Skip to content

G
gitlab-ce
Commit c593154c authored by Patricio Cano's avatar Patricio Cano
Browse files
Options

Moved `find_or_create_ldap_user` method to parent class and added logging.

parent 7038440e
Show whitespace changes
Inline Side-by-side
Showing with 13 additions and 31 deletions
lib/gitlab/o_auth/user.rb
View file @ c593154c
...@@ -69,13 +69,19 @@ module Gitlab ...@@ -69,13 +69,19 @@ module Gitlab
return unless ldap_person return unless ldap_person
# If a corresponding person exists with same uid in a LDAP server, # If a corresponding person exists with same uid in a LDAP server,
# set up a Gitlab user with dual LDAP and Omniauth identities. # check if the user already has a GitLab account.
if user = Gitlab::LDAP::User.find_by_uid_and_provider(ldap_person.dn, ldap_person.provider) if (user = Gitlab::LDAP::User.find_by_uid_and_provider(ldap_person.dn, ldap_person.provider))
# Case when a LDAP user already exists in Gitlab. Add the Omniauth identity to existing account. # Case when a LDAP user already exists in Gitlab. Add the OAuth identity to existing account.
log.info "LDAP account found for user #{user.username}. Building new identity."
user.identities.build(extern_uid: auth_hash.uid, provider: auth_hash.provider) user.identities.build(extern_uid: auth_hash.uid, provider: auth_hash.provider)
else else
# No account in Gitlab yet: create it and add the LDAP identity log.info 'No existing LDAP account was found in GitLab. Checking for OAuth account.'
user = find_by_uid_and_provider
if user.nil?
log.info 'No user found with the specified OAuth provider. Creating a new one.'
user = build_new_user user = build_new_user
end
log.info "Correct account has been found. Adding LDAP identity to user: #{user.username}."
user.identities.new(provider: ldap_person.provider, extern_uid: ldap_person.dn) user.identities.new(provider: ldap_person.provider, extern_uid: ldap_person.dn)
end end
...@@ -96,7 +102,7 @@ module Gitlab ...@@ -96,7 +102,7 @@ module Gitlab
# Look for a corresponding person with same uid in any of the configured LDAP providers # Look for a corresponding person with same uid in any of the configured LDAP providers
Gitlab::LDAP::Config.providers.each do |provider| Gitlab::LDAP::Config.providers.each do |provider|
adapter = Gitlab::LDAP::Adapter.new(provider) adapter = Gitlab::LDAP::Adapter.new(provider)
@ldap_person = Gitlab::LDAP::Person.find_by_dn(auth_hash.uid, adapter) @ldap_person = Gitlab::LDAP::Person.find_by_uid(auth_hash.uid, adapter)
break if @ldap_person break if @ldap_person
end end
@ldap_person @ldap_person
......
lib/gitlab/saml/user.rb
View file @ c593154c
...@@ -62,30 +62,6 @@ module Gitlab ...@@ -62,30 +62,6 @@ module Gitlab
!Gitlab::Saml::Config.external_groups.nil? !Gitlab::Saml::Config.external_groups.nil?
end end
def find_or_create_ldap_user
return unless ldap_person
# If a corresponding person exists with same uid in a LDAP server,
# check if the user already has a GitLab account
user = Gitlab::LDAP::User.find_by_uid_and_provider(ldap_person.dn, ldap_person.provider)
if user
# Case when a LDAP user already exists in Gitlab. Add the SAML identity to existing account.
user.identities.build(extern_uid: auth_hash.uid, provider: auth_hash.provider)
else
# No account found using LDAP in Gitlab yet: check if there is a SAML account with
# the passed uid and provider
user = find_by_uid_and_provider
if user.nil?
# No SAML account found, build a new user.
user = build_new_user
end
# Correct account is present, add the LDAP Identity to the user.
user.identities.new(provider: ldap_person.provider, extern_uid: ldap_person.dn)
end
user
end
def auth_hash=(auth_hash) def auth_hash=(auth_hash)
@auth_hash = Gitlab::Saml::AuthHash.new(auth_hash) @auth_hash = Gitlab::Saml::AuthHash.new(auth_hash)
end end
......
spec/lib/gitlab/saml/user_spec.rb
View file @ c593154c
...@@ -182,7 +182,7 @@ describe Gitlab::Saml::User, lib: true do ...@@ -182,7 +182,7 @@ describe Gitlab::Saml::User, lib: true do
context 'user has SAML user, and wants to add their LDAP identity' do context 'user has SAML user, and wants to add their LDAP identity' do
it 'adds the LDAP identity to the existing SAML user' do it 'adds the LDAP identity to the existing SAML user' do
create(:omniauth_user, email: 'john@mail.com', extern_uid: 'uid=user1,ou=People,dc=example', provider: 'saml', username: 'john') create(:omniauth_user, email: 'john@mail.com', extern_uid: 'uid=user1,ou=People,dc=example', provider: 'saml', username: 'john')
local_hash = OmniAuth::AuthHash.new(uid: 'uid=user1,ou=People,dc=example', provider: provider, info: info_hash, extra: { raw_info: OneLogin::RubySaml::Attributes.new({ 'groups' => %w(Developers Freelancers Designers) }) }) local_hash = OmniAuth::AuthHash.new(uid: 'uid=user1,ou=People,dc=example', provider: provider, info: info_hash)
local_saml_user = described_class.new(local_hash) local_saml_user = described_class.new(local_hash)
local_saml_user.save local_saml_user.save
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7