Commit 71559a5f authored by Jacob Vosmaer's avatar Jacob Vosmaer

Merge branch 'ldap-person-fix-7-12' into '7-12-stable'

"Fix behavior of ldap_person method in Gitlab::OAuth::User" for 7.12

See !837

See merge request !840
parents a3d98ab2 a95a3f41
...@@ -87,12 +87,13 @@ module Gitlab ...@@ -87,12 +87,13 @@ module Gitlab
def ldap_person def ldap_person
return @ldap_person if defined?(@ldap_person) return @ldap_person if defined?(@ldap_person)
# looks for a corresponding person with same uid in any of the configured LDAP providers # Look for a corresponding person with same uid in any of the configured LDAP providers
@ldap_person = Gitlab::LDAP::Config.providers.find do |provider| Gitlab::LDAP::Config.providers.each do |provider|
adapter = Gitlab::LDAP::Adapter.new(provider) adapter = Gitlab::LDAP::Adapter.new(provider)
@ldap_person = Gitlab::LDAP::Person.find_by_uid(auth_hash.uid, adapter)
Gitlab::LDAP::Person.find_by_uid(auth_hash.uid, adapter) break if @ldap_person
end end
@ldap_person
end end
def ldap_config def ldap_config
......
...@@ -62,55 +62,65 @@ describe Gitlab::OAuth::User do ...@@ -62,55 +62,65 @@ describe Gitlab::OAuth::User do
context "with auto_link_ldap_user enabled" do context "with auto_link_ldap_user enabled" do
before { Gitlab.config.omniauth.stub auto_link_ldap_user: true } before { Gitlab.config.omniauth.stub auto_link_ldap_user: true }
context "and a corresponding LDAP person" do context "and no LDAP provider defined" do
before do before { allow(Gitlab::LDAP::Config).to receive(:providers).and_return([]) }
ldap_user.stub(:uid) { uid }
ldap_user.stub(:username) { uid } include_examples "to verify compliance with allow_single_sign_on"
ldap_user.stub(:email) { ['johndoe@example.com','john2@example.com'] } end
ldap_user.stub(:dn) { 'uid=user1,ou=People,dc=example' }
allow(oauth_user).to receive(:ldap_person).and_return(ldap_user) context "and at least one LDAP provider is defined" do
end before { allow(Gitlab::LDAP::Config).to receive(:providers).and_return(['ldapmain']) }
context "and no account for the LDAP user" do context "and a corresponding LDAP person" do
before do
it "creates a user with dual LDAP and omniauth identities" do ldap_user.stub(:uid) { uid }
oauth_user.save ldap_user.stub(:username) { uid }
ldap_user.stub(:email) { ['johndoe@example.com','john2@example.com'] }
expect(gl_user).to be_valid ldap_user.stub(:dn) { 'uid=user1,ou=People,dc=example' }
expect(gl_user.username).to eql uid allow(Gitlab::LDAP::Person).to receive(:find_by_uid).and_return(ldap_user)
expect(gl_user.email).to eql 'johndoe@example.com'
expect(gl_user.identities.length).to eql 2
identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } }
expect(identities_as_hash).to match_array(
[ { provider: 'ldapmain', extern_uid: 'uid=user1,ou=People,dc=example' },
{ provider: 'twitter', extern_uid: uid }
])
end end
end
context "and no account for the LDAP user" do
context "and LDAP user has an account already" do
let!(:existing_user) { create(:omniauth_user, email: 'john@example.com', extern_uid: 'uid=user1,ou=People,dc=example', provider: 'ldapmain', username: 'john') } it "creates a user with dual LDAP and omniauth identities" do
it "adds the omniauth identity to the LDAP account" do oauth_user.save
oauth_user.save
expect(gl_user).to be_valid
expect(gl_user).to be_valid expect(gl_user.username).to eql uid
expect(gl_user.username).to eql 'john' expect(gl_user.email).to eql 'johndoe@example.com'
expect(gl_user.email).to eql 'john@example.com' expect(gl_user.identities.length).to eql 2
expect(gl_user.identities.length).to eql 2 identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } }
identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } } expect(identities_as_hash).to match_array(
expect(identities_as_hash).to match_array( [ { provider: 'ldapmain', extern_uid: 'uid=user1,ou=People,dc=example' },
[ { provider: 'ldapmain', extern_uid: 'uid=user1,ou=People,dc=example' }, { provider: 'twitter', extern_uid: uid }
{ provider: 'twitter', extern_uid: uid } ])
]) end
end
context "and LDAP user has an account already" do
let!(:existing_user) { create(:omniauth_user, email: 'john@example.com', extern_uid: 'uid=user1,ou=People,dc=example', provider: 'ldapmain', username: 'john') }
it "adds the omniauth identity to the LDAP account" do
oauth_user.save
expect(gl_user).to be_valid
expect(gl_user.username).to eql 'john'
expect(gl_user.email).to eql 'john@example.com'
expect(gl_user.identities.length).to eql 2
identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } }
expect(identities_as_hash).to match_array(
[ { provider: 'ldapmain', extern_uid: 'uid=user1,ou=People,dc=example' },
{ provider: 'twitter', extern_uid: uid }
])
end
end end
end end
end
context "and no corresponding LDAP person" do
context "and no corresponding LDAP person" do before { allow(Gitlab::LDAP::Person).to receive(:find_by_uid).and_return(nil) }
before { allow(oauth_user).to receive(:ldap_person).and_return(nil) }
include_examples "to verify compliance with allow_single_sign_on"
include_examples "to verify compliance with allow_single_sign_on" end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment