Commit 54594ab9 authored by Niko's avatar Niko Committed by Michael Kozono

Lookup for users in LDAP based on their e-mail by their e-mail-address instead of only uid.

parent 1ea531ad
---
title: "Allow OAuth to auto link LDAP users via email address"
merge_request: 33767
author: Niko Wenselowski
type: changed
...@@ -150,6 +150,7 @@ module Gitlab ...@@ -150,6 +150,7 @@ module Gitlab
def find_ldap_person(auth_hash, adapter) def find_ldap_person(auth_hash, adapter)
Gitlab::Auth::Ldap::Person.find_by_uid(auth_hash.uid, adapter) || Gitlab::Auth::Ldap::Person.find_by_uid(auth_hash.uid, adapter) ||
Gitlab::Auth::Ldap::Person.find_by_email(auth_hash.uid, adapter) || Gitlab::Auth::Ldap::Person.find_by_email(auth_hash.uid, adapter) ||
Gitlab::Auth::Ldap::Person.find_by_email(auth_hash.email, adapter) ||
Gitlab::Auth::Ldap::Person.find_by_dn(auth_hash.uid, adapter) Gitlab::Auth::Ldap::Person.find_by_dn(auth_hash.uid, adapter)
rescue Gitlab::Auth::Ldap::LdapConnectionError rescue Gitlab::Auth::Ldap::LdapConnectionError
nil nil
......
...@@ -230,39 +230,56 @@ RSpec.describe Gitlab::Auth::OAuth::User do ...@@ -230,39 +230,56 @@ RSpec.describe Gitlab::Auth::OAuth::User do
end end
context "and no account for the LDAP user" do context "and no account for the LDAP user" do
before do context 'when the LDAP user is found by UID' do
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).and_return(ldap_user) before do
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).and_return(ldap_user)
oauth_user.save oauth_user.save
end end
it "creates a user with dual LDAP and omniauth identities" do it "creates a user with dual LDAP and omniauth identities" do
expect(gl_user).to be_valid expect(gl_user).to be_valid
expect(gl_user.username).to eql uid expect(gl_user.username).to eql uid
expect(gl_user.name).to eql 'John Doe' expect(gl_user.name).to eql 'John Doe'
expect(gl_user.email).to eql 'johndoe@example.com' expect(gl_user.email).to eql 'johndoe@example.com'
expect(gl_user.identities.length).to be 2 expect(gl_user.identities.length).to be 2
identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } } identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } }
expect(identities_as_hash).to match_array( expect(identities_as_hash).to match_array(
[ [
{ provider: 'ldapmain', extern_uid: dn }, { provider: 'ldapmain', extern_uid: dn },
{ provider: 'twitter', extern_uid: uid } { provider: 'twitter', extern_uid: uid }
] ]
) )
end end
it "has name and email set as synced" do it "has name and email set as synced" do
expect(gl_user.user_synced_attributes_metadata.name_synced).to be_truthy expect(gl_user.user_synced_attributes_metadata.name_synced).to be_truthy
expect(gl_user.user_synced_attributes_metadata.email_synced).to be_truthy expect(gl_user.user_synced_attributes_metadata.email_synced).to be_truthy
end end
it "has name and email set as read-only" do
expect(gl_user.read_only_attribute?(:name)).to be_truthy
expect(gl_user.read_only_attribute?(:email)).to be_truthy
end
it "has name and email set as read-only" do it "has synced attributes provider set to ldapmain" do
expect(gl_user.read_only_attribute?(:name)).to be_truthy expect(gl_user.user_synced_attributes_metadata.provider).to eql 'ldapmain'
expect(gl_user.read_only_attribute?(:email)).to be_truthy end
end end
it "has synced attributes provider set to ldapmain" do context 'when the LDAP user is found by email address' do
expect(gl_user.user_synced_attributes_metadata.provider).to eql 'ldapmain' before do
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).and_return(nil)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_email).with(uid, any_args).and_return(nil)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_email).with(info_hash[:email], any_args).and_return(ldap_user)
oauth_user.save
end
it 'creates the LDAP identity' do
identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } }
expect(identities_as_hash).to include({ provider: 'ldapmain', extern_uid: dn })
end
end end
end end
...@@ -791,7 +808,7 @@ RSpec.describe Gitlab::Auth::OAuth::User do ...@@ -791,7 +808,7 @@ RSpec.describe Gitlab::Auth::OAuth::User do
end end
end end
describe '.find_by_uid_and_provider' do describe '._uid_and_provider' do
let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') } let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }
it 'normalizes extern_uid' do it 'normalizes extern_uid' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment