Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
98e1a5b6
Commit
98e1a5b6
authored
Jan 19, 2016
by
Douwe Maan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow LDAP users to change their email if it was not set by the LDAP server
parent
425f8d6f
Changes
9
Show whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
95 additions
and
27 deletions
+95
-27
CHANGELOG
CHANGELOG
+1
-0
app/models/user.rb
app/models/user.rb
+4
-1
app/views/profiles/show.html.haml
app/views/profiles/show.html.haml
+2
-2
db/migrate/20160119145451_add_ldap_email_to_users.rb
db/migrate/20160119145451_add_ldap_email_to_users.rb
+30
-0
db/schema.rb
db/schema.rb
+2
-1
lib/gitlab/ldap/user.rb
lib/gitlab/ldap/user.rb
+16
-13
lib/gitlab/o_auth/auth_hash.rb
lib/gitlab/o_auth/auth_hash.rb
+6
-2
lib/gitlab/o_auth/user.rb
lib/gitlab/o_auth/user.rb
+7
-7
spec/lib/gitlab/ldap/user_spec.rb
spec/lib/gitlab/ldap/user_spec.rb
+27
-1
No files found.
CHANGELOG
View file @
98e1a5b6
...
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
...
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.5.0 (unreleased)
v 8.5.0 (unreleased)
v 8.4.0 (unreleased)
v 8.4.0 (unreleased)
- Allow LDAP users to change their email if it was not set by the LDAP server
- Ensure Gravatar host looks like an actual host
- Ensure Gravatar host looks like an actual host
- Consider re-assign as a mention from a notification point of view
- Consider re-assign as a mention from a notification point of view
- Add pagination headers to already paginated API resources
- Add pagination headers to already paginated API resources
...
...
app/models/user.rb
View file @
98e1a5b6
...
@@ -664,7 +664,10 @@ class User < ActiveRecord::Base
...
@@ -664,7 +664,10 @@ class User < ActiveRecord::Base
end
end
def
all_emails
def
all_emails
[
self
.
email
,
*
self
.
emails
.
map
(
&
:email
)]
all_emails
=
[]
all_emails
<<
self
.
email
unless
self
.
temp_oauth_email?
all_emails
.
concat
(
self
.
emails
.
map
(
&
:email
))
all_emails
end
end
def
hook_attrs
def
hook_attrs
...
...
app/views/profiles/show.html.haml
View file @
98e1a5b6
...
@@ -21,10 +21,10 @@
...
@@ -21,10 +21,10 @@
.form-group
.form-group
=
f
.
label
:email
,
class:
"control-label"
=
f
.
label
:email
,
class:
"control-label"
.col-sm-10
.col-sm-10
-
if
@user
.
ldap_user?
-
if
@user
.
ldap_user?
&&
@user
.
ldap_email?
=
f
.
text_field
:email
,
class:
"form-control"
,
required:
true
,
readonly:
true
=
f
.
text_field
:email
,
class:
"form-control"
,
required:
true
,
readonly:
true
%span
.help-block.light
%span
.help-block.light
Email is read-only for LDAP user
Your email address was automatically set based on the LDAP server.
-
else
-
else
-
if
@user
.
temp_oauth_email?
-
if
@user
.
temp_oauth_email?
=
f
.
text_field
:email
,
class:
"form-control"
,
required:
true
,
value:
nil
=
f
.
text_field
:email
,
class:
"form-control"
,
required:
true
,
value:
nil
...
...
db/migrate/20160119145451_add_ldap_email_to_users.rb
0 → 100644
View file @
98e1a5b6
class
AddLdapEmailToUsers
<
ActiveRecord
::
Migration
def
up
add_column
:users
,
:ldap_email
,
:boolean
,
default:
false
,
null:
false
if
Gitlab
::
Database
.
mysql?
execute
%{
UPDATE users, identities
SET users.ldap_email = TRUE
WHERE identities.user_id = users.id
AND users.email LIKE 'temp-email-for-oauth%'
AND identities.provider LIKE 'ldap%'
AND identities.extern_uid IS NOT NULL
}
else
execute
%{
UPDATE users
SET ldap_email = TRUE
FROM identities
WHERE identities.user_id = users.id
AND users.email LIKE 'temp-email-for-oauth%'
AND identities.provider LIKE 'ldap%'
AND identities.extern_uid IS NOT NULL
}
end
end
def
down
remove_column
:users
,
:ldap_email
end
end
db/schema.rb
View file @
98e1a5b6
...
@@ -11,7 +11,7 @@
...
@@ -11,7 +11,7 @@
#
#
# It's strongly recommended that you check this file into your version control system.
# It's strongly recommended that you check this file into your version control system.
ActiveRecord
::
Schema
.
define
(
version:
2016011
3111034
)
do
ActiveRecord
::
Schema
.
define
(
version:
2016011
9145451
)
do
# These are extensions that must be enabled in order to support this database
# These are extensions that must be enabled in order to support this database
enable_extension
"plpgsql"
enable_extension
"plpgsql"
...
@@ -850,6 +850,7 @@ ActiveRecord::Schema.define(version: 20160113111034) do
...
@@ -850,6 +850,7 @@ ActiveRecord::Schema.define(version: 20160113111034) do
t
.
boolean
"hide_project_limit"
,
default:
false
t
.
boolean
"hide_project_limit"
,
default:
false
t
.
string
"unlock_token"
t
.
string
"unlock_token"
t
.
datetime
"otp_grace_period_started_at"
t
.
datetime
"otp_grace_period_started_at"
t
.
boolean
"ldap_email"
,
default:
false
,
null:
false
end
end
add_index
"users"
,
[
"admin"
],
name:
"index_users_on_admin"
,
using: :btree
add_index
"users"
,
[
"admin"
],
name:
"index_users_on_admin"
,
using: :btree
...
...
lib/gitlab/ldap/user.rb
View file @
98e1a5b6
...
@@ -30,28 +30,31 @@ module Gitlab
...
@@ -30,28 +30,31 @@ module Gitlab
end
end
def
find_by_uid_and_provider
def
find_by_uid_and_provider
self
.
class
.
find_by_uid_and_provider
(
self
.
class
.
find_by_uid_and_provider
(
auth_hash
.
uid
,
auth_hash
.
provider
)
auth_hash
.
uid
,
auth_hash
.
provider
)
end
end
def
find_by_email
def
find_by_email
::
User
.
find_by
(
email:
auth_hash
.
email
.
downcase
)
::
User
.
find_by
(
email:
auth_hash
.
email
.
downcase
)
if
auth_hash
.
has_email?
end
end
def
update_user_attributes
def
update_user_attributes
return
unless
persisted?
if
persisted?
if
auth_hash
.
has_email?
gl_user
.
skip_reconfirmation!
gl_user
.
skip_reconfirmation!
gl_user
.
email
=
auth_hash
.
email
gl_user
.
email
=
auth_hash
.
email
end
# find_or_initialize_by doesn't update `gl_user.identities`, and isn't autosaved.
# find_or_initialize_by doesn't update `gl_user.identities`, and isn't autosaved.
identity
=
gl_user
.
identities
.
find
{
|
identity
|
identity
.
provider
==
auth_hash
.
provider
}
identity
=
gl_user
.
identities
.
find
{
|
identity
|
identity
.
provider
==
auth_hash
.
provider
}
identity
||=
gl_user
.
identities
.
build
(
provider:
auth_hash
.
provider
)
identity
||=
gl_user
.
identities
.
build
(
provider:
auth_hash
.
provider
)
# For a new user
set extern_uid to the LDAP DN
# For a new identity
set extern_uid to the LDAP DN
# For an existing user
with matching email but changed DN, update the DN.
# For an existing identity
with matching email but changed DN, update the DN.
# For an existing user
with no change in DN, this line changes nothing.
# For an existing identity
with no change in DN, this line changes nothing.
identity
.
extern_uid
=
auth_hash
.
uid
identity
.
extern_uid
=
auth_hash
.
uid
end
gl_user
.
ldap_email
=
auth_hash
.
has_email?
gl_user
gl_user
end
end
...
...
lib/gitlab/o_auth/auth_hash.rb
View file @
98e1a5b6
...
@@ -32,6 +32,10 @@ module Gitlab
...
@@ -32,6 +32,10 @@ module Gitlab
@password
||=
Gitlab
::
Utils
.
force_utf8
(
Devise
.
friendly_token
[
0
,
8
].
downcase
)
@password
||=
Gitlab
::
Utils
.
force_utf8
(
Devise
.
friendly_token
[
0
,
8
].
downcase
)
end
end
def
has_email?
get_info
(
:email
).
present?
end
private
private
def
info
def
info
...
@@ -46,8 +50,8 @@ module Gitlab
...
@@ -46,8 +50,8 @@ module Gitlab
def
username_and_email
def
username_and_email
@username_and_email
||=
begin
@username_and_email
||=
begin
username
=
get_info
(
:username
)
||
get_info
(
:nickname
)
username
=
get_info
(
:username
)
.
presence
||
get_info
(
:nickname
).
presence
email
=
get_info
(
:email
)
email
=
get_info
(
:email
)
.
presence
username
||=
generate_username
(
email
)
if
email
username
||=
generate_username
(
email
)
if
email
email
||=
generate_temporarily_email
(
username
)
if
username
email
||=
generate_temporarily_email
(
username
)
if
username
...
...
lib/gitlab/o_auth/user.rb
View file @
98e1a5b6
...
@@ -135,13 +135,13 @@ module Gitlab
...
@@ -135,13 +135,13 @@ module Gitlab
def
user_attributes
def
user_attributes
# Give preference to LDAP for sensitive information when creating a linked account
# Give preference to LDAP for sensitive information when creating a linked account
if
creating_linked_ldap_user?
if
creating_linked_ldap_user?
username
=
ldap_person
.
username
username
=
ldap_person
.
username
.
presence
email
=
ldap_person
.
email
.
first
email
=
ldap_person
.
email
.
first
.
presence
else
username
=
auth_hash
.
username
email
=
auth_hash
.
email
end
end
username
||=
auth_hash
.
username
email
||=
auth_hash
.
email
name
=
auth_hash
.
name
name
=
auth_hash
.
name
name
=
::
Namespace
.
clean_path
(
username
)
if
name
.
strip
.
empty?
name
=
::
Namespace
.
clean_path
(
username
)
if
name
.
strip
.
empty?
...
...
spec/lib/gitlab/ldap/user_spec.rb
View file @
98e1a5b6
...
@@ -37,7 +37,7 @@ describe Gitlab::LDAP::User, lib: true do
...
@@ -37,7 +37,7 @@ describe Gitlab::LDAP::User, lib: true do
end
end
it
"dont marks existing ldap user as changed"
do
it
"dont marks existing ldap user as changed"
do
create
(
:omniauth_user
,
email:
'john@example.com'
,
extern_uid:
'my-uid'
,
provider:
'ldapmain'
)
create
(
:omniauth_user
,
email:
'john@example.com'
,
extern_uid:
'my-uid'
,
provider:
'ldapmain'
,
ldap_email:
true
)
expect
(
ldap_user
.
changed?
).
to
be_falsey
expect
(
ldap_user
.
changed?
).
to
be_falsey
end
end
end
end
...
@@ -110,6 +110,32 @@ describe Gitlab::LDAP::User, lib: true do
...
@@ -110,6 +110,32 @@ describe Gitlab::LDAP::User, lib: true do
end
end
end
end
describe
'updating email'
do
context
"when LDAP sets an email"
do
it
"has a real email"
do
expect
(
ldap_user
.
gl_user
.
email
).
to
eq
(
info
[
:email
])
end
it
"has ldap_email set to true"
do
expect
(
ldap_user
.
gl_user
.
ldap_email?
).
to
be
(
true
)
end
end
context
"when LDAP doesn't set an email"
do
before
do
info
.
delete
(
:email
)
end
it
"has a temp email"
do
expect
(
ldap_user
.
gl_user
.
temp_oauth_email?
).
to
be
(
true
)
end
it
"has ldap_email set to false"
do
expect
(
ldap_user
.
gl_user
.
ldap_email?
).
to
be
(
false
)
end
end
end
describe
'blocking'
do
describe
'blocking'
do
def
configure_block
(
value
)
def
configure_block
(
value
)
allow_any_instance_of
(
Gitlab
::
LDAP
::
Config
).
allow_any_instance_of
(
Gitlab
::
LDAP
::
Config
).
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment