Lookup for users in LDAP based on their e-mail by their e-mail-address instead of only uid.

54594ab9 · Niko · Michael Kozono · 1ea531ad · 54594ab9 · 54594ab9
Commit 54594ab9 authored Aug 19, 2020 by Niko Committed by Michael Kozono Aug 19, 2020
3 changed files
--- a/changelogs/unreleased/33767-search-users-in-LDAP-by-their-e-mail-address.yml
+++ b/changelogs/unreleased/33767-search-users-in-LDAP-by-their-e-mail-address.yml
+---
+title: "Allow OAuth to auto link LDAP users via email address"
+merge_request: 33767
+author: Niko Wenselowski
+type: changed
--- a/lib/gitlab/auth/o_auth/user.rb
+++ b/lib/gitlab/auth/o_auth/user.rb
@@ -150,6 +150,7 @@ module Gitlab
        def find_ldap_person(auth_hash, adapter)
          Gitlab::Auth::Ldap::Person.find_by_uid(auth_hash.uid, adapter) ||
            Gitlab::Auth::Ldap::Person.find_by_email(auth_hash.uid, adapter) ||
+            Gitlab::Auth::Ldap::Person.find_by_email(auth_hash.email, adapter) ||
            Gitlab::Auth::Ldap::Person.find_by_dn(auth_hash.uid, adapter)
        rescue Gitlab::Auth::Ldap::LdapConnectionError
          nil

--- a/spec/lib/gitlab/auth/o_auth/user_spec.rb
+++ b/spec/lib/gitlab/auth/o_auth/user_spec.rb
@@ -230,6 +230,7 @@ RSpec.describe Gitlab::Auth::OAuth::User do
            end

            context "and no account for the LDAP user" do
+              context 'when the LDAP user is found by UID' do
                before do
                  allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).and_return(ldap_user)

@@ -266,6 +267,22 @@ RSpec.describe Gitlab::Auth::OAuth::User do
                end
              end

+              context 'when the LDAP user is found by email address' do
+                before do
+                  allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).and_return(nil)
+                  allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_email).with(uid, any_args).and_return(nil)
+                  allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_email).with(info_hash[:email], any_args).and_return(ldap_user)
+
+                  oauth_user.save
+                end
+
+                it 'creates the LDAP identity' do
+                  identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } }
+                  expect(identities_as_hash).to include({ provider: 'ldapmain', extern_uid: dn })
+                end
+              end
+            end
+
            context "and LDAP user has an account already" do
              let!(:existing_user) { create(:omniauth_user, name: 'John Doe', email: 'john@example.com', extern_uid: dn, provider: 'ldapmain', username: 'john') }

@@ -791,7 +808,7 @@ RSpec.describe Gitlab::Auth::OAuth::User do
    end
  end

-  describe '.find_by_uid_and_provider' do
+  describe '._uid_and_provider' do
    let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }

    it 'normalizes extern_uid' do