Commit 4fcc17e6 authored by Izaak Alpert's avatar Izaak Alpert

Allows username only updates to ldap properties

-when logging in if users are allowed to login with just usernames in ldap we will update uid of the user if their uid is out of date

Conflicts:
	spec/lib/auth_spec.rb

Change-Id: Ia171b3d5133da86edc18c0d08ecfaf6a174f2574
parent 089f0000
......@@ -26,7 +26,7 @@ module Gitlab
# * When user already has account and need to link his LDAP account.
# * LDAP uid changed for user with same email and we need to update his uid
#
user = model.find_by_email(email)
user = find_user(email)
if user
user.update_attributes(extern_uid: uid, provider: provider)
......@@ -43,6 +43,15 @@ module Gitlab
user
end
def find_user(email)
if user = model.find_by_email(email)
elsif ldap_conf['allow_username_or_email_login']
uname = (email.partition('@').first) unless email.nil?
user = model.find_by_username(uname)
end
user
end
def authenticate(login, password)
# Check user against LDAP backend if user is not authenticated
# Only check with valid login and password to prevent anonymous bind results
......
require 'spec_helper'
describe Gitlab::Auth do
let(:gl_auth) { Gitlab::Auth.new }
before do
Gitlab.config.stub(omniauth: {})
@info = mock(
uid: '12djsak321',
name: 'John',
email: 'john@mail.com'
)
end
describe :find_for_ldap_auth do
before do
@auth = mock(
uid: '12djsak321',
info: @info,
provider: 'ldap'
)
end
it "should find by uid & provider" do
User.should_receive :find_by_extern_uid_and_provider
gl_auth.find_for_ldap_auth(@auth)
end
it "should update credentials by email if missing uid" do
user = double('User')
User.stub find_by_extern_uid_and_provider: nil
User.stub find_by_email: user
user.should_receive :update_attributes
gl_auth.find_for_ldap_auth(@auth)
end
it "should update credentials by username if missing uid and Gitlab.config.ldap.allow_username_or_email_login is true" do
user = double('User')
value = Gitlab.config.ldap.allow_username_or_email_login
Gitlab.config.ldap['allow_username_or_email_login'] = true
User.stub find_by_extern_uid_and_provider: nil
User.stub find_by_email: nil
User.stub find_by_username: user
user.should_receive :update_attributes
gl_auth.find_for_ldap_auth(@auth)
Gitlab.config.ldap['allow_username_or_email_login'] = value
end
it "should not update credentials by username if missing uid and Gitlab.config.ldap.allow_username_or_email_login is false" do
user = double('User')
value = Gitlab.config.ldap.allow_username_or_email_login
Gitlab.config.ldap['allow_username_or_email_login'] = false
User.stub find_by_extern_uid_and_provider: nil
User.stub find_by_email: nil
User.stub find_by_username: user
user.should_not_receive :update_attributes
gl_auth.find_for_ldap_auth(@auth)
Gitlab.config.ldap['allow_username_or_email_login'] = value
end
it "should create from auth if user does not exist"do
User.stub find_by_extern_uid_and_provider: nil
User.stub find_by_email: nil
gl_auth.should_receive :create_from_omniauth
gl_auth.find_for_ldap_auth(@auth)
end
end
describe :find_or_new_for_omniauth do
before do
@auth = mock(
info: @info,
provider: 'twitter',
uid: '12djsak321',
)
end
it "should find user"do
User.should_receive :find_by_provider_and_extern_uid
gl_auth.should_not_receive :create_from_omniauth
gl_auth.find_or_new_for_omniauth(@auth)
end
it "should not create user"do
User.stub find_by_provider_and_extern_uid: nil
gl_auth.should_not_receive :create_from_omniauth
gl_auth.find_or_new_for_omniauth(@auth)
end
it "should create user if single_sing_on"do
Gitlab.config.omniauth['allow_single_sign_on'] = true
User.stub find_by_provider_and_extern_uid: nil
gl_auth.should_receive :create_from_omniauth
gl_auth.find_or_new_for_omniauth(@auth)
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment