Reduce duplication to satisfy Flay

ee/lib/ee/gitlab/auth/ldap/sync/admin_users.rb

@@ -3,55 +3,19 @@ module EE
     module Auth
       module LDAP
         module Sync
-          class AdminUsers
-            attr_reader :provider, :proxy
-
-            def self.execute(proxy)
-              self.new(proxy).update_permissions
-            end
+          class AdminUsers < Sync::Users
+            private
 
-            def initialize(proxy)
-              @provider = proxy.provider
-              @proxy = proxy
+            def attribute
+              :admin
             end
 
-            def update_permissions
-              return if admin_group.empty?
-
-              admin_group_member_dns = proxy.dns_for_group_cn(admin_group)
-              current_admin_users = ::User.admins.with_provider(provider)
-              verified_admin_users = []
+            def member_dns
+              return [] if admin_group.empty?
 
-              # Verify existing admin users and add new ones.
-              admin_group_member_dns.each do |member_dn|
-                user = ::Gitlab::Auth::LDAP::User.find_by_uid_and_provider(member_dn, provider)
-
-                if user.present?
-                  user.admin = true
-                  user.save
-                  verified_admin_users << user
-                else
-                  Rails.logger.debug do
-                    <<-MSG.strip_heredoc.tr("\n", ' ')
-                      #{self.class.name}: User with DN `#{member_dn}` should have admin
-                      access but there is no user in GitLab with that identity.
-                      Membership will be updated once the user signs in for the first time.
-                    MSG
-                  end
-                end
-              end
-
-              # Revoke the unverified admins.
-              current_admin_users.each do |user|
-                unless verified_admin_users.include?(user)
-                  user.admin = false
-                  user.save
-                end
-              end
+              proxy.dns_for_group_cn(admin_group)
             end
 
-            private
-
             def admin_group
               proxy.adapter.config.admin_group
             end

ee/lib/ee/gitlab/auth/ldap/sync/external_users.rb

@@ -3,57 +3,19 @@ module EE
     module Auth
       module LDAP
         module Sync
-          class ExternalUsers
-            attr_reader :provider, :proxy
-
-            def self.execute(proxy)
-              self.new(proxy).update_permissions
-            end
+          class ExternalUsers < Sync::Users
+            private
 
-            def initialize(proxy)
-              @provider = proxy.provider
-              @proxy = proxy
+            def attribute
+              :external
             end
 
-            def update_permissions
-              return unless external_groups.any?
-
-              current_external_users = ::User.external.with_provider(provider)
-              verified_external_users = []
-
-              external_groups.each do |group|
-                group_dns = proxy.dns_for_group_cn(group)
-
-                group_dns.each do |member_dn|
-                  user = ::Gitlab::Auth::LDAP::User.find_by_uid_and_provider(member_dn, provider)
-
-                  if user.present?
-                    user.external = true
-                    user.save
-                    verified_external_users << user
-                  else
-                    Rails.logger.debug do
-                      <<-MSG.strip_heredoc.tr("\n", ' ')
-                        #{self.class.name}: User with DN `#{member_dn}` should be marked as
-                        external but there is no user in GitLab with that identity.
-                        Membership will be updated once the user signs in for the first time.
-                      MSG
-                    end
-                  end
-                end
-              end
-
-              # Restore normal access to users no longer found in the external groups
-              current_external_users.each do |user|
-                unless verified_external_users.include?(user)
-                  user.external = false
-                  user.save
-                end
-              end
+            def member_dns
+              external_groups.flat_map do |group|
+                proxy.dns_for_group_cn(group)
+              end.uniq
             end
 
-            private
-
             def external_groups
               proxy.adapter.config.external_groups
             end

ee/lib/ee/gitlab/auth/ldap/sync/users.rb

+module EE
+  module Gitlab
+    module Auth
+      module LDAP
+        module Sync
+          class Users
+            attr_reader :provider, :proxy
+
+            def self.execute(proxy)
+              self.new(proxy).update_permissions
+            end
+
+            def initialize(proxy)
+              @provider = proxy.provider
+              @proxy = proxy
+            end
+
+            def update_permissions
+              dns = member_dns
+              return if dns.empty?
+
+              current_users_with_attribute = ::User.with_provider(provider).where(attribute => true)
+              verified_users_with_attribute = []
+
+              # Verify existing users and add new ones.
+              dns.each do |member_dn|
+                user = update_user_by_dn(member_dn)
+                verified_users_with_attribute << user if user
+              end
+
+              # Revoke the unverified users.
+              (current_users_with_attribute - verified_users_with_attribute).each do |user|
+                user[attribute] = false
+                user.save
+              end
+            end
+
+            private
+
+            def attribute
+              raise NotImplementedError
+            end
+
+            def member_dns
+              raise NotImplementedError
+            end
+
+            def update_user_by_dn(member_dn)
+              user = ::Gitlab::Auth::LDAP::User.find_by_uid_and_provider(member_dn, provider)
+
+              if user.present?
+                user[attribute] = true
+                user.save
+
+                user
+              else
+                Rails.logger.debug do
+                  <<-MSG.strip_heredoc.tr("\n", ' ')
+                    #{self.class.name}: User with DN `#{member_dn}` should be marked as
+                    #{attribute} but there is no user in GitLab with that identity.
+                    Membership will be updated once the user signs in for the first time.
+                  MSG
+                end
+
+                nil
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end