Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
d6dc088a
Commit
d6dc088a
authored
9 years ago
by
Gabriel Mazetto
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
LDAP synchronization block/unblock new states
parent
6e7db8e2
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
17 additions
and
23 deletions
+17
-23
lib/gitlab/ldap/access.rb
lib/gitlab/ldap/access.rb
+3
-3
spec/lib/gitlab/ldap/access_spec.rb
spec/lib/gitlab/ldap/access_spec.rb
+14
-20
No files found.
lib/gitlab/ldap/access.rb
View file @
d6dc088a
...
...
@@ -37,15 +37,15 @@ module Gitlab
# Block user in GitLab if he/she was blocked in AD
if
Gitlab
::
LDAP
::
Person
.
disabled_via_active_directory?
(
user
.
ldap_identity
.
extern_uid
,
adapter
)
user
.
block
user
.
ldap_
block
false
else
user
.
activate
if
user
.
blocked?
&&
!
ldap_config
.
block_auto_created_users
user
.
activate
if
(
user
.
blocked?
&&
!
ldap_config
.
block_auto_created_users
)
||
user
.
ldap_blocked?
true
end
else
# Block the user if they no longer exist in LDAP/AD
user
.
block
user
.
ldap_block
false
end
rescue
...
...
This diff is collapsed.
Click to expand it.
spec/lib/gitlab/ldap/access_spec.rb
View file @
d6dc088a
...
...
@@ -13,64 +13,59 @@ describe Gitlab::LDAP::Access, lib: true do
end
it
{
is_expected
.
to
be_falsey
}
it
'should block user in GitLab'
do
access
.
allowed?
expect
(
user
).
to
be_blocked
expect
(
user
).
to
be_ldap_blocked
end
end
context
'when the user is found'
do
before
do
allow
(
Gitlab
::
LDAP
::
Person
).
to
receive
(
:find_by_dn
).
and_return
(
:ldap_user
)
allow
(
Gitlab
::
LDAP
::
Person
).
to
receive
(
:find_by_dn
).
and_return
(
:ldap_user
)
end
context
'and the user is disabled via active directory'
do
before
do
allow
(
Gitlab
::
LDAP
::
Person
).
to
receive
(
:disabled_via_active_directory?
).
and_return
(
true
)
allow
(
Gitlab
::
LDAP
::
Person
).
to
receive
(
:disabled_via_active_directory?
).
and_return
(
true
)
end
it
{
is_expected
.
to
be_falsey
}
it
"should block user in GitLab"
do
it
'should block user in GitLab'
do
access
.
allowed?
expect
(
user
).
to
be_blocked
expect
(
user
).
to
be_ldap_blocked
end
end
context
'and has no disabled flag in active diretory'
do
before
do
user
.
block
allow
(
Gitlab
::
LDAP
::
Person
).
to
receive
(
:disabled_via_active_directory?
).
and_return
(
false
)
allow
(
Gitlab
::
LDAP
::
Person
).
to
receive
(
:disabled_via_active_directory?
).
and_return
(
false
)
end
it
{
is_expected
.
to
be_truthy
}
context
'when auto-created users are blocked'
do
before
do
allow_any_instance_of
(
Gitlab
::
LDAP
::
Config
).
to
receive
(
:block_auto_created_users
).
and_return
(
true
)
allow_any_instance_of
(
Gitlab
::
LDAP
::
Config
).
to
receive
(
:block_auto_created_users
).
and_return
(
true
)
end
it
"does not unblock user in GitLab"
do
it
'does not unblock user in GitLab'
do
access
.
allowed?
expect
(
user
).
to
be_blocked
expect
(
user
).
not_to
be_ldap_blocked
# this block is handled by omniauth not by our internal logic
end
end
context
"when auto-created users are not blocked"
do
context
'when auto-created users are not blocked'
do
before
do
allow_any_instance_of
(
Gitlab
::
LDAP
::
Config
).
to
receive
(
:block_auto_created_users
).
and_return
(
false
)
allow_any_instance_of
(
Gitlab
::
LDAP
::
Config
).
to
receive
(
:block_auto_created_users
).
and_return
(
false
)
end
it
"should unblock user in GitLab"
do
it
'should unblock user in GitLab'
do
access
.
allowed?
expect
(
user
).
not_to
be_blocked
end
...
...
@@ -80,8 +75,7 @@ describe Gitlab::LDAP::Access, lib: true do
context
'without ActiveDirectory enabled'
do
before
do
allow
(
Gitlab
::
LDAP
::
Config
).
to
receive
(
:enabled?
).
and_return
(
true
)
allow_any_instance_of
(
Gitlab
::
LDAP
::
Config
).
to
receive
(
:active_directory
).
and_return
(
false
)
allow_any_instance_of
(
Gitlab
::
LDAP
::
Config
).
to
receive
(
:active_directory
).
and_return
(
false
)
end
it
{
is_expected
.
to
be_truthy
}
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment