Test authenticate method for Gitlab::LDAP::User

parent f27830fa
...@@ -41,17 +41,8 @@ module Gitlab ...@@ -41,17 +41,8 @@ module Gitlab
# Only check with valid login and password to prevent anonymous bind results # Only check with valid login and password to prevent anonymous bind results
return nil unless ldap_conf.enabled && login.present? && password.present? return nil unless ldap_conf.enabled && login.present? && password.present?
ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf) ldap_user = adapter.bind_as(
filter = Net::LDAP::Filter.eq(ldap.uid, login) filter: user_filter(login),
# Apply LDAP user filter if present
if ldap_conf['user_filter'].present?
user_filter = Net::LDAP::Filter.construct(ldap_conf['user_filter'])
filter = Net::LDAP::Filter.join(filter, user_filter)
end
ldap_user = ldap.bind_as(
filter: filter,
size: 1, size: 1,
password: password password: password
) )
...@@ -59,6 +50,10 @@ module Gitlab ...@@ -59,6 +50,10 @@ module Gitlab
find_by_uid(ldap_user.dn) if ldap_user find_by_uid(ldap_user.dn) if ldap_user
end end
def adapter
@adapter ||= OmniAuth::LDAP::Adaptor.new(ldap_conf)
end
protected protected
def find_by_uid_and_provider def find_by_uid_and_provider
...@@ -81,6 +76,16 @@ module Gitlab ...@@ -81,6 +76,16 @@ module Gitlab
def ldap_conf def ldap_conf
Gitlab.config.ldap Gitlab.config.ldap
end end
def user_filter(login)
filter = Net::LDAP::Filter.eq(adapter.uid, login)
# Apply LDAP user filter if present
if ldap_conf['user_filter'].present?
user_filter = Net::LDAP::Filter.construct(ldap_conf['user_filter'])
filter = Net::LDAP::Filter.join(filter, user_filter)
end
filter
end
end end
def needs_blocking? def needs_blocking?
......
...@@ -35,4 +35,20 @@ describe Gitlab::LDAP::User do ...@@ -35,4 +35,20 @@ describe Gitlab::LDAP::User do
expect{ gl_user.find_or_create(auth) }.to change{ User.count }.by(1) expect{ gl_user.find_or_create(auth) }.to change{ User.count }.by(1)
end end
end end
describe "authenticate" do
let(:login) { 'john' }
let(:password) { 'my-secret' }
before {
Gitlab.config.ldap['enabled'] = true
Gitlab.config.ldap['user_filter'] = 'employeeType=developer'
}
after { Gitlab.config.ldap['enabled'] = false }
it "send an authentication request to ldap" do
expect( Gitlab::LDAP::User.adapter ).to receive(:bind_as)
Gitlab::LDAP::User.authenticate(login, password)
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment