Commit 2fec9ba3 authored by James Edwards-Jones's avatar James Edwards-Jones

Group SAML strips LRM chars from ADFS cert fingerprint

parent 63b15013
...@@ -21,6 +21,10 @@ class SamlProvider < ActiveRecord::Base ...@@ -21,6 +21,10 @@ class SamlProvider < ActiveRecord::Base
NAME_IDENTIFIER_FORMAT NAME_IDENTIFIER_FORMAT
end end
def certificate_fingerprint=(value)
super(strip_left_to_right_chars(value))
end
def settings def settings
{ {
assertion_consumer_service_url: assertion_consumer_service_url, assertion_consumer_service_url: assertion_consumer_service_url,
...@@ -44,4 +48,8 @@ class SamlProvider < ActiveRecord::Base ...@@ -44,4 +48,8 @@ class SamlProvider < ActiveRecord::Base
def host def host
@host ||= Gitlab.config.gitlab.url @host ||= Gitlab.config.gitlab.url
end end
def strip_left_to_right_chars(input)
input&.gsub(/[\u200E]/, '')
end
end end
---
title: Per-Group SAML (for GitLab.com) strips LRM chars from ADFS certificate fingerprints
merge_request: 5466
author:
type: fixed
...@@ -29,6 +29,10 @@ describe SamlProvider do ...@@ -29,6 +29,10 @@ describe SamlProvider do
expect(subject).not_to allow_value(invalid_characters).for(:certificate_fingerprint) expect(subject).not_to allow_value(invalid_characters).for(:certificate_fingerprint)
end end
it 'strips left-to-right marks from certificate_fingerprint' do
expect(subject).to allow_value("\u200E00 00 30 ED C2 85 E0 1D 6B 5E A3 30 10 A7 9A DD 14 2F 50 04‎").for(:certificate_fingerprint)
end
it 'requires group to be top-level' do it 'requires group to be top-level' do
group = create(:group) group = create(:group)
nested_group = create(:group, :nested) nested_group = create(:group, :nested)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment