Commit 0630be3828998af1261b87ae85b42c0ef9a439ed
Exists in
master
and in
4 other branches
Merge pull request #5063 from karlhungus/feature-allow-ldap-update-with-username
Allows username only updates to ldap properties
Showing
3 changed files
with
72 additions
and
2 deletions
Show diff stats
lib/gitlab/ldap/user.rb
| @@ -26,7 +26,7 @@ module Gitlab | @@ -26,7 +26,7 @@ module Gitlab | ||
| 26 | # * When user already has account and need to link his LDAP account. | 26 | # * When user already has account and need to link his LDAP account. |
| 27 | # * LDAP uid changed for user with same email and we need to update his uid | 27 | # * LDAP uid changed for user with same email and we need to update his uid |
| 28 | # | 28 | # |
| 29 | - user = model.find_by_email(email) | 29 | + user = find_user(email) |
| 30 | 30 | ||
| 31 | if user | 31 | if user |
| 32 | user.update_attributes(extern_uid: uid, provider: provider) | 32 | user.update_attributes(extern_uid: uid, provider: provider) |
| @@ -43,6 +43,19 @@ module Gitlab | @@ -43,6 +43,19 @@ module Gitlab | ||
| 43 | user | 43 | user |
| 44 | end | 44 | end |
| 45 | 45 | ||
| 46 | + def find_user(email) | ||
| 47 | + user = model.find_by_email(email) | ||
| 48 | + | ||
| 49 | + # If no user found and allow_username_or_email_login is true | ||
| 50 | + # we look for user by extracting part of his email | ||
| 51 | + if !user && email && ldap_conf['allow_username_or_email_login'] | ||
| 52 | + uname = email.partition('@').first | ||
| 53 | + user = model.find_by_username(uname) | ||
| 54 | + end | ||
| 55 | + | ||
| 56 | + user | ||
| 57 | + end | ||
| 58 | + | ||
| 46 | def authenticate(login, password) | 59 | def authenticate(login, password) |
| 47 | # Check user against LDAP backend if user is not authenticated | 60 | # Check user against LDAP backend if user is not authenticated |
| 48 | # Only check with valid login and password to prevent anonymous bind results | 61 | # Only check with valid login and password to prevent anonymous bind results |
| @@ -0,0 +1,57 @@ | @@ -0,0 +1,57 @@ | ||
| 1 | +require 'spec_helper' | ||
| 2 | + | ||
| 3 | +describe Gitlab::LDAP do | ||
| 4 | + let(:gl_auth) { Gitlab::LDAP::User } | ||
| 5 | + | ||
| 6 | + before do | ||
| 7 | + Gitlab.config.stub(omniauth: {}) | ||
| 8 | + | ||
| 9 | + @info = mock( | ||
| 10 | + uid: '12djsak321', | ||
| 11 | + name: 'John', | ||
| 12 | + email: 'john@mail.com' | ||
| 13 | + ) | ||
| 14 | + end | ||
| 15 | + | ||
| 16 | + describe :find_for_ldap_auth do | ||
| 17 | + before do | ||
| 18 | + @auth = mock( | ||
| 19 | + uid: '12djsak321', | ||
| 20 | + info: @info, | ||
| 21 | + provider: 'ldap' | ||
| 22 | + ) | ||
| 23 | + end | ||
| 24 | + | ||
| 25 | + it "should update credentials by email if missing uid" do | ||
| 26 | + user = double('User') | ||
| 27 | + User.stub find_by_extern_uid_and_provider: nil | ||
| 28 | + User.stub find_by_email: user | ||
| 29 | + user.should_receive :update_attributes | ||
| 30 | + gl_auth.find_or_create(@auth) | ||
| 31 | + end | ||
| 32 | + | ||
| 33 | + it "should update credentials by username if missing uid and Gitlab.config.ldap.allow_username_or_email_login is true" do | ||
| 34 | + user = double('User') | ||
| 35 | + value = Gitlab.config.ldap.allow_username_or_email_login | ||
| 36 | + Gitlab.config.ldap['allow_username_or_email_login'] = true | ||
| 37 | + User.stub find_by_extern_uid_and_provider: nil | ||
| 38 | + User.stub find_by_email: nil | ||
| 39 | + User.stub find_by_username: user | ||
| 40 | + user.should_receive :update_attributes | ||
| 41 | + gl_auth.find_or_create(@auth) | ||
| 42 | + Gitlab.config.ldap['allow_username_or_email_login'] = value | ||
| 43 | + end | ||
| 44 | + | ||
| 45 | + it "should not update credentials by username if missing uid and Gitlab.config.ldap.allow_username_or_email_login is false" do | ||
| 46 | + user = double('User') | ||
| 47 | + value = Gitlab.config.ldap.allow_username_or_email_login | ||
| 48 | + Gitlab.config.ldap['allow_username_or_email_login'] = false | ||
| 49 | + User.stub find_by_extern_uid_and_provider: nil | ||
| 50 | + User.stub find_by_email: nil | ||
| 51 | + User.stub find_by_username: user | ||
| 52 | + user.should_not_receive :update_attributes | ||
| 53 | + gl_auth.find_or_create(@auth) | ||
| 54 | + Gitlab.config.ldap['allow_username_or_email_login'] = value | ||
| 55 | + end | ||
| 56 | + end | ||
| 57 | +end |
spec/models/user_spec.rb
| @@ -233,7 +233,7 @@ describe User do | @@ -233,7 +233,7 @@ describe User do | ||
| 233 | it "should apply defaults to user" do | 233 | it "should apply defaults to user" do |
| 234 | Gitlab.config.gitlab.default_projects_limit.should_not == 123 | 234 | Gitlab.config.gitlab.default_projects_limit.should_not == 123 |
| 235 | Gitlab.config.gitlab.default_can_create_group.should_not be_true | 235 | Gitlab.config.gitlab.default_can_create_group.should_not be_true |
| 236 | - Gitlab.config.gitlab.default_theme.should_not == Gitlab::Theme::MARS | 236 | + Gitlab.config.gitlab.default_theme.should_not == Gitlab::Theme::BASIC |
| 237 | user.projects_limit.should == 123 | 237 | user.projects_limit.should == 123 |
| 238 | user.can_create_group.should be_true | 238 | user.can_create_group.should be_true |
| 239 | user.theme_id.should == Gitlab::Theme::BASIC | 239 | user.theme_id.should == Gitlab::Theme::BASIC |