Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
7d017926
Commit
7d017926
authored
Mar 26, 2018
by
Horatiu Eugen Vlad
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix LDAP login without user in DB
parent
391732a2
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
28 additions
and
22 deletions
+28
-22
changelogs/unreleased/44608-Cloning-a-repository-over-HTTPS-with-LDAP-credentials-causes-a-HTTP-401-Access-denied.yml
...with-LDAP-credentials-causes-a-HTTP-401-Access-denied.yml
+5
-0
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+5
-1
lib/gitlab/auth/database/authentication.rb
lib/gitlab/auth/database/authentication.rb
+1
-1
lib/gitlab/auth/ldap/authentication.rb
lib/gitlab/auth/ldap/authentication.rb
+6
-16
lib/gitlab/auth/o_auth/authentication.rb
lib/gitlab/auth/o_auth/authentication.rb
+1
-0
spec/lib/gitlab/auth_spec.rb
spec/lib/gitlab/auth_spec.rb
+10
-4
No files found.
changelogs/unreleased/44608-Cloning-a-repository-over-HTTPS-with-LDAP-credentials-causes-a-HTTP-401-Access-denied.yml
0 → 100644
View file @
7d017926
---
title
:
'
Cloning
a
repository
over
HTTPS
with
LDAP
credentials
causes
a
HTTP
401
Access
denied'
merge_request
:
!17988
author
:
Horatiu Eugen Vlad
type
:
fixed
lib/gitlab/auth.rb
View file @
7d017926
...
@@ -69,7 +69,11 @@ module Gitlab
...
@@ -69,7 +69,11 @@ module Gitlab
authenticators
.
compact!
authenticators
.
compact!
user
if
authenticators
.
find
{
|
auth
|
auth
.
login
(
login
,
password
)
}
# return found user that was authenticated first for given login credentials
authenticators
.
find
do
|
auth
|
authenticated_user
=
auth
.
login
(
login
,
password
)
break
authenticated_user
if
authenticated_user
end
end
end
end
end
...
...
lib/gitlab/auth/database/authentication.rb
View file @
7d017926
...
@@ -8,7 +8,7 @@ module Gitlab
...
@@ -8,7 +8,7 @@ module Gitlab
def
login
(
login
,
password
)
def
login
(
login
,
password
)
return
false
unless
Gitlab
::
CurrentSettings
.
password_authentication_enabled_for_git?
return
false
unless
Gitlab
::
CurrentSettings
.
password_authentication_enabled_for_git?
user
&
.
valid_password?
(
password
)
return
user
if
user
&
.
valid_password?
(
password
)
end
end
end
end
end
end
...
...
lib/gitlab/auth/ldap/authentication.rb
View file @
7d017926
...
@@ -12,30 +12,26 @@ module Gitlab
...
@@ -12,30 +12,26 @@ module Gitlab
return
unless
Gitlab
::
Auth
::
LDAP
::
Config
.
enabled?
return
unless
Gitlab
::
Auth
::
LDAP
::
Config
.
enabled?
return
unless
login
.
present?
&&
password
.
present?
return
unless
login
.
present?
&&
password
.
present?
auth
=
nil
# return found user that was authenticated by first provider for given login credentials
# loop through providers until valid bind
providers
.
find
do
|
provider
|
providers
.
find
do
|
provider
|
auth
=
new
(
provider
)
auth
=
new
(
provider
)
auth
.
login
(
login
,
password
)
# true will exit the loop
break
auth
.
user
if
auth
.
login
(
login
,
password
)
# true will exit the loop
end
end
# If (login, password) was invalid for all providers, the value of auth is now the last
# Gitlab::Auth::LDAP::Authentication instance we tried.
auth
.
user
end
end
def
self
.
providers
def
self
.
providers
Gitlab
::
Auth
::
LDAP
::
Config
.
providers
Gitlab
::
Auth
::
LDAP
::
Config
.
providers
end
end
attr_accessor
:ldap_user
def
login
(
login
,
password
)
def
login
(
login
,
password
)
@ldap_user
=
adapter
.
bind_as
(
result
=
adapter
.
bind_as
(
filter:
user_filter
(
login
),
filter:
user_filter
(
login
),
size:
1
,
size:
1
,
password:
password
password:
password
)
)
return
unless
result
@user
=
Gitlab
::
Auth
::
LDAP
::
User
.
find_by_uid_and_provider
(
result
.
dn
,
provider
)
end
end
def
adapter
def
adapter
...
@@ -56,12 +52,6 @@ module Gitlab
...
@@ -56,12 +52,6 @@ module Gitlab
filter
filter
end
end
def
user
return
unless
ldap_user
Gitlab
::
Auth
::
LDAP
::
User
.
find_by_uid_and_provider
(
ldap_user
.
dn
,
provider
)
end
end
end
end
end
end
end
...
...
lib/gitlab/auth/o_auth/authentication.rb
View file @
7d017926
...
@@ -12,6 +12,7 @@ module Gitlab
...
@@ -12,6 +12,7 @@ module Gitlab
@user
=
user
@user
=
user
end
end
# Implementation must return user object if login successful
def
login
(
login
,
password
)
def
login
(
login
,
password
)
raise
NotImplementedError
raise
NotImplementedError
end
end
...
...
spec/lib/gitlab/auth_spec.rb
View file @
7d017926
...
@@ -315,13 +315,19 @@ describe Gitlab::Auth do
...
@@ -315,13 +315,19 @@ describe Gitlab::Auth do
it
"tries to autheticate with db before ldap"
do
it
"tries to autheticate with db before ldap"
do
expect
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
not_to
receive
(
:login
)
expect
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
not_to
receive
(
:login
)
gl_auth
.
find_with_user_password
(
username
,
password
)
expect
(
gl_auth
.
find_with_user_password
(
username
,
password
)).
to
eq
(
user
)
end
it
"does not find user by using ldap as fallback to for authentication"
do
expect
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
to
receive
(
:login
).
and_return
(
nil
)
expect
(
gl_auth
.
find_with_user_password
(
'ldap_user'
,
'password'
)).
to
be_nil
end
end
it
"
uses
ldap as fallback to for authentication"
do
it
"
find new user by using
ldap as fallback to for authentication"
do
expect
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
to
receive
(
:login
)
expect
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
to
receive
(
:login
)
.
and_return
(
user
)
gl_auth
.
find_with_user_password
(
'ldap_user'
,
'password'
)
expect
(
gl_auth
.
find_with_user_password
(
'ldap_user'
,
'password'
)).
to
eq
(
user
)
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment