Commit 0630be38 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge pull request #5063 from karlhungus/feature-allow-ldap-update-with-username

Allows username only updates to ldap properties
parents 089f0000 8a8123a3
...@@ -26,7 +26,7 @@ module Gitlab ...@@ -26,7 +26,7 @@ module Gitlab
# * When user already has account and need to link his LDAP account. # * When user already has account and need to link his LDAP account.
# * LDAP uid changed for user with same email and we need to update his uid # * LDAP uid changed for user with same email and we need to update his uid
# #
user = model.find_by_email(email) user = find_user(email)
if user if user
user.update_attributes(extern_uid: uid, provider: provider) user.update_attributes(extern_uid: uid, provider: provider)
...@@ -43,6 +43,19 @@ module Gitlab ...@@ -43,6 +43,19 @@ module Gitlab
user user
end end
def find_user(email)
user = model.find_by_email(email)
# If no user found and allow_username_or_email_login is true
# we look for user by extracting part of his email
if !user && email && ldap_conf['allow_username_or_email_login']
uname = email.partition('@').first
user = model.find_by_username(uname)
end
user
end
def authenticate(login, password) def authenticate(login, password)
# Check user against LDAP backend if user is not authenticated # Check user against LDAP backend if user is not authenticated
# Only check with valid login and password to prevent anonymous bind results # Only check with valid login and password to prevent anonymous bind results
......
require 'spec_helper'
describe Gitlab::LDAP do
let(:gl_auth) { Gitlab::LDAP::User }
before do
Gitlab.config.stub(omniauth: {})
@info = mock(
uid: '12djsak321',
name: 'John',
email: 'john@mail.com'
)
end
describe :find_for_ldap_auth do
before do
@auth = mock(
uid: '12djsak321',
info: @info,
provider: 'ldap'
)
end
it "should update credentials by email if missing uid" do
user = double('User')
User.stub find_by_extern_uid_and_provider: nil
User.stub find_by_email: user
user.should_receive :update_attributes
gl_auth.find_or_create(@auth)
end
it "should update credentials by username if missing uid and Gitlab.config.ldap.allow_username_or_email_login is true" do
user = double('User')
value = Gitlab.config.ldap.allow_username_or_email_login
Gitlab.config.ldap['allow_username_or_email_login'] = true
User.stub find_by_extern_uid_and_provider: nil
User.stub find_by_email: nil
User.stub find_by_username: user
user.should_receive :update_attributes
gl_auth.find_or_create(@auth)
Gitlab.config.ldap['allow_username_or_email_login'] = value
end
it "should not update credentials by username if missing uid and Gitlab.config.ldap.allow_username_or_email_login is false" do
user = double('User')
value = Gitlab.config.ldap.allow_username_or_email_login
Gitlab.config.ldap['allow_username_or_email_login'] = false
User.stub find_by_extern_uid_and_provider: nil
User.stub find_by_email: nil
User.stub find_by_username: user
user.should_not_receive :update_attributes
gl_auth.find_or_create(@auth)
Gitlab.config.ldap['allow_username_or_email_login'] = value
end
end
end
...@@ -233,7 +233,7 @@ describe User do ...@@ -233,7 +233,7 @@ describe User do
it "should apply defaults to user" do it "should apply defaults to user" do
Gitlab.config.gitlab.default_projects_limit.should_not == 123 Gitlab.config.gitlab.default_projects_limit.should_not == 123
Gitlab.config.gitlab.default_can_create_group.should_not be_true Gitlab.config.gitlab.default_can_create_group.should_not be_true
Gitlab.config.gitlab.default_theme.should_not == Gitlab::Theme::MARS Gitlab.config.gitlab.default_theme.should_not == Gitlab::Theme::BASIC
user.projects_limit.should == 123 user.projects_limit.should == 123
user.can_create_group.should be_true user.can_create_group.should be_true
user.theme_id.should == Gitlab::Theme::BASIC user.theme_id.should == Gitlab::Theme::BASIC
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment