Merge branch 'sh-fix-broken-ldap-clones' into 'master'

Fix broken Git over HTTP clones with LDAP users Closes #50579 See merge request gitlab-org/gitlab-ce!21352

Merge branch 'sh-fix-broken-ldap-clones' into 'master'
Fix broken Git over HTTP clones with LDAP users Closes #50579 See merge request gitlab-org/gitlab-ce!21352
8b85d6bc · Alejandro Rodríguez · ef776df2 · 7486d424 · 8b85d6bc · 8b85d6bc
Commit 8b85d6bc authored Aug 22, 2018 by Alejandro Rodríguez
3 changed files
--- a/changelogs/unreleased/sh-fix-broken-ldap-clones.yml
+++ b/changelogs/unreleased/sh-fix-broken-ldap-clones.yml
+---
+title: Fix broken Git over HTTP clones with LDAP users
+merge_request: 21352
+author:
+type: fixed
--- a/lib/gitlab/auth/o_auth/provider.rb
+++ b/lib/gitlab/auth/o_auth/provider.rb
@@ -29,6 +29,7 @@ module Gitlab

        def self.enabled?(name)
          return true if name == 'database'
+          return true if self.ldap_provider?(name) && providers.include?(name.to_sym)

          Gitlab::Auth.omniauth_enabled? && providers.include?(name.to_sym)
        end

--- a/spec/lib/gitlab/auth/o_auth/provider_spec.rb
+++ b/spec/lib/gitlab/auth/o_auth/provider_spec.rb
 require 'spec_helper'

 describe Gitlab::Auth::OAuth::Provider do
+  describe '.enabled?' do
+    before do
+      allow(described_class).to receive(:providers).and_return([:ldapmain, :google_oauth2])
+    end
+
+    context 'when OmniAuth is disabled' do
+      before do
+        allow(Gitlab::Auth).to receive(:omniauth_enabled?).and_return(false)
+      end
+
+      it 'allows database auth' do
+        expect(described_class.enabled?('database')).to be_truthy
+      end
+
+      it 'allows LDAP auth' do
+        expect(described_class.enabled?('ldapmain')).to be_truthy
+      end
+
+      it 'does not allow other OmniAuth providers' do
+        expect(described_class.enabled?('google_oauth2')).to be_falsey
+      end
+    end
+
+    context 'when OmniAuth is enabled' do
+      before do
+        allow(Gitlab::Auth).to receive(:omniauth_enabled?).and_return(true)
+      end
+
+      it 'allows database auth' do
+        expect(described_class.enabled?('database')).to be_truthy
+      end
+
+      it 'allows LDAP auth' do
+        expect(described_class.enabled?('ldapmain')).to be_truthy
+      end
+
+      it 'allows other OmniAuth providers' do
+        expect(described_class.enabled?('google_oauth2')).to be_truthy
+      end
+    end
+  end
+
  describe '#config_for' do
    context 'for an LDAP provider' do
      context 'when the provider exists' do