Commit 4ab717ea authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'ldap_migration'

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Conflicts:
	db/schema.rb
parents ecb58dac f39b150a
...@@ -15,4 +15,5 @@ class Identity < ActiveRecord::Base ...@@ -15,4 +15,5 @@ class Identity < ActiveRecord::Base
belongs_to :user belongs_to :user
validates :extern_uid, allow_blank: true, uniqueness: { scope: :provider } validates :extern_uid, allow_blank: true, uniqueness: { scope: :provider }
validates :user_id, uniqueness: { scope: :provider }
end end
...@@ -105,6 +105,15 @@ production: &base ...@@ -105,6 +105,15 @@ production: &base
ldap: ldap:
enabled: false enabled: false
servers: servers:
##########################################################################
#
# Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab
# Enterprise Edition now supports connecting to multiple LDAP servers.
#
# If you are updating from the old (pre-7.4) syntax, you MUST give your
# old server the ID 'main'.
#
##########################################################################
main: # 'main' is the GitLab 'provider ID' of this LDAP server main: # 'main' is the GitLab 'provider ID' of this LDAP server
## label ## label
# #
......
...@@ -66,10 +66,11 @@ Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil? ...@@ -66,10 +66,11 @@ Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
# backwards compatibility, we only have one host # backwards compatibility, we only have one host
if Settings.ldap['enabled'] || Rails.env.test? if Settings.ldap['enabled'] || Rails.env.test?
if Settings.ldap['host'].present? if Settings.ldap['host'].present?
# We detected old LDAP configuration syntax. Update the config to make it
# look like it was entered with the new syntax.
server = Settings.ldap.except('sync_time') server = Settings.ldap.except('sync_time')
server['provider_name'] = 'ldap'
Settings.ldap['servers'] = { Settings.ldap['servers'] = {
'ldap' => server 'main' => server
} }
end end
...@@ -82,6 +83,7 @@ if Settings.ldap['enabled'] || Rails.env.test? ...@@ -82,6 +83,7 @@ if Settings.ldap['enabled'] || Rails.env.test?
end end
end end
Settings['omniauth'] ||= Settingslogic.new({}) Settings['omniauth'] ||= Settingslogic.new({})
Settings.omniauth['enabled'] = false if Settings.omniauth['enabled'].nil? Settings.omniauth['enabled'] = false if Settings.omniauth['enabled'].nil?
Settings.omniauth['providers'] ||= [] Settings.omniauth['providers'] ||= []
......
class FixIdentities < ActiveRecord::Migration
def up
# Up until now, legacy 'ldap' references in the database were charitably
# interpreted to point to the first LDAP server specified in the GitLab
# configuration. So if the database said 'provider: ldap' but the first
# LDAP server was called 'ldapmain', then we would try to interpret
# 'provider: ldap' as if it said 'provider: ldapmain'. This migration (and
# accompanying changes in the GitLab LDAP code) get rid of this complicated
# behavior. Any database references to 'provider: ldap' get rewritten to
# whatever the code would have interpreted it as, i.e. as a reference to
# the first LDAP server specified in gitlab.yml / gitlab.rb.
new_provider = if Gitlab.config.ldap.enabled
first_ldap_server = Gitlab.config.ldap.servers.values.first
first_ldap_server['provider_name']
else
'ldapmain'
end
# Delete duplicate identities
execute "DELETE FROM identities WHERE provider = 'ldap' AND user_id IN (SELECT user_id FROM identities WHERE provider = '#{new_provider}')"
# Update legacy identities
execute "UPDATE identities SET provider = '#{new_provider}' WHERE provider = 'ldap';"
if table_exists?('ldap_group_links')
execute "UPDATE ldap_group_links SET provider = '#{new_provider}' WHERE provider IS NULL OR provider = 'ldap';"
end
end
def down
end
end
...@@ -460,6 +460,7 @@ ActiveRecord::Schema.define(version: 20150411180045) do ...@@ -460,6 +460,7 @@ ActiveRecord::Schema.define(version: 20150411180045) do
t.integer "notification_level", default: 1, null: false t.integer "notification_level", default: 1, null: false
t.datetime "password_expires_at" t.datetime "password_expires_at"
t.integer "created_by_id" t.integer "created_by_id"
t.datetime "last_credential_check_at"
t.string "avatar" t.string "avatar"
t.string "confirmation_token" t.string "confirmation_token"
t.datetime "confirmed_at" t.datetime "confirmed_at"
...@@ -467,7 +468,6 @@ ActiveRecord::Schema.define(version: 20150411180045) do ...@@ -467,7 +468,6 @@ ActiveRecord::Schema.define(version: 20150411180045) do
t.string "unconfirmed_email" t.string "unconfirmed_email"
t.boolean "hide_no_ssh_key", default: false t.boolean "hide_no_ssh_key", default: false
t.string "website_url", default: "", null: false t.string "website_url", default: "", null: false
t.datetime "last_credential_check_at"
t.string "github_access_token" t.string "github_access_token"
t.string "gitlab_access_token" t.string "gitlab_access_token"
t.string "notification_email" t.string "notification_email"
......
...@@ -27,8 +27,6 @@ module Gitlab ...@@ -27,8 +27,6 @@ module Gitlab
def initialize(provider) def initialize(provider)
if self.class.valid_provider?(provider) if self.class.valid_provider?(provider)
@provider = provider @provider = provider
elsif provider == 'ldap'
@provider = self.class.providers.first
else else
self.class.invalid_provider(provider) self.class.invalid_provider(provider)
end end
......
...@@ -13,7 +13,7 @@ module Gitlab ...@@ -13,7 +13,7 @@ module Gitlab
def find_by_uid_and_provider(uid, provider) def find_by_uid_and_provider(uid, provider)
# LDAP distinguished name is case-insensitive # LDAP distinguished name is case-insensitive
identity = ::Identity. identity = ::Identity.
where(provider: [provider, :ldap]). where(provider: provider).
where('lower(extern_uid) = ?', uid.downcase).last where('lower(extern_uid) = ?', uid.downcase).last
identity && identity.user identity && identity.user
end end
......
...@@ -16,19 +16,5 @@ describe Gitlab::LDAP::Config do ...@@ -16,19 +16,5 @@ describe Gitlab::LDAP::Config do
it "raises an error if a unknow provider is used" do it "raises an error if a unknow provider is used" do
expect{ Gitlab::LDAP::Config.new 'unknown' }.to raise_error expect{ Gitlab::LDAP::Config.new 'unknown' }.to raise_error
end end
context "if 'ldap' is the provider name" do
let(:provider) { 'ldap' }
context "and 'ldap' is not in defined as a provider" do
before { Gitlab::LDAP::Config.stub(providers: %w{ldapmain}) }
it "uses the first provider" do
# Fetch the provider_name attribute from 'options' so that we know
# that the 'options' Hash is not empty/nil.
expect(config.options['provider_name']).to eq('ldapmain')
end
end
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment