provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. Or you can allow users to sign in to your application with their GitLab.com account.
7 In fact OAuth allows to issue access token to third-party clients by an authorization server,
8 with the approval of the resource owner, or end-user.
9 Mostly, OAuth2 is using for SSO (Single sign-on). But you can find a lot of different usages for this functionality.
10 For example, our feature 'GitLab Importer' is using OAuth protocol to give an access to repositories without sharing user credentials to GitLab.com account.
11 Also GitLab.com application can be used for authentication to your GitLab instance if needed [GitLab OmniAuth](gitlab.md).
13 GitLab has two ways to add new OAuth2 application to an instance, you can add application as regular user and through admin area. So GitLab actually can have an instance-wide and a user-wide applications. There is no defferences between them except the different permission levels.
services_controller.rb (https://gitlab.com/siemens/gitlab-ce) Ruby · 96 lines
google.md (https://gitlab.com/rymai/gitlab) Markdown · 120 lines
31 ```
32 https://gitlab.example.com/users/auth/google_oauth2/callback
33 https://gitlab.example.com/-/google_api/auth/callback
57 ```shell
58 sudo editor /etc/gitlab/gitlab.rb
59 ```
69 1. Add the provider configuration:
71 For Omnibus GitLab:
73 ```ruby
119 [reconfigure]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure
120 [restart GitLab]: ../administration/restart_gitlab.md#installations-from-source
services_controller.rb (https://gitlab.com/AnhHoaHuynh93/gitlab) Ruby · 136 lines
index.md (https://gitlab.com/SaiAshirwadInformatia/gitlab-ce) Markdown · 48 lines
11 - [Security Webcast with Yubico](https://about.gitlab.com/2016/08/31/gitlab-and-yubico-security-webcast/)
12 - **Integrations:**
13 - [GitLab as OAuth2 authentication service provider](../../integration/oauth_provider.md#introduction-to-oauth)
15 ## GitLab administrators
21 - [How to Configure LDAP with GitLab CE](../../articles/how_to_configure_ldap_gitlab_ce/index.md)
22 - [How to Configure LDAP with GitLab EE](https://docs.gitlab.com/ee/articles/how_to_configure_ldap_gitlab_ee/)
23 - [Feature Highlight: LDAP Integration](https://about.gitlab.com/2014/07/10/feature-highlight-ldap-sync/)
37 - [Private Tokens](../../api/README.md#private-tokens)
38 - [Impersonation tokens](../../api/README.md#impersonation-tokens)
39 - [GitLab as an OAuth2 provider](../../api/oauth2.md#gitlab-as-an-oauth2-provider)
40 - [GitLab Runner API - Authentication](../../api/ci/runners.md#authentication)
42 ## Third-party resources
44 - [Kanboard Plugin GitLab Authentication](https://kanboard.net/plugin/gitlab-auth)
45 - [Jenkins GitLab OAuth Plugin](https://wiki.jenkins-ci.org/display/JENKINS/GitLab+OAuth+Plugin)
builder_spec.rb (https://gitlab.com/klml/gitlab-ee) Ruby · 76 lines
3 require 'fast_spec_helper'
5 RSpec.describe Gitlab::APIAuthentication::Builder do
6 describe '#build' do
7 shared_examples 'builds the correct result' do |token_type:, sent_through:, builds:|
58 allow.token_types(:pat, :job, :deploy).sent_through(:http_basic, :oauth)
59 allow.token_types(:pat).sent_through(:http_private, :query_private)
60 allow.token_types(:oauth2).sent_through(:http_bearer, :query_access)
61 end
68 query_private: [:pat],
70 http_bearer: [:oauth2],
71 query_access: [:oauth2]
auth_helper_spec.rb (https://gitlab.com/fuxu/gitlab-ce) Ruby · 79 lines
branches.rb (https://gitlab.com/solidnerd/gitlab-ce) Ruby · 179 lines
30 end
31 get ':id/repository/branches' do
32 Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42329')
34 repository = user_project.repository
66 # Note: This API will be deprecated in favor of the protected branches API.
67 # Note: The internal data model moved from `developers_can_{merge,push}` to `allowed_to_{merge,push}`
68 # in `gitlab-org/gitlab-ce!5081`. The API interface has not been changed (to maintain compatibility),
69 # but it works with the changed data model to infer `developers_can_merge` and `developers_can_push`.
70 desc 'Protect a single branch' do
ci_cd_controller.rb (https://gitlab.com/habukagumba/gitlab-ce) Ruby · 114 lines
auth_spec.rb (https://gitlab.com/jamedjo/gitlab-ce) Ruby · 243 lines
57 expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: user.username)
58 expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
59 end
143 expect(gl_auth.find_for_git_client(user.username, user.password, project: nil, ip: 'ip'))
144 .to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
145 end
154 expect(gl_auth.find_for_git_client(user.username, user.password, project: nil, ip: 'ip'))
155 .to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
156 end
157 end
jobs_controller.rb (https://gitlab.com/Ben305/gitlab-ce) Ruby · 147 lines
labels_controller.rb (https://gitlab.com/artofhuman/gitlab-ce) Ruby · 181 lines
revoke_oauth_controller_spec.rb (https://gitlab.com/maxraab/gitlab-foss) Ruby · 86 lines
6 include SessionHelpers
8 describe 'POST #create', :snowplow, :clean_gitlab_redis_sessions, :aggregate_failures do
9 let_it_be(:project) { create(:project, :public) }
10 let_it_be(:url) { project_google_cloud_revoke_oauth_index_path(project).to_s }
29 end
31 it 'redirects to Google OAuth2 authorize URL' do
32 sign_in(user)
40 context 'when revocation is successful' do
41 before do
42 stub_request(:post, "https://oauth2.googleapis.com/revoke")
43 .to_return(status: 200, body: "", headers: {})
44 end
create_note_handler_spec.rb (https://gitlab.com/Ben305/gitlab-ce) Ruby · 177 lines
2 require_relative '../email_shared_blocks'
4 describe Gitlab::Email::Handler::CreateNoteHandler do
5 include_context :email_shared_context
6 it_behaves_like :reply_processing_shared_examples
26 it "raises a UnknownIncomingEmail" do
27 expect { receiver.execute }.to raise_error(Gitlab::Email::UnknownIncomingEmail)
28 end
29 end
34 it "raises a SentNotificationNotFoundError" do
35 expect { receiver.execute }.to raise_error(Gitlab::Email::SentNotificationNotFoundError)
36 end
37 end
index.md (https://gitlab.com/joe.rocklin/gitlab-ce) Markdown · 48 lines
11 - [Security Webcast with Yubico](https://about.gitlab.com/2016/08/31/gitlab-and-yubico-security-webcast/)
12 - **Integrations:**
13 - [GitLab as OAuth2 authentication service provider](../../integration/oauth_provider.md#introduction-to-oauth)
15 ## GitLab administrators
21 - [How to Configure LDAP with GitLab CE](../../articles/how_to_configure_ldap_gitlab_ce/index.md)
22 - [How to Configure LDAP with GitLab EE](https://docs.gitlab.com/articles/how_to_configure_ldap_gitlab_ee/)
23 - [Feature Highlight: LDAP Integration](https://about.gitlab.com/2014/07/10/feature-highlight-ldap-sync/)
37 - [Private Tokens](../../api/README.md#private-tokens)
38 - [Impersonation tokens](../../api/README.md#impersonation-tokens)
39 - [GitLab as an OAuth2 provider](../../api/oauth2.md#gitlab-as-an-oauth2-provider)
40 - [GitLab Runner API - Authentication](../../api/ci/runners.md#authentication)
42 ## Third-party resources
44 - [Kanboard Plugin GitLab Authentication](https://kanboard.net/plugin/gitlab-auth)
45 - [Jenkins GitLab OAuth Plugin](https://wiki.jenkins-ci.org/display/JENKINS/GitLab+OAuth+Plugin)
receiver_spec.rb (https://gitlab.com/mcfedr/gitlab-ce) Ruby · 164 lines
1 require "spec_helper"
3 describe Gitlab::Email::Receiver, lib: true do
4 before do
5 stub_incoming_email_setting(enabled: true, address: "reply+%{key}@appmail.adventuretime.ooo")
22 it "raises a SentNotificationNotFoundError" do
23 expect { receiver.execute }.to raise_error(Gitlab::Email::Receiver::SentNotificationNotFoundError)
24 end
25 end
30 it "raises a SentNotificationNotFoundError" do
31 expect { receiver.execute }.to raise_error(Gitlab::Email::Receiver::SentNotificationNotFoundError)
32 end
33 end
operations_controller.rb (https://gitlab.com/18dit020/gitlab) Ruby · 163 lines
57 def track_events(result)
58 if result[:status] == :success
59 ::Gitlab::Tracking::IncidentManagement.track_from_params(
60 update_params[:incident_management_setting_attributes]
61 )
70 return unless external_url_previous_change[0].blank? && external_url_previous_change[1].present?
72 ::Gitlab::Tracking.event('project:operations:tracing', 'external_url_populated', user: current_user, project: project, namespace: project.namespace)
73 end
135 def permitted_project_params
136 project_params = {
137 incident_management_setting_attributes: ::Gitlab::Tracking::IncidentManagement.tracking_keys.keys,
139 metrics_setting_attributes: [:external_dashboard_url, :dashboard_timezone],
api_guard.rb (https://gitlab.com/beverett/gitlab-ce) Ruby · 126 lines
40 # Helper Methods for Grape Endpoint
41 module HelperMethods
42 include Gitlab::Auth::UserAuthFinders
44 def find_current_user!
46 return unless user
48 forbidden!('User is blocked') unless Gitlab::UserAccess.new(user).allowed? && user.can?(:access_api)
50 user
85 Gitlab::Auth::InsufficientScopeError]
87 base.__send__(:rescue_from, *error_classes, oauth2_bearer_token_error_handler) # rubocop:disable GitlabSecurity/PublicSend
88 end
92 response =
93 case e
94 when Gitlab::Auth::MissingTokenError
95 Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new
create_note_handler_spec.rb (https://gitlab.com/bxt/gitlab-ce) Ruby · 179 lines
2 require_relative '../email_shared_blocks'
4 describe Gitlab::Email::Handler::CreateNoteHandler, lib: true do
5 include_context :email_shared_context
6 it_behaves_like :reply_processing_shared_examples
26 it "raises a UnknownIncomingEmail" do
27 expect { receiver.execute }.to raise_error(Gitlab::Email::UnknownIncomingEmail)
28 end
29 end
34 it "raises a SentNotificationNotFoundError" do
35 expect { receiver.execute }.to raise_error(Gitlab::Email::SentNotificationNotFoundError)
36 end
37 end
client_spec.rb (https://gitlab.com/18dit020/gitlab) Ruby · 120 lines
3 require 'spec_helper'
5 RSpec.describe Gitlab::LegacyGithubImport::Client do
6 let(:token) { '123456' }
7 let(:github_provider) { Settingslogic.new('app_id' => 'asd123', 'app_secret' => 'asd123', 'name' => 'github', 'args' => { 'client_options' => {} }) }
12 before do
13 allow(Gitlab.config.omniauth).to receive(:providers).and_return([github_provider])
14 end
16 it 'convert OAuth2 client options to symbols' do
17 expect(client.client.options.keys).to all(be_kind_of(Symbol))
18 end
google.md (https://gitlab.com/wolfgang42/gitlab-ce) Markdown · 120 lines
31 ```
32 https://gitlab.example.com/users/auth/google_oauth2/callback
33 https://gitlab.example.com/-/google_api/auth/callback
57 ```sh
58 sudo editor /etc/gitlab/gitlab.rb
59 ```
69 1. Add the provider configuration:
71 For Omnibus GitLab:
73 ```ruby
119 [reconfigure]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure
120 [restart GitLab]: ../administration/restart_gitlab.md#installations-from-source
README.md (https://gitlab.com/cabargas/testing-import) Markdown · 66 lines
1 # GitLab Integration
3 GitLab integrates with multiple third-party services to allow external issue
4 trackers and external authentication.
9 - [External issue tracker](external-issue-tracker.md) Redmine, JIRA, etc.
10 - [LDAP](ldap.md) Set up sign in via LDAP
11 - [OmniAuth](omniauth.md) Sign in via Twitter, GitHub, GitLab.com, Google, Bitbucket, Facebook, Shibboleth, SAML, Crowd, Azure and Authentiq ID
12 - [SAML](saml.md) Configure GitLab as a SAML 2.0 Service Provider
13 - [CAS](cas.md) Configure GitLab to sign in using CAS
14 - [OAuth2 provider](oauth_provider.md) OAuth2 application creation
15 - [Gmail actions buttons](gmail_action_buttons_for_gitlab.md) Adds GitLab actions to messages
19 - [PlantUML](../administration/integration/plantuml.md) Configure PlantUML to use diagrams in AsciiDoc documents.
21 GitLab Enterprise Edition contains [advanced Jenkins support][jenkins].
23 [jenkins]: http://docs.gitlab.com/ee/integration/jenkins.html
servicenow.md (https://gitlab.com/klml/gitlab-ee) Markdown · 41 lines
12 ## GitLab spoke
14 With the GitLab spoke in ServiceNow, you can automate actions for GitLab
15 projects, groups, users, issues, merge requests, branches, and repositories.
18 [GitLab spoke documentation](https://docs.servicenow.com/bundle/orlando-servicenow-platform/page/administer/integrationhub-store-spokes/concept/gitlab-spoke.html).
20 You must [configure GitLab as an OAuth2 authentication service provider](../../../integration/oauth_provider.md),
21 which involves creating an application and then providing the Application ID
22 and Secret in ServiceNow.
24 ## GitLab SCM and Continuous Integration for DevOps
26 In ServiceNow DevOps, you can integrate with GitLab repositories and GitLab CI/CD
27 to centralize your view of GitLab activity and your change management processes.
40 - [GitLab SCM and Continuous Integration for DevOps](https://store.servicenow.com/sn_appstore_store.do#!/store/application/54dc4eacdbc2dcd02805320b7c96191e/)
41 - [Model a GitLab CI pipeline in DevOps](https://docs.servicenow.com/bundle/paris-devops/page/product/enterprise-dev-ops/task/model-gitlab-pipeline-dev-ops.html).
application_controller_spec.rb (https://gitlab.com/certik/gitlab-ce) Ruby · 422 lines
issuable_actions.rb (https://gitlab.com/mehlah/gitlab-ce) Ruby · 167 lines
38 def realtime_changes
39 Gitlab::PollingInterval.set_header(response, interval: 3_000)
41 response = {
59 issuable.destroy
60 destroy_method = "destroy_#{issuable.class.name.underscore}".to_sym
61 TodoService.new.public_send(destroy_method, issuable, current_user) # rubocop:disable GitlabSecurity/PublicSend
63 name = issuable.human_class_name
routes.rb (https://gitlab.com/hutusi/gitlab-ci.git) Ruby · 87 lines
connection.rb (https://gitlab.com/alexkeramidas/gitlab-ce) Ruby · 67 lines
41 def client
42 @client ||= OAuth2::Client.new(provider.app_id, provider.app_secret, options)
43 end
45 def connection
46 @connection ||= OAuth2::AccessToken.new(client, @token, refresh_token: @refresh_token, expires_at: @expires_at, expires_in: @expires_in)
47 end
59 def provider
60 Gitlab::Auth::OAuth::Provider.config_for('bitbucket')
61 end
omniauth_callbacks_controller.rb (https://gitlab.com/solidnerd/gitlab-ce) Ruby · 192 lines
9 def handle_omniauth
10 omniauth_flow(Gitlab::Auth::OAuth)
11 end
40 def saml
41 omniauth_flow(Gitlab::Auth::Saml)
42 end
109 def handle_service_ticket(provider, ticket)
110 Gitlab::Auth::OAuth::Session.create provider, ticket
111 session[:service_tickets] ||= {}
112 session[:service_tickets][provider] = ticket
auth_helper.rb (https://gitlab.com/Hubbitus/gitlab-ee) Ruby · 74 lines
1 module AuthHelper
2 PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2 facebook azure_oauth2).freeze
3 FORM_BASED_PROVIDERS = [/\Aldap/, 'kerberos', 'crowd'].freeze
5 def ldap_enabled?
6 Gitlab.config.ldap.enabled
7 end
13 def omniauth_enabled?
14 Gitlab.config.omniauth.enabled
15 end
21 def auth_providers
22 Gitlab::OAuth::Provider.providers
23 end
bitbucket_controller_spec.rb (https://gitlab.com/emrox/gitlab-ce) Ruby · 271 lines
32 expires_in: expires_in,
33 refresh_token: refresh_token)
34 allow_any_instance_of(OAuth2::Client).
35 to receive(:get_token).and_return(access_token)
36 stub_omniauth_provider('bitbucket')
93 context "when the repository owner is the Bitbucket user" do
94 context "when the Bitbucket user and GitLab user's usernames match" do
95 it "takes the current user's namespace" do
96 expect(Gitlab::BitbucketImport::ProjectCreator).
102 end
104 context "when the Bitbucket user and GitLab user's usernames don't match" do
105 let(:bitbucket_username) { "someone_else" }
omniauth_callbacks_controller.rb (https://gitlab.com/webx32/gitlab) Ruby · 96 lines
4 protect_from_forgery except: [:kerberos, :saml]
6 Gitlab.config.omniauth.providers.each do |provider|
7 define_method provider['name'] do
8 handle_omniauth
23 # if the authentication to LDAP was successful.
24 def ldap
25 @user = Gitlab::LDAP::User.new(oauth)
26 @user.save if @user.changed? # will also save new users
27 gl_user = @user.gl_user
53 redirect_to profile_account_path, notice: '认证方法已更新'
54 else
55 @user = Gitlab::OAuth::User.new(oauth)
56 @user.save
twitter.md (https://gitlab.com/zarevavasyl/gitlab-ce) Markdown · 79 lines
9 1. Fill in the application details.
10 - Name: This can be anything. Consider something like "\<Organization\>'s GitLab" or "\<Your Name\>'s GitLab" or
11 something else descriptive.
12 - Description: Create a description.
13 - Website: The URL to your GitLab installation. 'https://gitlab.example.com'
14 - Callback URL: 'https://gitlab.example.com/users/auth/twitter/callback'
36 ```sh
37 sudo editor /etc/gitlab/gitlab.rb
38 ```
77 1. Restart GitLab for the changes to take effect.
79 On the sign in page there should now be a Twitter icon below the regular sign in form. Click the icon to begin the authentication process. Twitter will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in.
README.md (https://gitlab.com/Hubbitus/gitlab-ee) Markdown · 63 lines
1 # GitLab Integration
3 GitLab integrates with multiple third-party services to allow external issue
12 - [OmniAuth](omniauth.md) Sign in via Twitter, GitHub, GitLab.com, Google, Bitbucket, Facebook, Shibboleth, SAML, Crowd and Azure
13 - [SAML](saml.md) Configure GitLab as a SAML 2.0 Service Provider
14 - [CAS](cas.md) Configure GitLab to sign in using CAS
15 - [Slack](slack.md) Integrate with the Slack chat service
16 - [Kerberos](kerberos.md) Integrate with Kerberos
17 - [OAuth2 provider](oauth_provider.md) OAuth2 application creation
18 - [Gmail actions buttons](gmail_action_buttons_for_gitlab.md) Adds GitLab actions to messages
19 - [reCAPTCHA](recaptcha.md) Configure GitLab to use Google reCAPTCHA for new users
20 - [Akismet](akismet.md) Configure Akismet to stop spam
22 GitLab Enterprise Edition contains [advanced Jenkins support][jenkins].
24 [jenkins]: http://doc.gitlab.com/ee/integration/jenkins.html
twitter.md (https://gitlab.com/sacuiu.andy/gitlab-ce) Markdown · 79 lines
9 1. Fill in the application details.
10 - Name: This can be anything. Consider something like `<Organization>'s GitLab` or `<Your Name>'s GitLab` or
11 something else descriptive.
12 - Description: Create a description.
13 - Website: The URL to your GitLab installation. 'https://gitlab.example.com'
14 - Callback URL: 'https://gitlab.example.com/users/auth/twitter/callback'
36 ```sh
37 sudo editor /etc/gitlab/gitlab.rb
38 ```
77 1. Restart GitLab for the changes to take effect.
79 On the sign in page there should now be a Twitter icon below the regular sign in form. Click the icon to begin the authentication process. Twitter will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in.
README.md (https://gitlab.com/svansteenis/gitlab-ee) Markdown · 63 lines
1 # GitLab Integration
3 GitLab integrates with multiple third-party services to allow external issue
12 - [OmniAuth](omniauth.md) Sign in via Twitter, GitHub, GitLab.com, Google, Bitbucket, Facebook, Shibboleth, SAML, Crowd and Azure
13 - [SAML](saml.md) Configure GitLab as a SAML 2.0 Service Provider
14 - [CAS](cas.md) Configure GitLab to sign in using CAS
15 - [Slack](slack.md) Integrate with the Slack chat service
16 - [Kerberos](kerberos.md) Integrate with Kerberos
17 - [OAuth2 provider](oauth_provider.md) OAuth2 application creation
18 - [Gmail actions buttons](gmail_action_buttons_for_gitlab.md) Adds GitLab actions to messages
19 - [reCAPTCHA](recaptcha.md) Configure GitLab to use Google reCAPTCHA for new users
20 - [Akismet](akismet.md) Configure Akismet to stop spam
22 GitLab Enterprise Edition contains [advanced Jenkins support][jenkins].
24 [jenkins]: http://docs.gitlab.com/ee/integration/jenkins.html
omniauth_callbacks_controller.rb (https://gitlab.com/dandunckelman/gitlab-ce) Ruby · 158 lines
5 protect_from_forgery except: [:kerberos, :saml, :cas3]
7 Gitlab.config.omniauth.providers.each do |provider|
8 define_method provider['name'] do
9 handle_omniauth
24 # if the authentication to LDAP was successful.
25 def ldap
26 ldap_user = Gitlab::LDAP::User.new(oauth)
27 ldap_user.save if ldap_user.changed? # will also save new users
56 end
57 else
58 saml_user = Gitlab::Saml::User.new(oauth)
59 saml_user.save if saml_user.changed?
60 @user = saml_user.gl_user
service_accounts_controller_spec.rb (https://gitlab.com/abuhazim/gitlab-foss) Ruby · 248 lines
60 )
62 expect(response).to have_gitlab_http_status(:not_found)
63 end
64 end
78 )
80 expect(response).to have_gitlab_http_status(:not_found)
81 end
82 end
209 end
211 context 'but gitlab instance is not configured for google oauth2' do
212 before do
213 unconfigured_google_oauth2 = Struct.new(:app_id, :app_secret)
oauth_provider.md (https://gitlab.com/artofhuman/gitlab-ce) Markdown · 89 lines
1 # GitLab as OAuth2 authentication service provider
3 This document is about using GitLab as an OAuth authentication service provider
8 - Other OAuth authentication service providers to sign in to
9 GitLab, see the [OAuth2 client documentation](omniauth.md).
10 - The related API, see [Applications API](../api/applications.md).
19 OAuth is mostly used as a Single Sign-On service (SSO), but you can find a
20 lot of different uses for this functionality. For example, you can allow users
21 to sign in to your application with their GitLab.com account, or GitLab.com
22 can be used for authentication to your GitLab instance
33 applications. There is no difference between them except for the different
34 permission levels they are set (user/admin). The default callback URL is
35 `http://your-gitlab.example.com/users/auth/gitlab/callback`
37 ## Adding an application through the profile
provider.rb (https://gitlab.com/atanasmihaylov/gitlab-ce) Ruby · 38 lines
1 module Gitlab
2 module OAuth
3 class Provider
4 LABELS = {
5 "github" => "GitHub",
6 "gitlab" => "GitLab.com",
7 "google_oauth2" => "Google"
23 name = name.to_s
24 if ldap_provider?(name)
25 Gitlab::LDAP::Config.new(name).options
26 else
27 Gitlab.config.omniauth.providers.find { |provider| provider.name == name }
project_creator.rb (https://gitlab.com/atanasmihaylov/gitlab-ce) Ruby · 30 lines
client.rb (https://gitlab.com/atanasmihaylov/gitlab-ce) Ruby · 82 lines
gitlab_controller.rb (https://gitlab.com/SaiAshirwadInformatia/gitlab-ce) Ruby · 66 lines
32 if current_user.can?(:create_projects, @target_namespace)
33 @project = Gitlab::GitlabImport::ProjectCreator.new(repo, @target_namespace, current_user, access_params).execute
34 else
35 render 'unauthorized'
41 def client
42 @client ||= Gitlab::GitlabImport::Client.new(session[:gitlab_access_token])
43 end
63 def access_params
64 { gitlab_access_token: session[:gitlab_access_token] }
65 end
66 end
snippets_controller.rb (https://gitlab.com/markglenfletcher/gitlab-ee) Ruby · 126 lines
client.rb (https://gitlab.com/certik/gitlab-ce) Ruby · 82 lines
accounts_controller_spec.rb (https://gitlab.com/523/gitlab-ce) Ruby · 62 lines
14 delete :unlink, params: { provider: 'github' }
16 expect(response).to have_gitlab_http_status(:not_found)
17 end
26 delete :unlink, params: { provider: provider.to_s }
28 expect(response).to have_gitlab_http_status(:found)
29 expect(user.reload.identities).to include(identity)
30 end
32 end
34 [:twitter, :facebook, :google_oauth2, :gitlab, :github, :bitbucket, :crowd, :auth0, :authentiq, :dingtalk, :alicloud].each do |provider|
35 describe "#{provider} provider" do
36 let(:user) { create(:omniauth_user, provider: provider.to_s) }
2019-02-07-gitlab-11-7-5-released.html.md.erb (https://gitlab.com/syedahmedz1/www-gitlab-com) Ruby HTML · 46 lines
16 ## GitLab Community Edition and Enterprise Edition
18 - [Fix import handling errors in Bitbucket Server importer.](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24499)
19 - [Adjusts suggestions unable to be applied.](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24603)
20 - [Fix 500 errors with legacy appearance logos.](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24615)
21 - [Fix form functionality for edit tag page.](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24645)
22 - Update Workhorse to v8.0.2.
23 - [Downcase aliased OAuth2 callback providers.](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24877)
24 - [Fix Detect Host Keys not working.](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24884)
25 - [Changed external wiki query method to prevent attribute caching.](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24907)
27 ## Upgrade barometer
index.md (https://gitlab.com/haynes/gitlab-ee.git) Markdown · 49 lines
11 - [Support for Universal 2nd Factor Authentication - YubiKeys](https://about.gitlab.com/2016/06/22/gitlab-adds-support-for-u2f/)
12 - [Security Webcast with Yubico](https://about.gitlab.com/2016/08/31/gitlab-and-yubico-security-webcast/)
13 - **Integrations:**
14 - [GitLab as OAuth2 authentication service provider](../../integration/oauth_provider.md#introduction-to-oauth)
21 - [Enforce Two-factor Authentication (2FA)](../../security/two_factor_authentication.md#enforce-two-factor-authentication-2fa)
22 - **Articles:**
23 - [How to Configure LDAP with GitLab CE](../../administration/auth/how_to_configure_ldap_gitlab_ce/index.md)
24 - [How to Configure LDAP with GitLab EE](../../administration/auth/how_to_configure_ldap_gitlab_ee/index.md)
32 - [SAML OmniAuth Provider](../../integration/saml.md)
33 - [Okta SSO provider](../../administration/auth/okta.md)
34 - [Kerberos integration (GitLab EE)](https://docs.gitlab.com/ee/integration/kerberos.html)
36 ## API
39 - [Private Tokens](../../api/README.md#private-tokens)
40 - [Impersonation tokens](../../api/README.md#impersonation-tokens)
41 - [GitLab as an OAuth2 provider](../../api/oauth2.md#gitlab-as-an-oauth2-provider)
43 ## Third-party resources
twitter.md (https://gitlab.com/artofhuman/gitlab-ce) Markdown · 83 lines
9 1. Fill in the application details.
10 - Name: This can be anything. Consider something like `<Organization>'s GitLab` or `<Your Name>'s GitLab` or
11 something else descriptive.
12 - Description: Create a description.
13 - Website: The URL to your GitLab installation. 'https://gitlab.example.com'
14 - Callback URL: 'https://gitlab.example.com/users/auth/twitter/callback'
78 installed GitLab via Omnibus or from source respectively.
80 On the sign in page there should now be a Twitter icon below the regular sign in form. Click the icon to begin the authentication process. Twitter will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in.
82 [reconfigure]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure
83 [restart GitLab]: ../administration/restart_gitlab.md#installations-from-source
gitlab_controller.rb (https://gitlab.com/sacuiu.andy/gitlab-ce) Ruby · 67 lines
35 namespace = get_or_create_namespace || (render and return)
37 @project = Gitlab::GitlabImport::ProjectCreator.new(repo, namespace, current_user, access_params).execute
38 end
42 def client
43 @client ||= Gitlab::GitlabImport::Client.new(session[:gitlab_access_token])
44 end
64 def access_params
65 { gitlab_access_token: session[:gitlab_access_token] }
66 end
67 end
facebook.md (https://gitlab.com/demisxbar/gitlab-ce) Markdown · 97 lines
1 # Facebook OAuth2 OmniAuth Provider
3 To enable the Facebook OmniAuth provider you must register your application with Facebook. Facebook will generate an app ID and secret key for you to use.
9 1. Select the type "Website"
11 1. Enter a name for your app. This can be anything. Consider something like "<Organization>'s GitLab" or "<Your Name>'s GitLab" or
12 something else descriptive.
54 ```sh
55 sudo editor /etc/gitlab/gitlab.rb
56 ```
95 1. Restart GitLab for the changes to take effect.
97 On the sign in page there should now be a Facebook icon below the regular sign in form. Click the icon to begin the authentication process. Facebook will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in.
azure.md (https://gitlab.com/demisxbar/gitlab-ce) Markdown · 83 lines
17 1. On the "App properties" page enter the needed URI's and click the "Complete" button.
18 - SIGN-IN URL: Enter the URL of your GitLab installation (e.g 'https://gitlab.mycompany.com/')
19 - APP ID URI: Enter the endpoint URL for Microsoft to use, just has to be unique (e.g 'https://mycompany.onmicrosoft.com/gitlab')
21 1. Select "Configure" in the top menu.
23 1. Add a "Reply URL" pointing to the Azure OAuth callback of your GitLab installation (e.g. https://gitlab.mycompany.com/users/auth/azure_oauth2/callback).
25 1. Create a "Client secret" by selecting a duration, the secret will be generated as soon as you click the "Save" button in the bottom menu..
37 ```sh
38 sudo editor /etc/gitlab/gitlab.rb
39 ```
81 1. Restart GitLab for the changes to take effect.
83 On the sign in page there should now be a Microsoft icon below the regular sign in form. Click the icon to begin the authentication process. Microsoft will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in.
Gitlab.php (https://gitlab.com/x33n/kanboard) PHP · 122 lines
31 *
32 * @access public
33 * @param string $gitlab_id Gitlab user id
34 * @return boolean
35 */
36 public function authenticate($gitlab_id)
37 {
38 $user = $this->user->getByGitlabId($gitlab_id);
40 if (! empty($user)) {
58 return $this->user->update(array(
59 'id' => $user_id,
60 'gitlab_id' => '',
61 ));
62 }
README.md (https://gitlab.com/iOrange/gitlab-ee) Markdown · 63 lines
1 # GitLab Integration
3 GitLab integrates with multiple third-party services to allow external issue
12 - [OmniAuth](omniauth.md) Sign in via Twitter, GitHub, GitLab.com, Google, Bitbucket, Facebook, Shibboleth, SAML, Crowd and Azure
13 - [SAML](saml.md) Configure GitLab as a SAML 2.0 Service Provider
14 - [CAS](cas.md) Configure GitLab to sign in using CAS
15 - [Kerberos](kerberos.md) Integrate with Kerberos
16 - [OAuth2 provider](oauth_provider.md) OAuth2 application creation
17 - [Gmail actions buttons](gmail_action_buttons_for_gitlab.md) Adds GitLab actions to messages
18 - [reCAPTCHA](recaptcha.md) Configure GitLab to use Google reCAPTCHA for new users
19 - [Akismet](akismet.md) Configure Akismet to stop spam
20 - [Koding](koding.md) Configure Koding to use IDE integration
22 GitLab Enterprise Edition contains [advanced Jenkins support][jenkins].
24 [jenkins]: http://docs.gitlab.com/ee/integration/jenkins.html
facebook.md (https://gitlab.com/alexkeramidas/gitlab-ce) Markdown · 101 lines
9 1. Select the type "Website"
11 1. Enter a name for your app. This can be anything. Consider something like "<Organization>'s GitLab" or "<Your Name>'s GitLab" or
12 something else descriptive.
54 ```sh
55 sudo editor /etc/gitlab/gitlab.rb
56 ```
96 installed GitLab via Omnibus or from source respectively.
98 On the sign in page there should now be a Facebook icon below the regular sign in form. Click the icon to begin the authentication process. Facebook will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in.
100 [reconfigure]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure
101 [restart GitLab]: ../administration/restart_gitlab.md#installations-from-source
client_spec.rb (https://gitlab.com/markglenfletcher/gitlab-ee) Ruby · 107 lines
issue_spec.rb (https://gitlab.com/klml/gitlab-ee) Ruby · 173 lines
5.4-to-7.8.md (https://gitlab.com/mariolameiras/gitlab-ci) Markdown · 65 lines
3 ## Notice
5 With this release we are bumping the GitLab CI version to 7.8 in order to be on par with the current GitLab version and
6 to avoid naming confusion.
8 __GitLab CI 7.8 requires GitLab 7.8 or higher and GitLab CI Runner v5__
10 ### 1. stop CI server
17 sudo su gitlab_ci
18 cd /home/gitlab_ci/gitlab-ci
19 ```
45 ### 5. Update config
46 GitLab CI 5.4 and above make use of the OAuth2 protocol for authentication with GitLab. This means that after updating GitLab (CI),
47 you need to create an OAuth2 application in GitLab admin area, which gives you the APP_ID and APP_SECRET.
bitbucket_controller.rb (https://gitlab.com/artofhuman/gitlab-ce) Ruby · 107 lines
5 before_action :bitbucket_auth, except: :callback
7 rescue_from OAuth2::Error, with: :bitbucket_unauthorized
8 rescue_from Bitbucket::Error::Unauthorized, with: :bitbucket_unauthorized
55 session[:bitbucket_token] = bitbucket_client.connection.token
57 project = Gitlab::BitbucketImport::ProjectCreator.new(repo, project_name, target_namespace, current_user, credentials).execute
59 if project.persisted?
71 def client
72 @client ||= OAuth2::Client.new(provider.app_id, provider.app_secret, options)
73 end
README.md (https://gitlab.com/espadav8/gitlab-ce) Markdown · 66 lines
9 - [External issue tracker](external-issue-tracker.md) Redmine, JIRA, etc.
10 - [LDAP](ldap.md) Set up sign in via LDAP
11 - [OmniAuth](omniauth.md) Sign in via Twitter, GitHub, GitLab.com, Google, Bitbucket, Facebook, Shibboleth, SAML, Crowd, Azure and Authentiq ID
12 - [SAML](saml.md) Configure GitLab as a SAML 2.0 Service Provider
13 - [CAS](cas.md) Configure GitLab to sign in using CAS
14 - [OAuth2 provider](oauth_provider.md) OAuth2 application creation
15 - [OpenID Connect](openid_connect_provider.md) Use GitLab as an identity provider
16 - [Gmail actions buttons](gmail_action_buttons_for_gitlab.md) Adds GitLab actions to messages
17 - [reCAPTCHA](recaptcha.md) Configure GitLab to use Google reCAPTCHA for new users
20 - [PlantUML](../administration/integration/plantuml.md) Configure PlantUML to use diagrams in AsciiDoc documents.
22 > GitLab Enterprise Edition contains [advanced Jenkins support][jenkins].
24 ## Project services
auth.go (https://gitlab.com/willjharmer/kanban) Go · 129 lines
3 import (
4 "fmt"
5 "gitlab.com/leanlabsio/kanban/models"
6 "gitlab.com/leanlabsio/kanban/modules/auth"
7 "gitlab.com/leanlabsio/kanban/modules/middleware"
8 "gopkg.in/macaron.v1"
9 "log"
16 }
18 // OauthLogin logins with gitlab and get access token
19 func OauthLogin(ctx *middleware.Context, form auth.Oauth2) {
labels_controller.rb (https://gitlab.com/haleksandre/gitlab-ce) Ruby · 119 lines
twitter.md (https://gitlab.com/Stretch96/gitlab-ce) Markdown · 83 lines
9 1. Fill in the application details.
10 - Name: This can be anything. Consider something like `<Organization>'s GitLab` or `<Your Name>'s GitLab` or
11 something else descriptive.
12 - Description: Create a description.
13 - Website: The URL to your GitLab installation. `https://gitlab.example.com`
14 - Callback URL: `https://gitlab.example.com/users/auth/twitter/callback`
78 installed GitLab via Omnibus or from source respectively.
80 On the sign in page there should now be a Twitter icon below the regular sign in form. Click the icon to begin the authentication process. Twitter will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in.
82 [reconfigure]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure
83 [restart GitLab]: ../administration/restart_gitlab.md#installations-from-source
api_guard.rb (https://gitlab.com/siemens/gitlab-ce) Ruby · 173 lines
45 module HelperMethods
46 prepend_if_ee('EE::API::APIGuard::HelperMethods') # rubocop: disable Cop/InjectEnterpriseEditionModule
47 include Gitlab::Auth::AuthFinders
49 def find_current_user!
110 Gitlab::Auth::InsufficientScopeError]
112 base.__send__(:rescue_from, *error_classes, oauth2_bearer_token_error_handler) # rubocop:disable GitlabSecurity/PublicSend
113 end
115 def oauth2_bearer_token_error_handler
116 proc do |e|
117 response =
127 when Gitlab::Auth::ExpiredError
128 Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(
129 :invalid_token,
130 "Token is expired. You can either do re-authorization or token refresh.")