Fix admin mode when authenticating with LDAP

When users reauthenticate to enable admin mode, and are signing
in with an external authentication provider such as LDAP, we need
to use a case-insensitive, normalized lookup of the user identity.
This changes the match identity method in the user model to use
the existing scope which normalizes the uid and does a case-insensitive
lookup.

Changelog: changed

app/models/user.rb

@@ -1230,7 +1230,7 @@ class User < ApplicationRecord
   end
 
   def matches_identity?(provider, extern_uid)
-    identities.where(provider: provider, extern_uid: extern_uid).exists?
+    identities.with_extern_uid(provider, extern_uid).exists?
   end
 
   def project_deploy_keys

spec/models/user_spec.rb

@@ -2812,6 +2812,14 @@ RSpec.describe User do
       end
     end
 
+    describe '#matches_identity?' do
+      it 'finds the identity when the DN is formatted differently' do
+        user = create(:omniauth_user, provider: 'ldapmain', extern_uid: 'uid=john smith,ou=people,dc=example,dc=com')
+
+        expect(user.matches_identity?('ldapmain', 'uid=John Smith, ou=People, dc=example, dc=com')).to eq(true)
+      end
+    end
+
     describe '#ldap_block' do
       let(:user) { create(:omniauth_user, provider: 'ldapmain', name: 'John Smith') }