Commit c7eee369 authored by Patricio Cano's avatar Patricio Cano

Refactored `sync_external_users` method, syntax fixes and Rubocop fix.

parent b9f0ac55
...@@ -156,13 +156,7 @@ module Gitlab ...@@ -156,13 +156,7 @@ module Gitlab
end end
end end
# Restore normal access to users no longer found in the external groups update_external_permissions(current_external_users, verified_external_users)
current_external_users.each do |user|
unless verified_external_users.include?(user)
user.external = false
user.save
end
end
end end
private private
...@@ -325,6 +319,16 @@ module Gitlab ...@@ -325,6 +319,16 @@ module Gitlab
end end
end end
def update_external_permissions(users, verified)
# Restore normal access to users no longer found in the external groups
users.each do |user|
unless verified.include?(user)
user.external = false
user.save
end
end
end
def add_new_members(group, access_levels) def add_new_members(group, access_levels)
logger.debug { "Adding new members to '#{group.name}' group" } logger.debug { "Adding new members to '#{group.name}' group" }
......
...@@ -45,8 +45,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -45,8 +45,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do
let(:group1) { create(:group) } let(:group1) { create(:group) }
let(:group2) { create(:group) } let(:group2) { create(:group) }
let(:ldap_group1) do let(:ldap_group1) do
Net::LDAP::Entry.from_single_ldif_string( Net::LDAP::Entry.from_single_ldif_string(<<-EOS.strip_heredoc)
<<-EOS.strip_heredoc
dn: cn=ldap_group1,ou=groups,dc=example,dc=com dn: cn=ldap_group1,ou=groups,dc=example,dc=com
cn: ldap_group1 cn: ldap_group1
description: LDAP Group 1 description: LDAP Group 1
...@@ -56,7 +55,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -56,7 +55,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do
objectclass: top objectclass: top
objectclass: groupOfNames objectclass: groupOfNames
EOS EOS
)
end end
context 'with all functionality against one LDAP group type' do context 'with all functionality against one LDAP group type' do
...@@ -183,8 +181,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -183,8 +181,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do
Gitlab::LDAP::GroupSync.new('ldapsecondary', adapter) Gitlab::LDAP::GroupSync.new('ldapsecondary', adapter)
end end
let(:ldap_secondary_group1) do let(:ldap_secondary_group1) do
Net::LDAP::Entry.from_single_ldif_string( Net::LDAP::Entry.from_single_ldif_string(<<-EOS.strip_heredoc)
<<-EOS.strip_heredoc
dn: cn=ldap_secondary_group1,ou=groups,dc=example,dc=com dn: cn=ldap_secondary_group1,ou=groups,dc=example,dc=com
cn: ldap_secondary_group1 cn: ldap_secondary_group1
description: LDAP Group 1 description: LDAP Group 1
...@@ -194,7 +191,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -194,7 +191,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do
objectclass: top objectclass: top
objectclass: groupOfNames objectclass: groupOfNames
EOS EOS
)
end end
let(:user_w_multiple_ids) { create(:user) } let(:user_w_multiple_ids) { create(:user) }
...@@ -247,8 +243,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -247,8 +243,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do
context 'when access level spillover could happen' do context 'when access level spillover could happen' do
it 'does not erroneously add users' do it 'does not erroneously add users' do
ldap_group2 = Net::LDAP::Entry.from_single_ldif_string( ldap_group2 = Net::LDAP::Entry.from_single_ldif_string(<<-EOS.strip_heredoc)
<<-EOS.strip_heredoc
dn: cn=ldap_group2,ou=groups,dc=example,dc=com dn: cn=ldap_group2,ou=groups,dc=example,dc=com
cn: ldap_group2 cn: ldap_group2
description: LDAP Group 2 description: LDAP Group 2
...@@ -257,7 +252,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -257,7 +252,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do
objectclass: top objectclass: top
objectclass: groupOfNames objectclass: groupOfNames
EOS EOS
)
allow_any_instance_of(Gitlab::LDAP::Group) allow_any_instance_of(Gitlab::LDAP::Group)
.to receive(:adapter).and_return(adapter) .to receive(:adapter).and_return(adapter)
...@@ -332,8 +326,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -332,8 +326,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do
context 'with groupOfNames style LDAP group' do context 'with groupOfNames style LDAP group' do
let(:ldap_group) do let(:ldap_group) do
Gitlab::LDAP::Group.new( Gitlab::LDAP::Group.new(
Net::LDAP::Entry.from_single_ldif_string( Net::LDAP::Entry.from_single_ldif_string(<<-EOS.strip_heredoc)
<<-EOS.strip_heredoc
dn: cn=ldap_group1,ou=groups,dc=example,dc=com dn: cn=ldap_group1,ou=groups,dc=example,dc=com
cn: ldap_group1 cn: ldap_group1
description: LDAP Group 1 description: LDAP Group 1
...@@ -342,7 +335,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -342,7 +335,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do
objectclass: groupOfNames objectclass: groupOfNames
EOS EOS
) )
)
end end
it 'adds the user to the group' do it 'adds the user to the group' do
...@@ -356,8 +348,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -356,8 +348,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do
context 'with posixGroup style LDAP group' do context 'with posixGroup style LDAP group' do
let(:ldap_group) do let(:ldap_group) do
Gitlab::LDAP::Group.new( Gitlab::LDAP::Group.new(
Net::LDAP::Entry.from_single_ldif_string( Net::LDAP::Entry.from_single_ldif_string(<<-EOS.strip_heredoc)
<<-EOS.strip_heredoc
dn: cn=ldap_group1,ou=groups,dc=example,dc=com dn: cn=ldap_group1,ou=groups,dc=example,dc=com
cn: ldap_group1 cn: ldap_group1
description: LDAP Group 1 description: LDAP Group 1
...@@ -366,7 +357,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -366,7 +357,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do
objectclass: posixGroup objectclass: posixGroup
EOS EOS
) )
)
end end
let(:ldap_user) do let(:ldap_user) do
Gitlab::LDAP::Person.new( Gitlab::LDAP::Person.new(
...@@ -453,8 +443,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -453,8 +443,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do
context 'with groupOfUniqueNames style LDAP group' do context 'with groupOfUniqueNames style LDAP group' do
let(:ldap_group) do let(:ldap_group) do
Gitlab::LDAP::Group.new( Gitlab::LDAP::Group.new(
Net::LDAP::Entry.from_single_ldif_string( Net::LDAP::Entry.from_single_ldif_string(<<-EOS.strip_heredoc)
<<-EOS.strip_heredoc
dn: cn=ldap_group1,ou=groups,dc=example,dc=com dn: cn=ldap_group1,ou=groups,dc=example,dc=com
cn: ldap_group1 cn: ldap_group1
description: LDAP Group 1 description: LDAP Group 1
...@@ -463,7 +452,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -463,7 +452,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do
objectclass: groupOfUniqueNames objectclass: groupOfUniqueNames
EOS EOS
) )
)
end end
it 'adds the user to the group' do it 'adds the user to the group' do
...@@ -476,8 +464,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -476,8 +464,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do
context 'with an empty LDAP group' do context 'with an empty LDAP group' do
let(:ldap_group) do let(:ldap_group) do
Gitlab::LDAP::Group.new( Gitlab::LDAP::Group.new(
Net::LDAP::Entry.from_single_ldif_string( Net::LDAP::Entry.from_single_ldif_string(<<-EOS.strip_heredoc)
<<-EOS.strip_heredoc
dn: cn=ldap_group1,ou=groups,dc=example,dc=com dn: cn=ldap_group1,ou=groups,dc=example,dc=com
cn: ldap_group1 cn: ldap_group1
description: LDAP Group 1 description: LDAP Group 1
...@@ -485,7 +472,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -485,7 +472,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do
objectclass: groupOfUniqueNames objectclass: groupOfUniqueNames
EOS EOS
) )
)
end end
it 'does nothing, without failure' do it 'does nothing, without failure' do
...@@ -498,8 +484,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -498,8 +484,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do
context 'with uid=username member format' do context 'with uid=username member format' do
let(:ldap_group) do let(:ldap_group) do
Gitlab::LDAP::Group.new( Gitlab::LDAP::Group.new(
Net::LDAP::Entry.from_single_ldif_string( Net::LDAP::Entry.from_single_ldif_string(<<-EOS.strip_heredoc)
<<-EOS.strip_heredoc
dn: cn=ldap_group1,ou=groups,dc=example,dc=com dn: cn=ldap_group1,ou=groups,dc=example,dc=com
cn: ldap_group1 cn: ldap_group1
member: uid=#{user1.username} member: uid=#{user1.username}
...@@ -508,7 +493,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -508,7 +493,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do
objectclass: groupOfUniqueNames objectclass: groupOfUniqueNames
EOS EOS
) )
)
end end
let(:ldap_user) do let(:ldap_user) do
Gitlab::LDAP::Person.new( Gitlab::LDAP::Person.new(
...@@ -552,8 +536,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -552,8 +536,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do
context 'with invalid DNs in the LDAP group' do context 'with invalid DNs in the LDAP group' do
let(:ldap_group) do let(:ldap_group) do
Gitlab::LDAP::Group.new( Gitlab::LDAP::Group.new(
Net::LDAP::Entry.from_single_ldif_string( Net::LDAP::Entry.from_single_ldif_string(<<-EOS.strip_heredoc)
<<-EOS.strip_heredoc
dn: cn=ldap_group1,ou=groups,dc=example,dc=com dn: cn=ldap_group1,ou=groups,dc=example,dc=com
cn: ldap_group1 cn: ldap_group1
member: member:
...@@ -564,7 +547,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -564,7 +547,6 @@ describe Gitlab::LDAP::GroupSync, lib: true do
objectclass: groupOfUniqueNames objectclass: groupOfUniqueNames
EOS EOS
) )
)
end end
# Check that the blank member and malformed member logged an error # Check that the blank member and malformed member logged an error
...@@ -591,8 +573,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -591,8 +573,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do
let(:user3) { create(:user) } let(:user3) { create(:user) }
let(:admin_group) do let(:admin_group) do
Net::LDAP::Entry.from_single_ldif_string( Net::LDAP::Entry.from_single_ldif_string(<<-EOS.strip_heredoc)
<<-EOS.strip_heredoc
dn: cn=admin_group,ou=groups,dc=example,dc=com dn: cn=admin_group,ou=groups,dc=example,dc=com
cn: admin_group cn: admin_group
description: Admin Group description: Admin Group
...@@ -601,14 +582,11 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -601,14 +582,11 @@ describe Gitlab::LDAP::GroupSync, lib: true do
objectclass: top objectclass: top
objectclass: groupOfNames objectclass: groupOfNames
EOS EOS
)
end end
before do before do
user1.admin = true user1.update_attribute(:admin, true)
user1.save user3.update_attribute(:admin, true)
user3.admin = true
user3.save
allow_any_instance_of(Gitlab::LDAP::Group) allow_any_instance_of(Gitlab::LDAP::Group)
.to receive(:adapter).and_return(adapter) .to receive(:adapter).and_return(adapter)
...@@ -654,8 +632,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -654,8 +632,7 @@ describe Gitlab::LDAP::GroupSync, lib: true do
let(:user4) { create(:user) } let(:user4) { create(:user) }
let(:external_group1) do let(:external_group1) do
Net::LDAP::Entry.from_single_ldif_string( Net::LDAP::Entry.from_single_ldif_string(<<-EOS.strip_heredoc)
<<-EOS.strip_heredoc
dn: cn=external_group1,ou=groups,dc=example,dc=com dn: cn=external_group1,ou=groups,dc=example,dc=com
cn: external_group1 cn: external_group1
description: External Group 1 description: External Group 1
...@@ -664,12 +641,10 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -664,12 +641,10 @@ describe Gitlab::LDAP::GroupSync, lib: true do
objectclass: top objectclass: top
objectclass: groupOfNames objectclass: groupOfNames
EOS EOS
)
end end
let(:external_group2) do let(:external_group2) do
Net::LDAP::Entry.from_single_ldif_string( Net::LDAP::Entry.from_single_ldif_string(<<-EOS.strip_heredoc)
<<-EOS.strip_heredoc
dn: cn=external_group2,ou=groups,dc=example,dc=com dn: cn=external_group2,ou=groups,dc=example,dc=com
cn: external_group2 cn: external_group2
description: External Group 2 description: External Group 2
...@@ -678,14 +653,11 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -678,14 +653,11 @@ describe Gitlab::LDAP::GroupSync, lib: true do
objectclass: top objectclass: top
objectclass: groupOfNames objectclass: groupOfNames
EOS EOS
)
end end
before do before do
user3.external = true user3.update_attribute(:external, true)
user3.save user4.update_attribute(:external, true)
user4.external = true
user4.save
allow_any_instance_of(Gitlab::LDAP::Group) allow_any_instance_of(Gitlab::LDAP::Group)
.to receive(:adapter).and_return(adapter) .to receive(:adapter).and_return(adapter)
...@@ -739,4 +711,3 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -739,4 +711,3 @@ describe Gitlab::LDAP::GroupSync, lib: true do
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment