Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
1a59ce4e
Commit
1a59ce4e
authored
Sep 03, 2014
by
Jan-Willem van der Meer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add extra tests around OAUTH / LDAP find_or_create
parent
f019821d
Changes
7
Show whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
85 additions
and
59 deletions
+85
-59
lib/gitlab/ldap/access.rb
lib/gitlab/ldap/access.rb
+1
-1
lib/gitlab/ldap/person.rb
lib/gitlab/ldap/person.rb
+1
-1
lib/gitlab/ldap/user.rb
lib/gitlab/ldap/user.rb
+0
-4
lib/gitlab/oauth/user.rb
lib/gitlab/oauth/user.rb
+3
-3
spec/lib/gitlab/ldap/access_spec.rb
spec/lib/gitlab/ldap/access_spec.rb
+4
-4
spec/lib/gitlab/ldap/user_spec.rb
spec/lib/gitlab/ldap/user_spec.rb
+23
-31
spec/lib/gitlab/oauth/user_spec.rb
spec/lib/gitlab/oauth/user_spec.rb
+53
-15
No files found.
lib/gitlab/ldap/access.rb
View file @
1a59ce4e
...
@@ -29,7 +29,7 @@ module Gitlab
...
@@ -29,7 +29,7 @@ module Gitlab
def
allowed?
(
user
)
def
allowed?
(
user
)
if
Gitlab
::
LDAP
::
Person
.
find_by_dn
(
user
.
extern_uid
,
adapter
)
if
Gitlab
::
LDAP
::
Person
.
find_by_dn
(
user
.
extern_uid
,
adapter
)
!
Gitlab
::
LDAP
::
Person
.
active_directory_disabled
?
(
user
.
extern_uid
,
adapter
)
!
Gitlab
::
LDAP
::
Person
.
disabled_via_active_directory
?
(
user
.
extern_uid
,
adapter
)
else
else
false
false
end
end
...
...
lib/gitlab/ldap/person.rb
View file @
1a59ce4e
...
@@ -16,7 +16,7 @@ module Gitlab
...
@@ -16,7 +16,7 @@ module Gitlab
adapter
.
user
(
'dn'
,
dn
)
adapter
.
user
(
'dn'
,
dn
)
end
end
def
self
.
active_directory_disabled
?
(
dn
,
adapter
=
nil
)
def
self
.
disabled_via_active_directory
?
(
dn
,
adapter
=
nil
)
adapter
||=
Gitlab
::
LDAP
::
Adapter
.
new
adapter
||=
Gitlab
::
LDAP
::
Adapter
.
new
adapter
.
dn_matches_filter?
(
dn
,
AD_USER_DISABLED
)
adapter
.
dn_matches_filter?
(
dn
,
AD_USER_DISABLED
)
end
end
...
...
lib/gitlab/ldap/user.rb
View file @
1a59ce4e
...
@@ -92,10 +92,6 @@ module Gitlab
...
@@ -92,10 +92,6 @@ module Gitlab
model
.
where
(
"provider = ? and lower(extern_uid) = ?"
,
provider
,
uid
.
downcase
).
last
model
.
where
(
"provider = ? and lower(extern_uid) = ?"
,
provider
,
uid
.
downcase
).
last
end
end
def
username
auth
.
info
.
nickname
.
to_s
.
force_encoding
(
"utf-8"
)
end
def
provider
def
provider
'ldap'
'ldap'
end
end
...
...
lib/gitlab/oauth/user.rb
View file @
1a59ce4e
...
@@ -67,12 +67,11 @@ module Gitlab
...
@@ -67,12 +67,11 @@ module Gitlab
end
end
def
uid
def
uid
uid
=
auth
.
info
.
uid
||
auth
.
uid
auth
.
uid
.
to_s
uid
=
uid
.
to_s
unless
uid
.
nil?
uid
end
end
def
email
def
email
return
unless
auth
.
info
.
respond_to?
(
:email
)
auth
.
info
.
email
.
downcase
unless
auth
.
info
.
email
.
nil?
auth
.
info
.
email
.
downcase
unless
auth
.
info
.
email
.
nil?
end
end
...
@@ -85,6 +84,7 @@ module Gitlab
...
@@ -85,6 +84,7 @@ module Gitlab
end
end
def
username
def
username
return
unless
auth
.
info
.
respond_to?
(
:nickname
)
auth
.
info
.
nickname
.
to_s
.
force_encoding
(
"utf-8"
)
auth
.
info
.
nickname
.
to_s
.
force_encoding
(
"utf-8"
)
end
end
...
...
spec/lib/gitlab/ldap/access_spec.rb
View file @
1a59ce4e
...
@@ -120,14 +120,14 @@ describe Gitlab::LDAP::Access do
...
@@ -120,14 +120,14 @@ describe Gitlab::LDAP::Access do
context
'when the user is found'
do
context
'when the user is found'
do
before
{
Gitlab
::
LDAP
::
Person
.
stub
(
find_by_dn: :ldap_user
)
}
before
{
Gitlab
::
LDAP
::
Person
.
stub
(
find_by_dn: :ldap_user
)
}
context
'and the
Active Directory disabled flag is set
'
do
context
'and the
user is diabled via active directory
'
do
before
{
Gitlab
::
LDAP
::
Person
.
stub
(
active_directory_disabled
?:
true
)
}
before
{
Gitlab
::
LDAP
::
Person
.
stub
(
disabled_via_active_directory
?:
true
)
}
it
{
should
be_false
}
it
{
should
be_false
}
end
end
context
'and
the Active Directory disabled flag is not set
'
do
context
'and
has no disabled flag in active diretory
'
do
before
{
Gitlab
::
LDAP
::
Person
.
stub
(
active_directory_disabled
?:
false
)
}
before
{
Gitlab
::
LDAP
::
Person
.
stub
(
disabled_via_active_directory
?:
false
)
}
it
{
should
be_true
}
it
{
should
be_true
}
end
end
...
...
spec/lib/gitlab/ldap/user_spec.rb
View file @
1a59ce4e
...
@@ -2,45 +2,37 @@ require 'spec_helper'
...
@@ -2,45 +2,37 @@ require 'spec_helper'
describe
Gitlab
::
LDAP
::
User
do
describe
Gitlab
::
LDAP
::
User
do
let
(
:gl_auth
)
{
Gitlab
::
LDAP
::
User
}
let
(
:gl_auth
)
{
Gitlab
::
LDAP
::
User
}
let
(
:info
)
do
before
do
double
(
Gitlab
.
config
.
stub
(
omniauth:
{})
@info
=
double
(
uid:
'12djsak321'
,
name:
'John'
,
name:
'John'
,
email:
'john@
mail
.com'
,
email:
'john@
example
.com'
,
nickname:
'john'
nickname:
'john'
)
)
end
end
before
{
Gitlab
.
config
.
stub
(
omniauth:
{})
}
describe
:find_for_ldap_auth
do
describe
:find_or_create
do
before
do
let
(
:auth
)
do
@auth
=
double
(
double
(
info:
info
,
provider:
'ldap'
,
uid:
'my-uid'
)
uid:
'12djsak321'
,
info:
@info
,
provider:
'ldap'
)
end
end
it
"should update credentials by email if missing uid"
do
it
"finds the user if already existing"
do
user
=
double
(
'User'
)
existing_user
=
create
(
:user
,
extern_uid:
'my-uid'
,
provider:
'ldap'
)
User
.
stub
find_by_extern_uid_and_provider:
nil
User
.
stub
(
:find_by
).
with
(
hash_including
(
email:
anything
()))
{
user
}
expect
{
gl_auth
.
find_or_create
(
auth
)
}.
to_not
change
{
User
.
count
}
user
.
should_receive
:update_attributes
end
gl_auth
.
find_or_create
(
@auth
)
it
"connects to existing non-ldap user if the email matches"
do
existing_user
=
create
(
:user
,
email:
'john@example.com'
)
expect
{
gl_auth
.
find_or_create
(
auth
)
}.
to_not
change
{
User
.
count
}
existing_user
.
reload
expect
(
existing_user
.
extern_uid
).
to
eql
'my-uid'
expect
(
existing_user
.
provider
).
to
eql
'ldap'
end
end
it
"should not update credentials by username if missing uid and Gitlab.config.ldap.allow_username_or_email_login is false"
do
it
"creates a new user if not found"
do
user
=
double
(
'User'
)
expect
{
gl_auth
.
find_or_create
(
auth
)
}.
to
change
{
User
.
count
}.
by
(
1
)
value
=
Gitlab
.
config
.
ldap
.
allow_username_or_email_login
Gitlab
.
config
.
ldap
[
'allow_username_or_email_login'
]
=
false
User
.
stub
find_by_extern_uid_and_provider:
nil
User
.
stub
(
:find_by
).
with
(
hash_including
(
email:
anything
()))
{
nil
}
User
.
stub
(
:find_by
).
with
(
hash_including
(
username:
anything
()))
{
user
}
user
.
should_not_receive
:update_attributes
gl_auth
.
find_or_create
(
@auth
)
Gitlab
.
config
.
ldap
[
'allow_username_or_email_login'
]
=
value
end
end
end
end
end
end
spec/lib/gitlab/oauth/user_spec.rb
View file @
1a59ce4e
...
@@ -2,44 +2,82 @@ require 'spec_helper'
...
@@ -2,44 +2,82 @@ require 'spec_helper'
describe
Gitlab
::
OAuth
::
User
do
describe
Gitlab
::
OAuth
::
User
do
let
(
:gl_auth
)
{
Gitlab
::
OAuth
::
User
}
let
(
:gl_auth
)
{
Gitlab
::
OAuth
::
User
}
let
(
:info
)
do
before
do
double
(
Gitlab
.
config
.
stub
(
omniauth:
{})
@info
=
double
(
uid:
'12djsak321'
,
nickname:
'john'
,
nickname:
'john'
,
name:
'John'
,
name:
'John'
,
email:
'john@mail.com'
email:
'john@mail.com'
)
)
end
end
before
do
Gitlab
.
config
.
stub
(
omniauth:
{})
end
describe
:find
do
let!
(
:existing_user
)
{
create
(
:user
,
extern_uid:
'my-uid'
,
provider:
'my-provider'
)
}
it
"finds an existing user based on uid and provider (facebook)"
do
auth
=
double
(
info:
double
(
name:
'John'
),
uid:
'my-uid'
,
provider:
'my-provider'
)
assert
gl_auth
.
find
(
auth
)
end
it
"finds an existing user based on nested uid and provider"
do
auth
=
double
(
info:
info
,
uid:
'my-uid'
,
provider:
'my-provider'
)
assert
gl_auth
.
find
(
auth
)
end
end
describe
:create
do
describe
:create
do
it
"should create user from LDAP"
do
it
"should create user from LDAP"
do
@auth
=
double
(
info:
@info
,
provider:
'ldap'
)
auth
=
double
(
info:
info
,
uid:
'my-uid'
,
provider:
'ldap'
)
user
=
gl_auth
.
create
(
@
auth
)
user
=
gl_auth
.
create
(
auth
)
user
.
should
be_valid
user
.
should
be_valid
user
.
extern_uid
.
should
==
@info
.
uid
user
.
extern_uid
.
should
==
auth
.
uid
user
.
provider
.
should
==
'ldap'
user
.
provider
.
should
==
'ldap'
end
end
it
"should create user from Omniauth"
do
it
"should create user from Omniauth"
do
@auth
=
double
(
info:
@info
,
provider:
'twitter'
)
auth
=
double
(
info:
info
,
uid:
'my-uid'
,
provider:
'twitter'
)
user
=
gl_auth
.
create
(
@
auth
)
user
=
gl_auth
.
create
(
auth
)
user
.
should
be_valid
user
.
should
be_valid
user
.
extern_uid
.
should
==
@info
.
uid
user
.
extern_uid
.
should
==
auth
.
uid
user
.
provider
.
should
==
'twitter'
user
.
provider
.
should
==
'twitter'
end
end
it
"should apply defaults to user"
do
it
"should apply defaults to user"
do
@auth
=
double
(
info:
@info
,
provider:
'ldap'
)
auth
=
double
(
info:
info
,
uid:
'my-uid'
,
provider:
'ldap'
)
user
=
gl_auth
.
create
(
@
auth
)
user
=
gl_auth
.
create
(
auth
)
user
.
should
be_valid
user
.
should
be_valid
user
.
projects_limit
.
should
==
Gitlab
.
config
.
gitlab
.
default_projects_limit
user
.
projects_limit
.
should
==
Gitlab
.
config
.
gitlab
.
default_projects_limit
user
.
can_create_group
.
should
==
Gitlab
.
config
.
gitlab
.
default_can_create_group
user
.
can_create_group
.
should
==
Gitlab
.
config
.
gitlab
.
default_can_create_group
end
end
it
"Set a temp email address if not provided (like twitter does)"
do
info
=
double
(
uid:
'my-uid'
,
nickname:
'john'
,
name:
'John'
)
auth
=
double
(
info:
info
,
uid:
'my-uid'
,
provider:
'my-provider'
)
user
=
gl_auth
.
create
(
auth
)
expect
(
user
.
email
).
to_not
be_empty
end
it
'generates a username if non provided (google)'
do
info
=
double
(
uid:
'my-uid'
,
name:
'John'
,
email:
'john@example.com'
)
auth
=
double
(
info:
info
,
uid:
'my-uid'
,
provider:
'my-provider'
)
user
=
gl_auth
.
create
(
auth
)
expect
(
user
.
username
).
to
eql
'john'
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment