Admin user identities tab should gracefully handle missing/removed providers
The admin area user's identity tab should gracefully handle when an LDAP (or any other) provider is no longer configured in gitlab.yml
. In this case, we can probably simply titleize the provider name we have in the identity itself and add a (Missing)
or similar label to note that it's no longer configured.
Removing the identities from the database is out of scope for this issue. Administrators may temporarily disable a provider for a number of reasons and it would be surprising if we removed the identities from the database as next startup or some other time. We could probably offer a Rake task or some admin area option to purge identities from the database if the provider is no longer configured, but that's for another issue.
Original description
Overview
When we have LDAP enabled for basic authentication we create an identity
with the ldap provider (e.g ldapmain
) on each user that logs in. If we disable LDAP by removing the gitlab_rails['ldap_servers']
block and setting gitlab_rails['ldap_enabled'] = false
users identities still exist.
Problem
When viewing the users identities in the admin dashboard we try and load the LDAP identity that we have no providers for. The result is an exception.
ActionView::Template::Error (Unknown provider (ldapmain). Available providers: [nil]):
1: %tr
2: %td
3: = "#{Gitlab::OAuth::Provider.label_for(identity.provider)} (#{identity.provider})"
4: %td
5: = identity.extern_uid
Reproduce
- Create a user and login via LDAP
- Disable LDAP authentication by removing the
ldap_servers
block - Try and view the users identities via the admin dashboard.
Workaround
Manually destroy the LDAP identities after disabling LDAP.
sudo gitlab-rails console
Identity.where(provider: 'ldapmain').each { |i| i.destroy }