Commit a767bb46 authored by Robert Speicher's avatar Robert Speicher Committed by Robert Speicher

Merge branch 'fix_saml_signin' into 'master'

Fix subsequent SAML sign ins

Fixes a bug when `auto_link_ldap_user` is `true` that causes SAML users to be unable to sign in a second time.

Fix the problem for https://gitlab.zendesk.com/agent/tickets/22546

See merge request !4718
parent 37e5ef1f
...@@ -15,6 +15,7 @@ v 8.9.1 (unreleased) ...@@ -15,6 +15,7 @@ v 8.9.1 (unreleased)
- Add documentation for award emoji now that comments can be awarded with emojis. !4839 - Add documentation for award emoji now that comments can be awarded with emojis. !4839
- Fix typo in export failure email. !4847 - Fix typo in export failure email. !4847
- Fix header vertical centering. !4170 - Fix header vertical centering. !4170
- Fix subsequent SAML sign ins. !4718
v 8.9.0 v 8.9.0
- Fix builds API response not including commit data - Fix builds API response not including commit data
......
...@@ -74,7 +74,7 @@ module Gitlab ...@@ -74,7 +74,7 @@ module Gitlab
if user if user
# Case when a LDAP user already exists in Gitlab. Add the OAuth identity to existing account. # Case when a LDAP user already exists in Gitlab. Add the OAuth identity to existing account.
log.info "LDAP account found for user #{user.username}. Building new #{auth_hash.provider} identity." log.info "LDAP account found for user #{user.username}. Building new #{auth_hash.provider} identity."
user.identities.build(extern_uid: auth_hash.uid, provider: auth_hash.provider) user.identities.find_or_initialize_by(extern_uid: auth_hash.uid, provider: auth_hash.provider)
else else
log.info "No existing LDAP account was found in GitLab. Checking for #{auth_hash.provider} account." log.info "No existing LDAP account was found in GitLab. Checking for #{auth_hash.provider} account."
user = find_by_uid_and_provider user = find_by_uid_and_provider
......
...@@ -164,7 +164,14 @@ describe Gitlab::Saml::User, lib: true do ...@@ -164,7 +164,14 @@ describe Gitlab::Saml::User, lib: true do
end end
context 'and LDAP user has an account already' do context 'and LDAP user has an account already' do
let!(:existing_user) { create(:omniauth_user, email: 'john@mail.com', extern_uid: 'uid=user1,ou=People,dc=example', provider: 'ldapmain', username: 'john') } before do
create(:omniauth_user,
email: 'john@mail.com',
extern_uid: 'uid=user1,ou=People,dc=example',
provider: 'ldapmain',
username: 'john')
end
it 'adds the omniauth identity to the LDAP account' do it 'adds the omniauth identity to the LDAP account' do
saml_user.save saml_user.save
...@@ -177,6 +184,15 @@ describe Gitlab::Saml::User, lib: true do ...@@ -177,6 +184,15 @@ describe Gitlab::Saml::User, lib: true do
{ provider: 'saml', extern_uid: uid } { provider: 'saml', extern_uid: uid }
]) ])
end end
it 'saves successfully on subsequent tries, when both identities are present' do
saml_user.save
local_saml_user = described_class.new(auth_hash)
local_saml_user.save
expect(local_saml_user.gl_user).to be_valid
expect(local_saml_user.gl_user).to be_persisted
end
end end
context 'user has SAML user, and wants to add their LDAP identity' do context 'user has SAML user, and wants to add their LDAP identity' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment