Fix failed LDAP logins when nil user_id present (!24749) · Merge requests · GitLab.org / GitLab FOSS

Stan Hu requested to merge sh-disable-nil-user-id-identity-validation into master Jan 29, 2019

When a LDAP user signs in the for the first time and if there is an Identity object with user_id of nil, new users will not be able to be register until that entry is cleared because of the way identities are created:

First, the User object is built but not saved, so it has no id.
Then, user.identities.build(provider: 'ldapmain') is called, but it does not have an associated user_id either.
User#save is called, but the Identity validation fails if an existing entry with user_id of nil already exists.

The uniqueness validation for nil values doesn't make any sense in this case. We should be enforcing this at the database level with a foreign key constraint. To work around the issue we can validate against the user instead, which does the right thing even when the user isn't saved yet.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56734

Edited Jan 29, 2019 by Stan Hu

Fix failed LDAP logins when nil user_id present

Merge request reports