Commit 4dd8740c authored by Douwe Maan's avatar Douwe Maan

Merge branch 'sh-disable-nil-user-id-identity-validation' into 'master'

Fix failed LDAP logins when nil user_id present

Closes #56734

See merge request gitlab-org/gitlab-ce!24749
parents 559364ee ab4aba70
...@@ -8,7 +8,7 @@ class Identity < ActiveRecord::Base ...@@ -8,7 +8,7 @@ class Identity < ActiveRecord::Base
validates :provider, presence: true validates :provider, presence: true
validates :extern_uid, allow_blank: true, uniqueness: { scope: UniquenessScopes.scopes, case_sensitive: false } validates :extern_uid, allow_blank: true, uniqueness: { scope: UniquenessScopes.scopes, case_sensitive: false }
validates :user_id, uniqueness: { scope: UniquenessScopes.scopes } validates :user, uniqueness: { scope: UniquenessScopes.scopes }
before_save :ensure_normalized_extern_uid, if: :extern_uid_changed? before_save :ensure_normalized_extern_uid, if: :extern_uid_changed?
after_destroy :clear_user_synced_attributes, if: :user_synced_attributes_metadata_from_provider? after_destroy :clear_user_synced_attributes, if: :user_synced_attributes_metadata_from_provider?
......
---
title: Fix failed LDAP logins when nil user_id present
merge_request: 24749
author:
type: fixed
...@@ -10,6 +10,40 @@ describe Identity do ...@@ -10,6 +10,40 @@ describe Identity do
it { is_expected.to respond_to(:extern_uid) } it { is_expected.to respond_to(:extern_uid) }
end end
describe 'validations' do
set(:user) { create(:user) }
context 'with existing user and provider' do
before do
create(:identity, provider: 'ldapmain', user_id: user.id)
end
it 'returns false for a duplicate entry' do
identity = user.identities.build(provider: 'ldapmain', user_id: user.id)
expect(identity.validate).to be_falsey
end
it 'returns true when a different provider is used' do
identity = user.identities.build(provider: 'gitlab', user_id: user.id)
expect(identity.validate).to be_truthy
end
end
context 'with newly-created user' do
before do
create(:identity, provider: 'ldapmain', user_id: nil)
end
it 'successfully validates even with a nil user_id' do
identity = user.identities.build(provider: 'ldapmain')
expect(identity.validate).to be_truthy
end
end
end
describe '#is_ldap?' do describe '#is_ldap?' do
let(:ldap_identity) { create(:identity, provider: 'ldapmain') } let(:ldap_identity) { create(:identity, provider: 'ldapmain') }
let(:other_identity) { create(:identity, provider: 'twitter') } let(:other_identity) { create(:identity, provider: 'twitter') }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment