Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
bafd30f9
Commit
bafd30f9
authored
Oct 22, 2014
by
Andrey Krivko
Committed by
Dmitriy Zaporozhets
Oct 30, 2014
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Session API: Use case-insensitive authentication like in UI
parent
8388bbe8
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
57 additions
and
3 deletions
+57
-3
CHANGELOG
CHANGELOG
+2
-1
app/models/user.rb
app/models/user.rb
+5
-0
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+1
-1
spec/lib/gitlab/auth_spec.rb
spec/lib/gitlab/auth_spec.rb
+9
-1
spec/models/user_spec.rb
spec/models/user_spec.rb
+14
-0
spec/requests/api/session_spec.rb
spec/requests/api/session_spec.rb
+26
-0
No files found.
CHANGELOG
View file @
bafd30f9
...
@@ -5,6 +5,7 @@ v 7.5.0
...
@@ -5,6 +5,7 @@ v 7.5.0
- Fix LDAP config lookup for provider 'ldap'
- Fix LDAP config lookup for provider 'ldap'
- Add Atlassian Bamboo CI service (Drew Blessing)
- Add Atlassian Bamboo CI service (Drew Blessing)
- Mentioned @user will receive email even if he is not participating in issue or commit
- Mentioned @user will receive email even if he is not participating in issue or commit
- Session API: Use case-insensitive authentication like in UI (Andrey Krivko)
v 7.4.2
v 7.4.2
- Fix internal snippet exposing for unauthenticated users
- Fix internal snippet exposing for unauthenticated users
...
...
app/models/user.rb
View file @
bafd30f9
...
@@ -226,6 +226,11 @@ class User < ActiveRecord::Base
...
@@ -226,6 +226,11 @@ class User < ActiveRecord::Base
where
(
"lower(name) LIKE :query OR lower(email) LIKE :query OR lower(username) LIKE :query"
,
query:
"%
#{
query
.
downcase
}
%"
)
where
(
"lower(name) LIKE :query OR lower(email) LIKE :query OR lower(username) LIKE :query"
,
query:
"%
#{
query
.
downcase
}
%"
)
end
end
def
by_login
(
login
)
where
(
'lower(username) = :value OR lower(email) = :value'
,
value:
login
.
to_s
.
downcase
).
first
end
def
by_username_or_id
(
name_or_id
)
def
by_username_or_id
(
name_or_id
)
where
(
'users.username = ? OR users.id = ?'
,
name_or_id
.
to_s
,
name_or_id
.
to_i
).
first
where
(
'users.username = ? OR users.id = ?'
,
name_or_id
.
to_s
,
name_or_id
.
to_i
).
first
end
end
...
...
lib/gitlab/auth.rb
View file @
bafd30f9
module
Gitlab
module
Gitlab
class
Auth
class
Auth
def
find
(
login
,
password
)
def
find
(
login
,
password
)
user
=
User
.
find_by
(
email:
login
)
||
User
.
find_by
(
username:
login
)
user
=
User
.
by_login
(
login
)
# If no user is found, or it's an LDAP server, try LDAP.
# If no user is found, or it's an LDAP server, try LDAP.
# LDAP users are only authenticated via LDAP
# LDAP users are only authenticated via LDAP
...
...
spec/lib/gitlab/auth_spec.rb
View file @
bafd30f9
...
@@ -10,13 +10,21 @@ describe Gitlab::Auth do
...
@@ -10,13 +10,21 @@ describe Gitlab::Auth do
password:
password
,
password:
password
,
password_confirmation:
password
)
password_confirmation:
password
)
end
end
let
(
:username
)
{
'
john'
}
let
(
:username
)
{
'
John'
}
# username isn't lowercase, test this
let
(
:password
)
{
'my-secret'
}
let
(
:password
)
{
'my-secret'
}
it
"should find user by valid login/password"
do
it
"should find user by valid login/password"
do
expect
(
gl_auth
.
find
(
username
,
password
)
).
to
eql
user
expect
(
gl_auth
.
find
(
username
,
password
)
).
to
eql
user
end
end
it
'should find user by valid email/password with case-insensitive email'
do
expect
(
gl_auth
.
find
(
user
.
email
.
upcase
,
password
)).
to
eql
user
end
it
'should find user by valid username/password with case-insensitive username'
do
expect
(
gl_auth
.
find
(
username
.
upcase
,
password
)).
to
eql
user
end
it
"should not find user with invalid password"
do
it
"should not find user with invalid password"
do
password
=
'wrong'
password
=
'wrong'
expect
(
gl_auth
.
find
(
username
,
password
)
).
to_not
eql
user
expect
(
gl_auth
.
find
(
username
,
password
)
).
to_not
eql
user
...
...
spec/models/user_spec.rb
View file @
bafd30f9
...
@@ -287,6 +287,20 @@ describe User do
...
@@ -287,6 +287,20 @@ describe User do
end
end
end
end
describe
'.by_login'
do
let
(
:username
)
{
'John'
}
let!
(
:user
)
{
create
(
:user
,
username:
username
)
}
it
'should get the correct user'
do
expect
(
User
.
by_login
(
user
.
email
.
upcase
)).
to
eq
user
expect
(
User
.
by_login
(
user
.
email
)).
to
eq
user
expect
(
User
.
by_login
(
username
.
downcase
)).
to
eq
user
expect
(
User
.
by_login
(
username
)).
to
eq
user
expect
(
User
.
by_login
(
nil
)).
to
be_nil
expect
(
User
.
by_login
(
''
)).
to
be_nil
end
end
describe
'all_ssh_keys'
do
describe
'all_ssh_keys'
do
it
{
should
have_many
(
:keys
).
dependent
(
:destroy
)
}
it
{
should
have_many
(
:keys
).
dependent
(
:destroy
)
}
...
...
spec/requests/api/session_spec.rb
View file @
bafd30f9
...
@@ -19,6 +19,32 @@ describe API::API, api: true do
...
@@ -19,6 +19,32 @@ describe API::API, api: true do
end
end
end
end
context
'when email has case-typo and password is valid'
do
it
'should return private token'
do
post
api
(
'/session'
),
email:
user
.
email
.
upcase
,
password:
'12345678'
expect
(
response
.
status
).
to
eq
201
expect
(
json_response
[
'email'
]).
to
eq
user
.
email
expect
(
json_response
[
'private_token'
]).
to
eq
user
.
private_token
expect
(
json_response
[
'is_admin'
]).
to
eq
user
.
is_admin?
expect
(
json_response
[
'can_create_project'
]).
to
eq
user
.
can_create_project?
expect
(
json_response
[
'can_create_group'
]).
to
eq
user
.
can_create_group?
end
end
context
'when login has case-typo and password is valid'
do
it
'should return private token'
do
post
api
(
'/session'
),
login:
user
.
username
.
upcase
,
password:
'12345678'
expect
(
response
.
status
).
to
eq
201
expect
(
json_response
[
'email'
]).
to
eq
user
.
email
expect
(
json_response
[
'private_token'
]).
to
eq
user
.
private_token
expect
(
json_response
[
'is_admin'
]).
to
eq
user
.
is_admin?
expect
(
json_response
[
'can_create_project'
]).
to
eq
user
.
can_create_project?
expect
(
json_response
[
'can_create_group'
]).
to
eq
user
.
can_create_group?
end
end
context
"when invalid password"
do
context
"when invalid password"
do
it
"should return authentication error"
do
it
"should return authentication error"
do
post
api
(
"/session"
),
email:
user
.
email
,
password:
'123'
post
api
(
"/session"
),
email:
user
.
email
,
password:
'123'
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment