• Stan Hu's avatar
    Fix failed LDAP logins when nil user_id present · ab4aba70
    Stan Hu authored
    When a LDAP user signs in the for the first time and if there
    is an `Identity` object with `user_id` of `nil`, new users
    will not be able to be register until that entry is cleared
    because of the way identities are created:
    
    1. First, the User object is built but not saved, so it has no `id`.
    2. Then, `user.identities.build(provider: 'ldapmain')` is called,
       but it does not have an associated `user_id` as a result.
    3. `User#save` is called, but the `Identity` validation fails if an
       existing entry with `user_id` of `nil` already exists.
    
    The uniqueness validation for `nil` values doesn't make any sense in
    this case. We should be enforcing this at the database level with a
    foreign key constraint. To work around the issue we can validate
    against the user instead, which does the right thing even when
    the user isn't saved yet.
    
    Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56734
    ab4aba70
sh-disable-nil-user-id-identity-validation.yml 100 Bytes