Commit 7486d424 authored by Stan Hu's avatar Stan Hu 🔴

Fix broken Git over HTTP clones with LDAP users

Due to a regression in !20608, the LDAP authenticator was not being used
unless OmniAuth was enabled. This change allows the LDAP provider to be used
if it is configured regardless of the OmniAuth setting.

Closes #50579
parent 0e9dc23d
Pipeline #28471917 passed with stages
in 38 minutes and 50 seconds
---
title: Fix broken Git over HTTP clones with LDAP users
merge_request: 21352
author:
type: fixed
......@@ -29,6 +29,7 @@ module Gitlab
def self.enabled?(name)
return true if name == 'database'
return true if self.ldap_provider?(name) && providers.include?(name.to_sym)
Gitlab::Auth.omniauth_enabled? && providers.include?(name.to_sym)
end
......
require 'spec_helper'
describe Gitlab::Auth::OAuth::Provider do
describe '.enabled?' do
before do
allow(described_class).to receive(:providers).and_return([:ldapmain, :google_oauth2])
end
context 'when OmniAuth is disabled' do
before do
allow(Gitlab::Auth).to receive(:omniauth_enabled?).and_return(false)
end
it 'allows database auth' do
expect(described_class.enabled?('database')).to be_truthy
end
it 'allows LDAP auth' do
expect(described_class.enabled?('ldapmain')).to be_truthy
end
it 'does not allow other OmniAuth providers' do
expect(described_class.enabled?('google_oauth2')).to be_falsey
end
end
context 'when OmniAuth is enabled' do
before do
allow(Gitlab::Auth).to receive(:omniauth_enabled?).and_return(true)
end
it 'allows database auth' do
expect(described_class.enabled?('database')).to be_truthy
end
it 'allows LDAP auth' do
expect(described_class.enabled?('ldapmain')).to be_truthy
end
it 'allows other OmniAuth providers' do
expect(described_class.enabled?('google_oauth2')).to be_truthy
end
end
end
describe '#config_for' do
context 'for an LDAP provider' do
context 'when the provider exists' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment