Commit 76ed3182 authored by James Lopez's avatar James Lopez

Merge branch 'zeitwerk-ldap-inflections' into 'master'

Fix inconsistent inflection of Ldap module

See merge request gitlab-org/gitlab!26630
parents 122d26a2 d251aadb
......@@ -307,7 +307,7 @@ class ApplicationController < ActionController::Base
if current_user && current_user.requires_ldap_check?
return unless current_user.try_obtain_ldap_lease
unless Gitlab::Auth::LDAP::Access.allowed?(current_user)
unless Gitlab::Auth::Ldap::Access.allowed?(current_user)
sign_out current_user
flash[:alert] = _("Access denied for your LDAP account.")
redirect_to new_user_session_path
......
......@@ -4,9 +4,9 @@ class Ldap::OmniauthCallbacksController < OmniauthCallbacksController
extend ::Gitlab::Utils::Override
def self.define_providers!
return unless Gitlab::Auth::LDAP::Config.sign_in_enabled?
return unless Gitlab::Auth::Ldap::Config.sign_in_enabled?
Gitlab::Auth::LDAP::Config.available_servers.each do |server|
Gitlab::Auth::Ldap::Config.available_servers.each do |server|
alias_method server['provider_name'], :ldap
end
end
......@@ -14,9 +14,9 @@ class Ldap::OmniauthCallbacksController < OmniauthCallbacksController
# We only find ourselves here
# if the authentication to LDAP was successful.
def ldap
return unless Gitlab::Auth::LDAP::Config.sign_in_enabled?
return unless Gitlab::Auth::Ldap::Config.sign_in_enabled?
sign_in_user_flow(Gitlab::Auth::LDAP::User)
sign_in_user_flow(Gitlab::Auth::Ldap::User)
end
define_providers!
......
......@@ -273,8 +273,8 @@ class SessionsController < Devise::SessionsController
def ldap_servers
@ldap_servers ||= begin
if Gitlab::Auth::LDAP::Config.sign_in_enabled?
Gitlab::Auth::LDAP::Config.available_servers
if Gitlab::Auth::Ldap::Config.sign_in_enabled?
Gitlab::Auth::Ldap::Config.available_servers
else
[]
end
......
......@@ -5,11 +5,11 @@ module AuthHelper
LDAP_PROVIDER = /\Aldap/.freeze
def ldap_enabled?
Gitlab::Auth::LDAP::Config.enabled?
Gitlab::Auth::Ldap::Config.enabled?
end
def ldap_sign_in_enabled?
Gitlab::Auth::LDAP::Config.sign_in_enabled?
Gitlab::Auth::Ldap::Config.sign_in_enabled?
end
def omniauth_enabled?
......
......@@ -25,7 +25,7 @@ class Identity < ApplicationRecord
def self.normalize_uid(provider, uid)
if Gitlab::Auth::OAuth::Provider.ldap_provider?(provider)
Gitlab::Auth::LDAP::Person.normalize_dn(uid)
Gitlab::Auth::Ldap::Person.normalize_dn(uid)
else
uid.to_s
end
......
......@@ -1562,7 +1562,7 @@ class User < ApplicationRecord
def read_only_attribute?(attribute)
if Feature.enabled?(:ldap_readonly_attributes, default_enabled: true)
enabled = Gitlab::Auth::LDAP::Config.enabled?
enabled = Gitlab::Auth::Ldap::Config.enabled?
read_only = attribute.to_sym.in?(UserSyncedAttributesMetadata::SYNCABLE_ATTRIBUTES)
return true if enabled && read_only
......
......@@ -16,7 +16,7 @@
Password authentication enabled for Git over HTTP(S)
.form-text.text-muted
When disabled, a Personal Access Token
- if Gitlab::Auth::LDAP::Config.enabled?
- if Gitlab::Auth::Ldap::Config.enabled?
or LDAP password
must be used to authenticate.
- if omniauth_enabled? && button_based_providers.any?
......
......@@ -226,9 +226,9 @@ Devise.setup do |config|
manager.failure_app = Gitlab::DeviseFailure
end
if Gitlab::Auth::LDAP::Config.enabled?
Gitlab::Auth::LDAP::Config.providers.each do |provider|
ldap_config = Gitlab::Auth::LDAP::Config.new(provider)
if Gitlab::Auth::Ldap::Config.enabled?
Gitlab::Auth::Ldap::Config.providers.each do |provider|
ldap_config = Gitlab::Auth::Ldap::Config.new(provider)
config.omniauth(provider, ldap_config.omniauth_options)
end
end
......
if Gitlab::Auth::LDAP::Config.enabled?
if Gitlab::Auth::Ldap::Config.enabled?
module OmniAuth::Strategies
Gitlab::Auth::LDAP::Config.available_servers.each do |server|
Gitlab::Auth::Ldap::Config.available_servers.each do |server|
# do not redeclare LDAP
next if server['provider_name'] == 'ldap'
......
......@@ -10,9 +10,9 @@ def override_omniauth(provider, controller, path_prefix = '/users/auth')
end
# Use custom controller for LDAP omniauth callback
if Gitlab::Auth::LDAP::Config.sign_in_enabled?
if Gitlab::Auth::Ldap::Config.sign_in_enabled?
devise_scope :user do
Gitlab::Auth::LDAP::Config.available_servers.each do |server|
Gitlab::Auth::Ldap::Config.available_servers.each do |server|
override_omniauth(server['provider_name'], 'ldap/omniauth_callbacks')
end
end
......
......@@ -493,7 +493,7 @@ step of the sync.
1. Run a group sync for this particular group.
```ruby
EE::Gitlab::Auth::LDAP::Sync::Group.execute_all_providers(group)
EE::Gitlab::Auth::Ldap::Sync::Group.execute_all_providers(group)
```
1. Look through the output of the sync. See [example log output](#example-log-output)
......@@ -503,11 +503,11 @@ step of the sync.
run the following query:
```ruby
adapter = Gitlab::Auth::LDAP::Adapter.new('ldapmain') # If `main` is the LDAP provider
ldap_group = EE::Gitlab::Auth::LDAP::Group.find_by_cn('group_cn_here', adapter)
adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain') # If `main` is the LDAP provider
ldap_group = EE::Gitlab::Auth::Ldap::Group.find_by_cn('group_cn_here', adapter)
# Output
=> #<EE::Gitlab::Auth::LDAP::Group:0x007fcbdd0bb6d8
=> #<EE::Gitlab::Auth::Ldap::Group:0x007fcbdd0bb6d8
```
1. Query the LDAP group's member DNs and see if the user's DN is in the list.
......
......@@ -626,7 +626,7 @@ EE::Gitlab::LDAP::Sync::Group.execute_all_providers(group)
# Run a GroupSync for a single group (10.6+)
group = Group.find_by(name: 'my_gitlab_group')
EE::Gitlab::Auth::LDAP::Sync::Group.execute_all_providers(group)
EE::Gitlab::Auth::Ldap::Sync::Group.execute_all_providers(group)
# Query an LDAP group directly (10.6-)
adapter = Gitlab::LDAP::Adapter.new('ldapmain') # If `main` is the LDAP provider
......@@ -635,20 +635,20 @@ ldap_group.member_dns
ldap_group.member_uids
# Query an LDAP group directly (10.6+)
adapter = Gitlab::Auth::LDAP::Adapter.new('ldapmain') # If `main` is the LDAP provider
ldap_group = EE::Gitlab::Auth::LDAP::Group.find_by_cn('group_cn_here', adapter)
adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain') # If `main` is the LDAP provider
ldap_group = EE::Gitlab::Auth::Ldap::Group.find_by_cn('group_cn_here', adapter)
ldap_group.member_dns
ldap_group.member_uids
# Lookup a particular user (10.6+)
# This could expose potential errors connecting to and/or querying LDAP that may seem to
# fail silently in the GitLab UI
adapter = Gitlab::Auth::LDAP::Adapter.new('ldapmain') # If `main` is the LDAP provider
user = Gitlab::Auth::LDAP::Person.find_by_uid('<username>',adapter)
adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain') # If `main` is the LDAP provider
user = Gitlab::Auth::Ldap::Person.find_by_uid('<username>',adapter)
# Query the LDAP server directly (10.6+)
## For an example, see https://gitlab.com/gitlab-org/gitlab/blob/master/ee/lib/ee/gitlab/auth/ldap/adapter.rb
adapter = Gitlab::Auth::LDAP::Adapter.new('ldapmain')
adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain')
options = {
# the :base is required
# use adapter.config.base for the base or .group_base for the group_base
......
......@@ -27,6 +27,6 @@ class Groups::LdapsController < Groups::ApplicationController
private
def check_enabled_extras!
render_404 unless Gitlab::Auth::LDAP::Config.group_sync_enabled?
render_404 unless Gitlab::Auth::Ldap::Config.group_sync_enabled?
end
end
......@@ -13,7 +13,7 @@ class SmartcardController < ApplicationController
end
def ldap_auth
certificate = Gitlab::Auth::Smartcard::LDAPCertificate.new(params[:provider], certificate_header)
certificate = Gitlab::Auth::Smartcard::LdapCertificate.new(params[:provider], certificate_header)
sign_in_with(certificate)
end
......
......@@ -53,7 +53,7 @@ module EE
def smartcard_enabled_for_ldap?(provider_name, required: false)
return false unless smartcard_enabled?
server = ::Gitlab::Auth::LDAP::Config.servers.find do |server|
server = ::Gitlab::Auth::Ldap::Config.servers.find do |server|
server['provider_name'] == provider_name
end
......
......@@ -4,7 +4,7 @@ module EE
module SelectsHelper
def ldap_server_select_options
options_from_collection_for_select(
::Gitlab::Auth::LDAP::Config.available_servers,
::Gitlab::Auth::Ldap::Config.available_servers,
'provider_name',
'label'
)
......
......@@ -31,14 +31,14 @@ class LdapGroupLink < ApplicationRecord
end
def config
Gitlab::Auth::LDAP::Config.new(provider)
rescue Gitlab::Auth::LDAP::Config::InvalidProvider
Gitlab::Auth::Ldap::Config.new(provider)
rescue Gitlab::Auth::Ldap::Config::InvalidProvider
nil
end
# default to the first LDAP server
def provider
read_attribute(:provider) || Gitlab::Auth::LDAP::Config.providers.first
read_attribute(:provider) || Gitlab::Auth::Ldap::Config.providers.first
end
def provider_label
......
- if Gitlab::Auth::LDAP::Config.group_sync_enabled? && can?(current_user, :admin_ldap_group_links, @group)
- if Gitlab::Auth::Ldap::Config.group_sync_enabled? && can?(current_user, :admin_ldap_group_links, @group)
= nav_link(path: 'ldap_group_links#index') do
= link_to group_ldap_group_links_path(@group), title: 'LDAP Group', class: 'qa-ldap-synchronization-link' do
%span
......
- group = local_assigns.fetch(:group)
- return unless Gitlab::Auth::LDAP::Config.group_sync_enabled? && group.ldap_synced?
- return unless Gitlab::Auth::Ldap::Config.group_sync_enabled? && group.ldap_synced?
.card
.card-header Active synchronizations
......
- group = local_assigns.fetch(:group)
- return unless Gitlab::Auth::LDAP::Config.group_sync_enabled? && group.persisted?
- return unless Gitlab::Auth::Ldap::Config.group_sync_enabled? && group.persisted?
%h3.page-title LDAP synchronizations
= render 'ldap_group_links/form', group: group
......
......@@ -11,10 +11,10 @@ class LdapAllGroupsSyncWorker # rubocop:disable Scalability/IdempotentWorker
worker_has_external_dependencies!
def perform
return unless Gitlab::Auth::LDAP::Config.group_sync_enabled?
return unless Gitlab::Auth::Ldap::Config.group_sync_enabled?
logger.info 'Started LDAP group sync'
EE::Gitlab::Auth::LDAP::Sync::Groups.execute
EE::Gitlab::Auth::Ldap::Sync::Groups.execute
logger.info 'Finished LDAP group sync'
end
end
......@@ -9,12 +9,12 @@ class LdapGroupSyncWorker # rubocop:disable Scalability/IdempotentWorker
# rubocop: disable CodeReuse/ActiveRecord
def perform(group_ids, provider = nil)
return unless Gitlab::Auth::LDAP::Config.group_sync_enabled?
return unless Gitlab::Auth::Ldap::Config.group_sync_enabled?
groups = Group.where(id: Array(group_ids))
if provider
EE::Gitlab::Auth::LDAP::Sync::Proxy.open(provider) do |proxy|
EE::Gitlab::Auth::Ldap::Sync::Proxy.open(provider) do |proxy|
sync_groups(groups, proxy: proxy)
end
else
......@@ -31,9 +31,9 @@ class LdapGroupSyncWorker # rubocop:disable Scalability/IdempotentWorker
logger.info "Started LDAP group sync for group #{group.name} (#{group.id})"
if proxy
EE::Gitlab::Auth::LDAP::Sync::Group.execute(group, proxy)
EE::Gitlab::Auth::Ldap::Sync::Group.execute(group, proxy)
else
EE::Gitlab::Auth::LDAP::Sync::Group.execute_all_providers(group)
EE::Gitlab::Auth::Ldap::Sync::Group.execute_all_providers(group)
end
logger.info "Finished LDAP group sync for group #{group.name} (#{group.id})"
......
......@@ -10,14 +10,14 @@ class LdapSyncWorker # rubocop:disable Scalability/IdempotentWorker
# rubocop: disable CodeReuse/ActiveRecord
# rubocop: disable Gitlab/RailsLogger
def perform
return unless Gitlab::Auth::LDAP::Config.group_sync_enabled?
return unless Gitlab::Auth::Ldap::Config.group_sync_enabled?
Rails.logger.info "Performing daily LDAP sync task."
User.ldap.find_each(batch_size: 100).each do |ldap_user|
Rails.logger.debug "Syncing user #{ldap_user.username}, #{ldap_user.email}"
# Use the 'update_ldap_group_links_synchronously' option to avoid creating a ton
# of new Sidekiq jobs all at once.
Gitlab::Auth::LDAP::Access.allowed?(ldap_user, update_ldap_group_links_synchronously: true)
Gitlab::Auth::Ldap::Access.allowed?(ldap_user, update_ldap_group_links_synchronously: true)
end
end
# rubocop: enable CodeReuse/ActiveRecord
......
......@@ -12,7 +12,7 @@ module API
helpers do
def get_group_list(provider, search)
search = Net::LDAP::Filter.escape(search)
Gitlab::Auth::LDAP::Adapter.new(provider).groups("#{search}*", 20)
Gitlab::Auth::Ldap::Adapter.new(provider).groups("#{search}*", 20)
end
params :search_params do
......@@ -27,7 +27,7 @@ module API
use :search_params
end
get 'groups' do
provider = Gitlab::Auth::LDAP::Config.available_servers.first['provider_name']
provider = Gitlab::Auth::Ldap::Config.available_servers.first['provider_name']
groups = get_group_list(provider, params[:search])
present groups, with: EE::API::Entities::LdapGroup
end
......
......@@ -74,7 +74,7 @@ module EE
resource :groups, requirements: ::API::API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
desc 'Sync a group with LDAP.'
post ":id/ldap_sync" do
not_found! unless ::Gitlab::Auth::LDAP::Config.group_sync_enabled?
not_found! unless ::Gitlab::Auth::Ldap::Config.group_sync_enabled?
group = find_group!(params[:id])
authorize! :admin_group, group
......
......@@ -3,7 +3,7 @@
module EE
module Gitlab
module Auth
module LDAP
module Ldap
module Access
extend ActiveSupport::Concern
extend ::Gitlab::Utils::Override
......@@ -27,7 +27,7 @@ module EE
return found_user if found_user
if ldap_identity
::Gitlab::Auth::LDAP::Person.find_by_email(user.email, adapter)
::Gitlab::Auth::Ldap::Person.find_by_email(user.email, adapter)
end
end
......
......@@ -3,7 +3,7 @@
module EE
module Gitlab
module Auth
module LDAP
module Ldap
# Create a hash map of member DNs to access levels. The highest
# access level is retained in cases where `set` is called multiple times
# for the same DN.
......
......@@ -3,11 +3,11 @@
# LDAP connection adapter EE mixin
#
# This module is intended to encapsulate EE-specific adapter methods
# and be **prepended** in the `Gitlab::Auth::LDAP::Adapter` class.
# and be **prepended** in the `Gitlab::Auth::Ldap::Adapter` class.
module EE
module Gitlab
module Auth
module LDAP
module Ldap
module Adapter
# Get LDAP groups from ou=Groups
#
......@@ -26,7 +26,7 @@ module EE
options[:size] = size if size
ldap_search(options).map do |entry|
LDAP::Group.new(entry, self)
Ldap::Group.new(entry, self)
end
end
......@@ -52,7 +52,7 @@ module EE
}
ldap_search(options).map do |entry|
LDAP::Group.new(entry, self)
Ldap::Group.new(entry, self)
end
end
......@@ -72,7 +72,7 @@ module EE
def user_options_for_cert(certificate_assertion)
options = {
attributes: ::Gitlab::Auth::LDAP::Person.ldap_attributes(config),
attributes: ::Gitlab::Auth::Ldap::Person.ldap_attributes(config),
base: config.base
}
......
......@@ -3,7 +3,7 @@
module EE
module Gitlab
module Auth
module LDAP
module Ldap
module Config
extend ActiveSupport::Concern
......
......@@ -3,7 +3,7 @@
module EE
module Gitlab
module Auth
module LDAP
module Ldap
class Group
attr_accessor :adapter
attr_reader :entry
......@@ -43,7 +43,7 @@ module EE
def member_uids
@member_uids ||= entry.memberuid.map do |uid|
::Gitlab::Auth::LDAP::Person.normalize_uid(uid)
::Gitlab::Auth::Ldap::Person.normalize_uid(uid)
end
end
......@@ -157,22 +157,22 @@ module EE
# the user DN match, profit!
def members_within_base(members)
begin
base = ::Gitlab::Auth::LDAP::DN.new(adapter.config.base).to_a
rescue ::Gitlab::Auth::LDAP::DN::FormatError => e
base = ::Gitlab::Auth::Ldap::DN.new(adapter.config.base).to_a
rescue ::Gitlab::Auth::Ldap::DN::FormatError => e
Rails.logger.error "Configured LDAP `base` is invalid: '#{adapter.config.base}'. Error: \"#{e.message}\"" # rubocop:disable Gitlab/RailsLogger
return []
end
members.select do |dn|
::Gitlab::Auth::LDAP::DN.new(dn).to_a.last(base.length) == base
rescue ::Gitlab::Auth::LDAP::DN::FormatError => e
::Gitlab::Auth::Ldap::DN.new(dn).to_a.last(base.length) == base
rescue ::Gitlab::Auth::Ldap::DN::FormatError => e
Rails.logger.warn "Received invalid member DN from LDAP group '#{cn}': '#{dn}'. Error: \"#{e.message}\". Skipping" # rubocop:disable Gitlab/RailsLogger
end
end
def normalize_dns(dns)
dns.map do |dn|
::Gitlab::Auth::LDAP::Person.normalize_dn(dn)
::Gitlab::Auth::Ldap::Person.normalize_dn(dn)
end
end
......
......@@ -5,7 +5,7 @@ require 'net/ldap/dn'
module EE
module Gitlab
module Auth
module LDAP
module Ldap
module Person
extend ActiveSupport::Concern
......@@ -42,7 +42,7 @@ module EE
# LDAP DN and constructs a domain name from them
def domain_from_dn(dn)
dn_components = []
::Gitlab::Auth::LDAP::DN.new(dn).each_pair { |name, value| dn_components << { name: name, value: value } }
::Gitlab::Auth::Ldap::DN.new(dn).each_pair { |name, value| dn_components << { name: name, value: value } }
dn_components
.reverse
.take_while { |rdn| rdn[:name].casecmp('DC').zero? } # Domain Component
......
......@@ -3,7 +3,7 @@
module EE
module Gitlab
module Auth
module LDAP
module Ldap
module Sync
class AdminUsers < Sync::Users
private
......
......@@ -3,7 +3,7 @@
module EE
module Gitlab
module Auth
module LDAP
module Ldap
module Sync
class ExternalUsers < Sync::Users
private
......
......@@ -3,7 +3,7 @@
module EE
module Gitlab
module Auth
module LDAP
module Ldap
module Sync
class Group
attr_reader :provider, :group, :proxy
......@@ -21,7 +21,7 @@ module EE
# and only the first provider or two get synced. This shuffles the order
# so subsequent syncs should eventually get to all providers. Obviously
# we should avoid failure, but this is an additional safeguard.
::Gitlab::Auth::LDAP::Config.providers.shuffle.each do |provider|
::Gitlab::Auth::Ldap::Config.providers.shuffle.each do |provider|
Sync::Proxy.open(provider) do |proxy|
new(group, proxy).update_permissions
end
......@@ -29,7 +29,7 @@ module EE
group.finish_ldap_sync
Rails.logger.debug { "Finished syncing all providers for '#{group.name}' group" } # rubocop:disable Gitlab/RailsLogger
rescue ::Gitlab::Auth::LDAP::LDAPConnectionError
rescue ::Gitlab::Auth::Ldap::LdapConnectionError
Rails.logger.warn("Error syncing all providers for '#{group.name}' group") # rubocop:disable Gitlab/RailsLogger
group.fail_ldap_sync
end
......@@ -48,7 +48,7 @@ module EE
group.finish_ldap_sync
Rails.logger.debug { "Finished syncing '#{proxy.provider}' provider for '#{group.name}' group" } # rubocop:disable Gitlab/RailsLogger
rescue ::Gitlab::Auth::LDAP::LDAPConnectionError
rescue ::Gitlab::Auth::Ldap::LdapConnectionError
Rails.logger.warn("Error syncing '#{proxy.provider}' provider for '#{group.name}' group") # rubocop:disable Gitlab/RailsLogger
group.fail_ldap_sync
end
......@@ -174,7 +174,7 @@ module EE
def update_existing_group_membership(group, access_levels)
logger.debug { "Updating existing membership for '#{group.name}' group" }
multiple_ldap_providers = ::Gitlab::Auth::LDAP::Config.providers.count > 1
multiple_ldap_providers = ::Gitlab::Auth::Ldap::Config.providers.count > 1
existing_members = select_and_preload_group_members(group)
# For each existing group member, we'll need to look up its LDAP identity in the current LDAP provider.
# It is much faster to resolve these at once than later for each member one by one.
......
......@@ -3,7 +3,7 @@
module EE
module Gitlab
module Auth
module LDAP
module Ldap
module Sync
class Groups
attr_reader :provider, :proxy
......@@ -13,7 +13,7 @@ module EE
# and only the first provider or two get synced. This shuffles the order
# so subsequent syncs should eventually get to all providers. Obviously
# we should avoid failure, but this is an additional safeguard.
::Gitlab::Auth::LDAP::Config.providers.shuffle.each do |provider|
::Gitlab::Auth::Ldap::Config.providers.shuffle.each do |provider|
Sync::Proxy.open(provider) do |proxy|
group_sync = self.new(proxy)
group_sync.update_permissions
......
......@@ -5,7 +5,7 @@ require 'net/ldap/dn'
module EE
module Gitlab
module Auth
module LDAP
module Ldap
module Sync
class Proxy
attr_reader :provider, :adapter
......@@ -13,7 +13,7 @@ module EE
# Open a connection and run all queries through it.
# It's more efficient than the default of opening/closing per LDAP query.
def self.open(provider, &block)
::Gitlab::Auth::LDAP::Adapter.open(provider) do |adapter|
::Gitlab::Auth::Ldap::Adapter.open(provider) do |adapter|
block.call(self.new(provider, adapter))
end
end
......@@ -43,7 +43,7 @@ module EE
private
def ldap_group_member_dns(ldap_group_cn)
ldap_group = LDAP::Group.find_by_cn(ldap_group_cn, adapter)
ldap_group = Ldap::Group.find_by_cn(ldap_group_cn, adapter)
unless ldap_group.present?
logger.warn { "Cannot find LDAP group with CN '#{ldap_group_cn}'. Skipping" }
return []
......@@ -77,9 +77,9 @@ module EE
def ensure_full_dns!(dns)
dns.map! do |dn|
begin
dn_obj = ::Gitlab::Auth::LDAP::DN.new(dn)
dn_obj = ::Gitlab::Auth::Ldap::DN.new(dn)
parsed_dn = dn_obj.to_a
rescue ::Gitlab::Auth::LDAP::DN::FormatError => e
rescue ::Gitlab::Auth::Ldap::DN::FormatError => e
logger.error { "Found malformed DN: '#{dn}'. Skipping. Error: \"#{e.message}\"" }
next
end
......@@ -124,7 +124,7 @@ module EE
# Use the DN on record in GitLab when it's available
identity.extern_uid
else
ldap_user = ::Gitlab::Auth::LDAP::Person.find_by_uid(uid, adapter)
ldap_user = ::Gitlab::Auth::Ldap::Person.find_by_uid(uid, adapter)
# Can't find a matching user
return unless ldap_user.present?
......
......@@ -3,7 +3,7 @@
module EE
module Gitlab
module Auth
module LDAP
module Ldap
module Sync
class Users
attr_reader :provider, :proxy
......@@ -38,7 +38,7 @@ module EE
end
true
rescue ::Gitlab::Auth::LDAP::LDAPConnectionError
rescue ::Gitlab::Auth::Ldap::LdapConnectionError
Rails.logger.warn("Error syncing #{attribute} users for provider '#{provider}'. LDAP connection Error") # rubocop:disable Gitlab/RailsLogger
false
......@@ -56,7 +56,7 @@ module EE
end
def update_user_by_dn(member_dn)
user = ::Gitlab::Auth::LDAP::User.find_by_uid_and_provider(member_dn, provider)
user = ::Gitlab::Auth::Ldap::User.find_by_uid_and_provider(member_dn, provider)
if user.present?
user[attribute] = true
......
......@@ -3,11 +3,11 @@
# LDAP User EE mixin
#
# This module is intended to encapsulate EE-specific User methods
# and be **prepended** in the `Gitlab::Auth::LDAP::User` class.
# and be **prepended** in the `Gitlab::Auth::Ldap::User` class.
module EE
module Gitlab
module Auth
module LDAP
module Ldap
module User
def initialize(auth_hash)
super
......@@ -43,7 +43,7 @@ module EE
end
def with_proxy(&block)
::EE::Gitlab::Auth::LDAP::Sync::Proxy.open(auth_hash.provider, &block)
::EE::Gitlab::Auth::Ldap::Sync::Proxy.open(auth_hash.provider, &block)
end
end
end
......
......@@ -9,7 +9,7 @@ module EE
def find_ldap_person(auth_hash, adapter)
if auth_hash.provider == 'kerberos'
::Gitlab::Auth::LDAP::Person.find_by_kerberos_principal(auth_hash.uid, adapter)
::Gitlab::Auth::Ldap::Person.find_by_kerberos_principal(auth_hash.uid, adapter)
else
super
end
......
......@@ -3,7 +3,7 @@
module Gitlab
module Auth
module Smartcard
class LDAPCertificate < Gitlab::Auth::Smartcard::Base
class LdapCertificate < Gitlab::Auth::Smartcard::Base
def initialize(provider, certificate)
super(certificate)
......@@ -51,11 +51,11 @@ module Gitlab
end
def adapter
@adapter ||= Gitlab::Auth::LDAP::Adapter.new(@provider)
@adapter ||= Gitlab::Auth::Ldap::Adapter.new(@provider)
end
def ldap_user
@ldap_user ||= ::Gitlab::Auth::LDAP::Person.find_by_certificate_issuer_and_serial(
@ldap_user ||= ::Gitlab::Auth::Ldap::Person.find_by_certificate_issuer_and_serial(
@certificate.issuer.to_s(OpenSSL::X509::Name::RFC2253),
@certificate.serial.to_s,
adapter)
......
......@@ -2,7 +2,7 @@ namespace :gitlab do
namespace :ldap do
desc 'GitLab | LDAP | Run a GroupSync'
task group_sync: :gitlab_environment do
unless Gitlab::Auth::LDAP::Config.group_sync_enabled?
unless Gitlab::Auth::Ldap::Config.group_sync_enabled?
$stdout.puts 'LDAP GroupSync is not enabled.'
exit 1
end
......@@ -10,7 +10,7 @@ namespace :gitlab do
$stdout.puts 'LDAP GroupSync is enabled.'
$stdout.puts 'Starting GroupSync...'
EE::Gitlab::Auth::LDAP::Sync::Groups.execute
EE::Gitlab::Auth::Ldap::Sync::Groups.execute
$stdout.puts 'Finished GroupSync.'
end
end
......
desc "GitLab | Migrate provider names to multiple LDAP setup"
namespace :gitlab do
task migrate_ldap_providers: :environment do
config = Gitlab::Auth::LDAP::Config
config = Gitlab::Auth::Ldap::Config
raise 'No LDAP server hash defined. See config/gitlab.yml.example for an example' unless config.servers.any?
provider = config.servers.first['provider_name']
......
......@@ -198,7 +198,7 @@ describe 'Admin updates EE-only settings' do
describe 'LDAP settings' do
before do
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(ldap_setting)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(ldap_setting)
visit general_admin_application_settings_path
end
......
......@@ -19,7 +19,7 @@ describe 'Edit group settings' do
context 'with LDAP enabled' do
before do
allow_any_instance_of(EE::Group).to receive(:ldap_synced?).and_return(true)
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
end
it 'is able to navigate to LDAP group section' do
......
......@@ -99,7 +99,7 @@ describe 'Login' do
stub_licensed_features(smartcard_auth: true)
stub_ldap_setting(enabled: true)
allow(Gitlab.config.smartcard).to receive(:enabled).and_return(true)
allow(::Gitlab::Auth::LDAP::Config).to receive_messages(enabled: true, servers: [ldap_server_config])
allow(::Gitlab::Auth::Ldap::Config).to receive_messages(enabled: true, servers: [ldap_server_config])
allow_any_instance_of(ActionDispatch::Routing::RoutesProxy)
.to receive(:user_ldapmain_omniauth_callback_path)
.and_return('/users/auth/ldapmain/callback')
......
......@@ -44,7 +44,7 @@ describe EE::AuthHelper do
before do
allow(::Gitlab::Auth::Smartcard).to receive(:enabled?).and_return(true)
allow(::Gitlab::Auth::LDAP::Config).to receive(:servers).and_return([ldap_server_config])
allow(::Gitlab::Auth::Ldap::Config).to receive(:servers).and_return([ldap_server_config])
end
context 'LDAP server with optional smartcard auth' do
......@@ -109,7 +109,7 @@ describe EE::AuthHelper do
before do
allow(::Gitlab::Auth::Smartcard).to receive(:enabled?).and_return(true)
allow(::Gitlab::Auth::LDAP::Config).to receive(:servers).and_return([ldap_server_config])
allow(::Gitlab::Auth::Ldap::Config).to receive(:servers).and_return([ldap_server_config])
end
context 'when smartcard auth is optional' do
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe EE::Gitlab::Auth::LDAP::AccessLevels do
describe EE::Gitlab::Auth::Ldap::AccessLevels do
describe '#set' do
let(:access_levels) { described_class.new }
let(:dns) do
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe EE::Gitlab::Auth::LDAP::Group do
describe EE::Gitlab::Auth::Ldap::Group do
include LdapHelpers
before do
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe EE::Gitlab::Auth::LDAP::Sync::AdminUsers do
describe EE::Gitlab::Auth::Ldap::Sync::AdminUsers do
include LdapHelpers
let(:adapter) { ldap_adapter }
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe EE::Gitlab::Auth::LDAP::Sync::ExternalUsers do
describe EE::Gitlab::Auth::Ldap::Sync::ExternalUsers do
include LdapHelpers
describe '#update_permissions' do
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe EE::Gitlab::Auth::LDAP::Sync::Group do
describe EE::Gitlab::Auth::Ldap::Sync::Group do
include LdapHelpers
let(:adapter) { ldap_adapter }
......@@ -91,7 +91,7 @@ describe EE::Gitlab::Auth::LDAP::Sync::Group do
adapter = ldap_adapter('ldapmain')
proxy = proxy(adapter, 'ldapmain')
allow(EE::Gitlab::Auth::LDAP::Sync::Proxy).to receive(:open).and_yield(proxy)
allow(EE::Gitlab::Auth::Ldap::Sync::Proxy).to receive(:open).and_yield(proxy)
end
let(:group) do
......@@ -497,7 +497,7 @@ describe EE::Gitlab::Auth::LDAP::Sync::Group do
it 'does not update permissions when group base is missing' do
stub_ldap_config(group_base: nil)
expect_any_instance_of(EE::Gitlab::Auth::LDAP::Sync::Proxy).not_to receive(:dns_for_group_cn)
expect_any_instance_of(EE::Gitlab::Auth::Ldap::Sync::Proxy).not_to receive(:dns_for_group_cn)
sync_group.update_permissions
end
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe EE::Gitlab::Auth::LDAP::Sync::Groups do
describe EE::Gitlab::Auth::Ldap::Sync::Groups do
include LdapHelpers
let(:adapter) { ldap_adapter }
......@@ -10,9 +10,9 @@ describe EE::Gitlab::Auth::LDAP::Sync::Groups do
describe '#update_permissions' do
before do
allow(EE::Gitlab::Auth::LDAP::Sync::Group).to receive(:execute)
allow(EE::Gitlab::Auth::LDAP::Sync::AdminUsers).to receive(:execute)
allow(EE::Gitlab::Auth::LDAP::Sync::ExternalUsers).to receive(:execute)
allow(EE::Gitlab::Auth::Ldap::Sync::Group).to receive(:execute)
allow(EE::Gitlab::Auth::Ldap::Sync::AdminUsers).to receive(:execute)
allow(EE::Gitlab::Auth::Ldap::Sync::ExternalUsers).to receive(:execute)
create_list(:group_with_ldap_group_link, 2)
end
......@@ -26,12 +26,12 @@ describe EE::Gitlab::Auth::LDAP::Sync::Groups do
stub_ldap_config(group_base: nil)
end
it 'does not call EE::Gitlab::Auth::LDAP::Sync::AdminUsers#execute' do
expect(EE::Gitlab::Auth::LDAP::Sync::AdminUsers).not_to receive(:execute)
it 'does not call EE::Gitlab::Auth::Ldap::Sync::AdminUsers#execute' do
expect(EE::Gitlab::Auth::Ldap::Sync::AdminUsers).not_to receive(:execute)
end
it 'does not call EE::Gitlab::Auth::LDAP::Sync::ExternalUsers#execute' do
expect(EE::Gitlab::Auth::LDAP::Sync::ExternalUsers).not_to receive(:execute)
it 'does not call EE::Gitlab::Auth::Ldap::Sync::ExternalUsers#execute' do
expect(EE::Gitlab::Auth::Ldap::Sync::ExternalUsers).not_to receive(:execute)
end
end
......@@ -41,16 +41,16 @@ describe EE::Gitlab::Auth::LDAP::Sync::Groups do
stub_ldap_config(group_base: 'dc=example,dc=com')
end
it 'calls EE::Gitlab::Auth::LDAP::Sync::Group#execute' do
expect(EE::Gitlab::Auth::LDAP::Sync::Group).to receive(:execute).twice
it 'calls EE::Gitlab::Auth::Ldap::Sync::Group#execute' do
expect(EE::Gitlab::Auth::Ldap::Sync::Group).to receive(:execute).twice
end
it 'does not call EE::Gitlab::Auth::LDAP::Sync::AdminUsers#execute' do
expect(EE::Gitlab::Auth::LDAP::Sync::AdminUsers).not_to receive(:execute)
it 'does not call EE::Gitlab::Auth::Ldap::Sync::AdminUsers#execute' do
expect(EE::Gitlab::Auth::Ldap::Sync::AdminUsers).not_to receive(:execute)
end
it 'does not call EE::Gitlab::Auth::LDAP::Sync::ExternalUsers#execute' do
expect(EE::Gitlab::Auth::LDAP::Sync::ExternalUsers).not_to receive(:execute)
it 'does not call EE::Gitlab::Auth::Ldap::Sync::ExternalUsers#execute' do
expect(EE::Gitlab::Auth::Ldap::Sync::ExternalUsers).not_to receive(:execute)
end
end
......@@ -62,16 +62,16 @@ describe EE::Gitlab::Auth::LDAP::Sync::Groups do
)
end
it 'calls EE::Gitlab::Auth::LDAP::Sync::Group#execute' do
expect(EE::Gitlab::Auth::LDAP::Sync::Group).to receive(:execute).twice
it 'calls EE::Gitlab::Auth::Ldap::Sync::Group#execute' do
expect(EE::Gitlab::Auth::Ldap::Sync::Group).to receive(:execute).twice
end
it 'does not call EE::Gitlab::Auth::LDAP::Sync::AdminUsers#execute' do
expect(EE::Gitlab::Auth::LDAP::Sync::AdminUsers).to receive(:execute).once
it 'does not call EE::Gitlab::Auth::Ldap::Sync::AdminUsers#execute' do
expect(EE::Gitlab::Auth::Ldap::Sync::AdminUsers).to receive(:execute).once
end
it 'does not call EE::Gitlab::Auth::LDAP::Sync::ExternalUsers#execute' do
expect(EE::Gitlab::Auth::LDAP::Sync::ExternalUsers).not_to receive(:execute)
it 'does not call EE::Gitlab::Auth::Ldap::Sync::ExternalUsers#execute' do
expect(EE::Gitlab::Auth::Ldap::Sync::ExternalUsers).not_to receive(:execute)
end
end
......@@ -83,16 +83,16 @@ describe EE::Gitlab::Auth::LDAP::Sync::Groups do
)
end
it 'calls EE::Gitlab::Auth::LDAP::Sync::Group#execute' do
expect(EE::Gitlab::Auth::LDAP::Sync::Group).to receive(:execute).twice
it 'calls EE::Gitlab::Auth::Ldap::Sync::Group#execute' do
expect(EE::Gitlab::Auth::Ldap::Sync::Group).to receive(:execute).twice
end
it 'does not call EE::Gitlab::Auth::LDAP::Sync::AdminUsers#execute' do
expect(EE::Gitlab::Auth::LDAP::Sync::AdminUsers).not_to receive(:execute)
it 'does not call EE::Gitlab::Auth::Ldap::Sync::AdminUsers#execute' do
expect(EE::Gitlab::Auth::Ldap::Sync::AdminUsers).not_to receive(:execute)
end
it 'does not call EE::Gitlab::Auth::LDAP::Sync::ExternalUsers#execute' do
expect(EE::Gitlab::Auth::LDAP::Sync::ExternalUsers).to receive(:execute).once
it 'does not call EE::Gitlab::Auth::Ldap::Sync::ExternalUsers#execute' do
expect(EE::Gitlab::Auth::Ldap::Sync::ExternalUsers).to receive(:execute).once
end
end
end
......
......@@ -3,7 +3,7 @@
require 'spec_helper'
require 'net/ldap/dn'
describe EE::Gitlab::Auth::LDAP::Sync::Proxy do
describe EE::Gitlab::Auth::Ldap::Sync::Proxy do
include LdapHelpers
let(:adapter) { ldap_adapter }
......@@ -66,7 +66,7 @@ describe EE::Gitlab::Auth::LDAP::Sync::Proxy do
sync_proxy.dns_for_group_cn('ldap_group1')
expect(sync_proxy).not_to receive(:ldap_group_member_dns)
expect(EE::Gitlab::Auth::LDAP::Group).not_to receive(:find_by_cn)
expect(EE::Gitlab::Auth::Ldap::Group).not_to receive(:find_by_cn)
sync_proxy.dns_for_group_cn('ldap_group1')
end
......@@ -119,7 +119,7 @@ describe EE::Gitlab::Auth::LDAP::Sync::Proxy do
end
it 'raises exception' do
expect { sync_proxy.dns_for_group_cn('ldap_group1') }.to raise_error(::Gitlab::Auth::LDAP::LDAPConnectionError)
expect { sync_proxy.dns_for_group_cn('ldap_group1') }.to raise_error(::Gitlab::Auth::Ldap::LdapConnectionError)
end
end
end
......@@ -143,7 +143,7 @@ describe EE::Gitlab::Auth::LDAP::Sync::Proxy do
end
it 'retrieves the user from LDAP' do
expect(::Gitlab::Auth::LDAP::Person).to receive(:find_by_uid)
expect(::Gitlab::Auth::Ldap::Person).to receive(:find_by_uid)
sync_proxy.dn_for_uid('jane_doe')
end
......@@ -153,7 +153,7 @@ describe EE::Gitlab::Auth::LDAP::Sync::Proxy do
expect(sync_proxy).not_to receive(:member_uid_to_dn)
expect(Identity).not_to receive(:find_by)
expect(::Gitlab::Auth::LDAP::Person).not_to receive(:find_by_uid)
expect(::Gitlab::Auth::Ldap::Person).not_to receive(:find_by_uid)
sync_proxy.dn_for_uid('jane_doe')
end
......@@ -197,7 +197,7 @@ describe EE::Gitlab::Auth::LDAP::Sync::Proxy do
end
it 'does not query LDAP' do
expect(::Gitlab::Auth::LDAP::Person).not_to receive(:find_by_uid)
expect(::Gitlab::Auth::Ldap::Person).not_to receive(:find_by_uid)
end
it 'retrieves the DN from the identity' do
......@@ -214,7 +214,7 @@ describe EE::Gitlab::Auth::LDAP::Sync::Proxy do
end
it 'raises exception' do
expect { sync_proxy.dns_for_group_cn('ldap_group1') }.to raise_error(::Gitlab::Auth::LDAP::LDAPConnectionError)
expect { sync_proxy.dns_for_group_cn('ldap_group1') }.to raise_error(::Gitlab::Auth::Ldap::LdapConnectionError)
end
end
end
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe Gitlab::Auth::LDAP::Access do
describe Gitlab::Auth::Ldap::Access do
include LdapHelpers
let(:user) { create(:omniauth_user) }
......@@ -13,15 +13,15 @@ describe Gitlab::Auth::LDAP::Access do
describe '#allowed?' do
context 'LDAP user' do
it 'finds a user by dn first' do
expect(Gitlab::Auth::LDAP::Person).to receive(:find_by_dn).and_return(:ldap_user)
expect(Gitlab::Auth::LDAP::Person).not_to receive(:find_by_email)
expect(Gitlab::Auth::Ldap::Person).to receive(:find_by_dn).and_return(:ldap_user)
expect(Gitlab::Auth::Ldap::Person).not_to receive(:find_by_email)
access.allowed?
end
it 'finds a user by email if not found by dn' do
expect(Gitlab::Auth::LDAP::Person).to receive(:find_by_dn).and_return(nil)
expect(Gitlab::Auth::LDAP::Person).to receive(:find_by_email)
expect(Gitlab::Auth::Ldap::Person).to receive(:find_by_dn).and_return(nil)
expect(Gitlab::Auth::Ldap::Person).to receive(:find_by_email)
access.allowed?
end
......@@ -35,12 +35,12 @@ describe Gitlab::Auth::LDAP::Access do
context 'when exists in LDAP/AD' do
before do
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_dn).and_return(user)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_dn).and_return(user)
end
context 'user blocked in LDAP/AD' do
before do
allow(Gitlab::Auth::LDAP::Person).to receive(:disabled_via_active_directory?).and_return(true)
allow(Gitlab::Auth::Ldap::Person).to receive(:disabled_via_active_directory?).and_return(true)
end
it 'blocks user in GitLab' do
......@@ -65,7 +65,7 @@ describe Gitlab::Auth::LDAP::Access do
context 'user unblocked in LDAP/AD' do
before do
user.update_column(:state, :ldap_blocked)
allow(Gitlab::Auth::LDAP::Person).to receive(:disabled_via_active_directory?).and_return(false)
allow(Gitlab::Auth::Ldap::Person).to receive(:disabled_via_active_directory?).and_return(false)
end
it 'unblocks user in GitLab' do
......@@ -327,14 +327,14 @@ describe Gitlab::Auth::LDAP::Access do
end
it 'adds a Kerberos identity if it is in Active Directory but not in GitLab' do
allow_any_instance_of(EE::Gitlab::Auth::LDAP::Person).to receive_messages(kerberos_principal: 'mylogin@FOO.COM')
allow_any_instance_of(EE::Gitlab::Auth::Ldap::Person).to receive_messages(kerberos_principal: 'mylogin@FOO.COM')
expect { access.update_user }.to change(user.identities.where(provider: :kerberos), :count).from(0).to(1)
expect(user.identities.where(provider: 'kerberos').last.extern_uid).to eq('mylogin@FOO.COM')
end
it 'updates existing Kerberos identity in GitLab if Active Directory has a different one' do
allow_any_instance_of(EE::Gitlab::Auth::LDAP::Person).to receive_messages(kerberos_principal: 'otherlogin@BAR.COM')
allow_any_instance_of(EE::Gitlab::Auth::Ldap::Person).to receive_messages(kerberos_principal: 'otherlogin@BAR.COM')
user.identities.build(provider: 'kerberos', extern_uid: 'mylogin@FOO.COM').save
expect { access.update_user }.not_to change(user.identities.where(provider: 'kerberos'), :count)
......@@ -342,7 +342,7 @@ describe Gitlab::Auth::LDAP::Access do
end
it 'does not remove Kerberos identities from GitLab if they are none in the LDAP provider' do
allow_any_instance_of(EE::Gitlab::Auth::LDAP::Person).to receive_messages(kerberos_principal: nil)
allow_any_instance_of(EE::Gitlab::Auth::Ldap::Person).to receive_messages(kerberos_principal: nil)
user.identities.build(provider: 'kerberos', extern_uid: 'otherlogin@BAR.COM').save
expect { access.update_user }.not_to change(user.identities.where(provider: 'kerberos'), :count)
......@@ -350,14 +350,14 @@ describe Gitlab::Auth::LDAP::Access do
end
it 'does not modify identities in GitLab if they are no kerberos principal in the LDAP provider' do
allow_any_instance_of(EE::Gitlab::Auth::LDAP::Person).to receive_messages(kerberos_principal: nil)
allow_any_instance_of(EE::Gitlab::Auth::Ldap::Person).to receive_messages(kerberos_principal: nil)
expect { access.update_user }.not_to change(user.identities, :count)
end
it 'does not add a Kerberos identity when in a read-only GitLab instance' do
allow(Gitlab::Database).to receive(:read_only?).and_return(true)
allow_any_instance_of(EE::Gitlab::Auth::LDAP::Person).to receive_messages(kerberos_principal: 'mylogin@FOO.COM')
allow_any_instance_of(EE::Gitlab::Auth::Ldap::Person).to receive_messages(kerberos_principal: 'mylogin@FOO.COM')
expect { access.update_user }.not_to change(user.identities.where(provider: :kerberos), :count)
end
......
......@@ -2,13 +2,13 @@
require 'spec_helper'
describe Gitlab::Auth::LDAP::Adapter do
describe Gitlab::Auth::Ldap::Adapter do
include LdapHelpers
let(:adapter) { ldap_adapter('ldapmain') }
it 'includes the EE module' do
expect(described_class).to include_module(EE::Gitlab::Auth::LDAP::Adapter)
expect(described_class).to include_module(EE::Gitlab::Auth::Ldap::Adapter)
end
describe '#groups' do
......@@ -36,7 +36,7 @@ describe Gitlab::Auth::LDAP::Adapter do
results = adapter.groups('group1')
expect(results.first).to be_a(EE::Gitlab::Auth::LDAP::Group)
expect(results.first).to be_a(EE::Gitlab::Auth::Ldap::Group)
expect(results.first.cn).to eq('group1')
expect(results.first.member_dns).to match_array(%w(uid=john uid=mary))
end
......@@ -77,7 +77,7 @@ describe Gitlab::Auth::LDAP::Adapter do
end
it 'returns a person object' do
expect(subject).to be_a(::EE::Gitlab::Auth::LDAP::Person)
expect(subject).to be_a(::EE::Gitlab::Auth::Ldap::Person)
end
it 'returns correct attributes' do
......
......@@ -2,13 +2,13 @@
require 'spec_helper'
describe Gitlab::Auth::LDAP::Person do
describe Gitlab::Auth::Ldap::Person do
include LdapHelpers
let(:entry) { ldap_user_entry('john.doe') }
it 'includes the EE module' do
expect(described_class).to include(EE::Gitlab::Auth::LDAP::Person)
expect(described_class).to include(EE::Gitlab::Auth::Ldap::Person)
end
describe '.ldap_attributes' do
......@@ -98,7 +98,7 @@ describe Gitlab::Auth::LDAP::Person do
)
end
let(:config) { Gitlab::Auth::LDAP::Config.new('ldapmain') }
let(:config) { Gitlab::Auth::Ldap::Config.new('ldapmain') }
let(:ldap_attributes) { described_class.ldap_attributes(config) }
let(:expected_attributes) { %w(dn cn uid mail memberof) }
......@@ -154,7 +154,7 @@ describe Gitlab::Auth::LDAP::Person do
subject { described_class.new(entry, 'ldapmain') }
before do
allow_next_instance_of(Gitlab::Auth::LDAP::Config) do |instance|
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive_messages(sync_ssh_keys: ssh_key_attribute_name)
end
end
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe Gitlab::Auth::LDAP::User do
describe Gitlab::Auth::Ldap::User do
include LdapHelpers
let(:ldap_user) { described_class.new(auth_hash) }
......@@ -28,7 +28,7 @@ describe Gitlab::Auth::LDAP::User do
end
it 'includes the EE module' do
expect(described_class).to include_module(EE::Gitlab::Auth::LDAP::User)
expect(described_class).to include_module(EE::Gitlab::Auth::Ldap::User)
end
describe '#initialize' do
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe Gitlab::Auth::Smartcard::LDAPCertificate do
describe Gitlab::Auth::Smartcard::LdapCertificate do
let(:certificate_header) { 'certificate' }
let(:openssl_certificate_store) { instance_double(OpenSSL::X509::Store) }
let(:user_build_service) { instance_double(Users::BuildService) }
......
......@@ -60,7 +60,7 @@ describe LdapGroupLink do
end
it 'defaults to the first ldap server if empty' do
expect( klass.new.provider ).to eql Gitlab::Auth::LDAP::Config.providers.first
expect( klass.new.provider ).to eql Gitlab::Auth::Ldap::Config.providers.first
end
end
end
......
......@@ -201,7 +201,7 @@ describe API::Groups do
describe 'POST /groups/:id/ldap_sync' do
before do
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
end
context 'when the ldap_group_sync feature is available' do
......
......@@ -16,8 +16,8 @@ describe API::Ldap do
OpenStruct.new(cn: 'students')
]
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::Auth::LDAP::Adapter).to receive(:new).and_return(adapter)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::Auth::Ldap::Adapter).to receive(:new).and_return(adapter)
allow(adapter).to receive_messages(groups: groups)
stub_application_setting(allow_group_owners_to_manage_ldap: false)
end
......
......@@ -184,7 +184,7 @@ describe SmartcardController, type: :request do
before do
allow(Gitlab::Auth::Smartcard).to receive(:enabled?).and_return(true)
allow(Gitlab::Auth::Smartcard::LDAPCertificate).to(
allow(Gitlab::Auth::Smartcard::LdapCertificate).to(
receive(:store).and_return(openssl_certificate_store))
allow(openssl_certificate_store).to receive(:verify).and_return(true)
......
......@@ -3,12 +3,12 @@
module EE
module LdapHelpers
def proxy(adapter, provider = 'ldapmain')
EE::Gitlab::Auth::LDAP::Sync::Proxy.new(provider, adapter)
EE::Gitlab::Auth::Ldap::Sync::Proxy.new(provider, adapter)
end
def fake_ldap_sync_proxy(provider)
fake_proxy = double(:proxy, adapter: ldap_adapter)
allow(::EE::Gitlab::Auth::LDAP::Sync::Proxy).to receive(:open).with(provider).and_yield(fake_proxy)
allow(::EE::Gitlab::Auth::Ldap::Sync::Proxy).to receive(:open).with(provider).and_yield(fake_proxy)
fake_proxy
end
......@@ -16,22 +16,22 @@ module EE
# `entry` to simulate when an LDAP group is not found
#
# Example:
# adapter = ::Gitlab::Auth::LDAP::Adapter.new('ldapmain', double(:ldap))
# adapter = ::Gitlab::Auth::Ldap::Adapter.new('ldapmain', double(:ldap))
# ldap_group1 = ldap_group_entry('uid=user,ou=users,dc=example,dc=com')
#
# stub_ldap_group_find_by_cn('ldap_group1', ldap_group1, adapter)
def stub_ldap_group_find_by_cn(cn, entry, adapter = nil)
if entry.present?
return_value = EE::Gitlab::Auth::LDAP::Group.new(entry, adapter)
return_value = EE::Gitlab::Auth::Ldap::Group.new(entry, adapter)
end
allow(EE::Gitlab::Auth::LDAP::Group)
allow(EE::Gitlab::Auth::Ldap::Group)
.to receive(:find_by_cn)
.with(cn, kind_of(::Gitlab::Auth::LDAP::Adapter)).and_return(return_value)
.with(cn, kind_of(::Gitlab::Auth::Ldap::Adapter)).and_return(return_value)
end
def unstub_ldap_group_find_by_cn
allow(EE::Gitlab::Auth::LDAP::Group)
allow(EE::Gitlab::Auth::Ldap::Group)
.to receive(:find_by_cn).and_call_original
end
......@@ -107,7 +107,7 @@ module EE
# Stub Active Directory range member retrieval.
#
# Example:
# adapter = ::Gitlab::Auth::LDAP::Adapter.new('ldapmain', double(:ldap))
# adapter = ::Gitlab::Auth::Ldap::Adapter.new('ldapmain', double(:ldap))
# group_entry_page1 = ldap_group_entry_with_member_range(
# [user_dn('user1'), user_dn('user2'), user_dn('user3')],
# range_start: '0',
......@@ -118,7 +118,7 @@ module EE
# range_start: '3',
# range_end: '*'
# )
# group = EE::Gitlab::Auth::LDAP::Group.new(group_entry_page1, adapter)
# group = EE::Gitlab::Auth::Ldap::Group.new(group_entry_page1, adapter)
#
# stub_ldap_adapter_group_members_in_range(group_entry_page2, adapter, range_start: '3')
def stub_ldap_adapter_group_members_in_range(
......@@ -131,7 +131,7 @@ module EE
end
def stub_ldap_adapter_nested_groups(parent_dn, entries = [], adapter = ldap_adapter)
groups = entries.map { |entry| EE::Gitlab::Auth::LDAP::Group.new(entry, adapter) }
groups = entries.map { |entry| EE::Gitlab::Auth::Ldap::Group.new(entry, adapter) }
allow(adapter).to receive(:nested_groups).with(parent_dn).and_return(groups)
end
......
......@@ -7,13 +7,13 @@ describe LdapAllGroupsSyncWorker do
before do
allow(Sidekiq.logger).to receive(:info)
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
end
describe '#perform' do
context 'with the default license key' do
it 'syncs all groups when group_id is nil' do
expect(EE::Gitlab::Auth::LDAP::Sync::Groups).to receive(:execute)
expect(EE::Gitlab::Auth::Ldap::Sync::Groups).to receive(:execute)
subject.perform
end
......@@ -25,7 +25,7 @@ describe LdapAllGroupsSyncWorker do
end
it 'does not sync all groups' do
expect(EE::Gitlab::Auth::LDAP::Sync::Groups).not_to receive(:execute)
expect(EE::Gitlab::Auth::Ldap::Sync::Groups).not_to receive(:execute)
subject.perform
end
......
......@@ -9,14 +9,14 @@ describe LdapGroupSyncWorker do
def expect_fake_proxy(provider)
fake = double
expect(EE::Gitlab::Auth::LDAP::Sync::Proxy)
expect(EE::Gitlab::Auth::Ldap::Sync::Proxy)
.to receive(:open).with(provider).and_yield(fake)
fake
end
before do
allow(Sidekiq.logger).to receive(:info)
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
end
describe '#perform' do
......@@ -65,16 +65,16 @@ describe LdapGroupSyncWorker do
describe '#sync_group' do
it 'syncs a single provider when a provider was given' do
proxy = EE::Gitlab::Auth::LDAP::Sync::Proxy.new('ldapmain', ldap_adapter)
proxy = EE::Gitlab::Auth::Ldap::Sync::Proxy.new('ldapmain', ldap_adapter)
expect(EE::Gitlab::Auth::LDAP::Sync::Group).to receive(:execute)
expect(EE::Gitlab::Auth::Ldap::Sync::Group).to receive(:execute)
.with(group, proxy)
subject.sync_group(group, proxy: proxy)
end
it 'syncs all providers when no proxy was given' do
expect(EE::Gitlab::Auth::LDAP::Sync::Group).to receive(:execute_all_providers)
expect(EE::Gitlab::Auth::Ldap::Sync::Group).to receive(:execute_all_providers)
.with(group)
subject.sync_group(group)
......
......@@ -7,7 +7,7 @@ describe LdapSyncWorker do
before do
allow(Sidekiq.logger).to receive(:info)
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
create(:omniauth_user, provider: 'ldapmain')
end
......@@ -15,7 +15,7 @@ describe LdapSyncWorker do
describe '#perform' do
context 'with the default license key' do
it 'syncs all LDAP users' do
expect(Gitlab::Auth::LDAP::Access).to receive(:allowed?)
expect(Gitlab::Auth::Ldap::Access).to receive(:allowed?)
subject.perform
end
......@@ -27,7 +27,7 @@ describe LdapSyncWorker do
end
it 'does not sync LDAP users' do
expect(Gitlab::Auth::LDAP::Access).not_to receive(:allowed?)
expect(Gitlab::Auth::Ldap::Access).not_to receive(:allowed?)
subject.perform
end
......
......@@ -88,7 +88,7 @@ module Gitlab
else
# If no user is provided, try LDAP.
# LDAP users are only authenticated via LDAP
authenticators << Gitlab::Auth::LDAP::Authentication
authenticators << Gitlab::Auth::Ldap::Authentication
end
authenticators.compact!
......@@ -134,7 +134,7 @@ module Gitlab
end
def authenticate_using_internal_or_ldap_password?
Gitlab::CurrentSettings.password_authentication_enabled_for_git? || Gitlab::Auth::LDAP::Config.enabled?
Gitlab::CurrentSettings.password_authentication_enabled_for_git? || Gitlab::Auth::Ldap::Config.enabled?
end
def service_request_check(login, password, project)
......
......@@ -6,14 +6,14 @@
#
module Gitlab
module Auth
module LDAP
module Ldap
class Access
prepend_if_ee('::EE::Gitlab::Auth::LDAP::Access') # rubocop: disable Cop/InjectEnterpriseEditionModule
prepend_if_ee('::EE::Gitlab::Auth::Ldap::Access') # rubocop: disable Cop/InjectEnterpriseEditionModule
attr_reader :provider, :user, :ldap_identity
def self.open(user, &block)
Gitlab::Auth::LDAP::Adapter.open(user.ldap_identity.provider) do |adapter|
Gitlab::Auth::Ldap::Adapter.open(user.ldap_identity.provider) do |adapter|
block.call(self.new(user, adapter))
end
end
......@@ -50,7 +50,7 @@ module Gitlab
end
# Block user in GitLab if they were blocked in AD
if Gitlab::Auth::LDAP::Person.disabled_via_active_directory?(ldap_identity.extern_uid, adapter)
if Gitlab::Auth::Ldap::Person.disabled_via_active_directory?(ldap_identity.extern_uid, adapter)
block_user(user, 'is disabled in Active Directory')
false
else
......@@ -62,7 +62,7 @@ module Gitlab
block_user(user, 'does not exist anymore')
false
end
rescue LDAPConnectionError
rescue LdapConnectionError
false
end
......@@ -73,11 +73,11 @@ module Gitlab
private
def adapter
@adapter ||= Gitlab::Auth::LDAP::Adapter.new(provider)
@adapter ||= Gitlab::Auth::Ldap::Adapter.new(provider)
end
def ldap_config
Gitlab::Auth::LDAP::Config.new(provider)
Gitlab::Auth::Ldap::Config.new(provider)
end
def ldap_user
......@@ -87,7 +87,7 @@ module Gitlab
end
def find_ldap_user
Gitlab::Auth::LDAP::Person.find_by_dn(ldap_identity.extern_uid, adapter)
Gitlab::Auth::Ldap::Person.find_by_dn(ldap_identity.extern_uid, adapter)
end
def block_user(user, reason)
......
......@@ -2,9 +2,9 @@
module Gitlab
module Auth
module LDAP
module Ldap
class Adapter
prepend_if_ee('::EE::Gitlab::Auth::LDAP::Adapter') # rubocop: disable Cop/InjectEnterpriseEditionModule
prepend_if_ee('::EE::Gitlab::Auth::Ldap::Adapter') # rubocop: disable Cop/InjectEnterpriseEditionModule
SEARCH_RETRY_FACTOR = [1, 1, 2, 3].freeze
MAX_SEARCH_RETRIES = Rails.env.test? ? 1 : SEARCH_RETRY_FACTOR.size.freeze
......@@ -18,7 +18,7 @@ module Gitlab
end
def self.config(provider)
Gitlab::Auth::LDAP::Config.new(provider)
Gitlab::Auth::Ldap::Config.new(provider)
end
def initialize(provider, ldap = nil)
......@@ -27,7 +27,7 @@ module Gitlab
end
def config
Gitlab::Auth::LDAP::Config.new(provider)
Gitlab::Auth::Ldap::Config.new(provider)
end
def users(fields, value, limit = nil)
......@@ -75,7 +75,7 @@ module Gitlab
renew_connection_adapter
retry
else
raise LDAPConnectionError, error_message
raise LdapConnectionError, error_message
end
end
......@@ -91,13 +91,13 @@ module Gitlab
end
entries.map do |entry|
Gitlab::Auth::LDAP::Person.new(entry, provider)
Gitlab::Auth::Ldap::Person.new(entry, provider)
end
end
def user_options(fields, value, limit)
options = {
attributes: Gitlab::Auth::LDAP::Person.ldap_attributes(config),
attributes: Gitlab::Auth::Ldap::Person.ldap_attributes(config),
base: config.base
}
......
......@@ -4,10 +4,10 @@
#
module Gitlab
module Auth
module LDAP
module Ldap
class AuthHash < Gitlab::Auth::OAuth::AuthHash
def uid
@uid ||= Gitlab::Auth::LDAP::Person.normalize_dn(super)
@uid ||= Gitlab::Auth::Ldap::Person.normalize_dn(super)
end
def username
......@@ -42,7 +42,7 @@ module Gitlab
end
def ldap_config
@ldap_config ||= Gitlab::Auth::LDAP::Config.new(self.provider)
@ldap_config ||= Gitlab::Auth::Ldap::Config.new(self.provider)
end
end
end
......
......@@ -8,10 +8,10 @@
module Gitlab
module Auth
module LDAP
module Ldap
class Authentication < Gitlab::Auth::OAuth::Authentication
def self.login(login, password)
return unless Gitlab::Auth::LDAP::Config.enabled?
return unless Gitlab::Auth::Ldap::Config.enabled?
return unless login.present? && password.present?
# return found user that was authenticated by first provider for given login credentials
......@@ -22,7 +22,7 @@ module Gitlab
end
def self.providers
Gitlab::Auth::LDAP::Config.providers
Gitlab::Auth::Ldap::Config.providers
end
def login(login, password)
......@@ -33,7 +33,7 @@ module Gitlab
)
return unless result
@user = Gitlab::Auth::LDAP::User.find_by_uid_and_provider(result.dn, provider)
@user = Gitlab::Auth::Ldap::User.find_by_uid_and_provider(result.dn, provider)
end
def adapter
......@@ -41,7 +41,7 @@ module Gitlab
end
def config
Gitlab::Auth::LDAP::Config.new(provider)
Gitlab::Auth::Ldap::Config.new(provider)
end
def user_filter(login)
......
......@@ -3,9 +3,9 @@
# Load a specific server configuration
module Gitlab
module Auth
module LDAP
module Ldap
class Config
prepend_if_ee('::EE::Gitlab::Auth::LDAP::Config') # rubocop: disable Cop/InjectEnterpriseEditionModule
prepend_if_ee('::EE::Gitlab::Auth::Ldap::Config') # rubocop: disable Cop/InjectEnterpriseEditionModule
NET_LDAP_ENCRYPTION_METHOD = {
simple_tls: :simple_tls,
......
......@@ -21,7 +21,7 @@
# class also helps take care of that.
module Gitlab
module Auth
module LDAP
module Ldap
class DN
FormatError = Class.new(StandardError)
MalformedError = Class.new(FormatError)
......
......@@ -2,8 +2,8 @@
module Gitlab
module Auth
module LDAP
LDAPConnectionError = Class.new(StandardError)
module Ldap
LdapConnectionError = Class.new(StandardError)
end
end
end
......@@ -2,9 +2,9 @@
module Gitlab
module Auth
module LDAP
module Ldap
class Person
prepend_if_ee('::EE::Gitlab::Auth::LDAP::Person') # rubocop: disable Cop/InjectEnterpriseEditionModule
prepend_if_ee('::EE::Gitlab::Auth::Ldap::Person') # rubocop: disable Cop/InjectEnterpriseEditionModule
# Active Directory-specific LDAP filter that checks if bit 2 of the
# userAccountControl attribute is set.
......@@ -45,8 +45,8 @@ module Gitlab
end
def self.normalize_dn(dn)
::Gitlab::Auth::LDAP::DN.new(dn).to_normalized_s
rescue ::Gitlab::Auth::LDAP::DN::FormatError => e
::Gitlab::Auth::Ldap::DN.new(dn).to_normalized_s
rescue ::Gitlab::Auth::Ldap::DN::FormatError => e
Rails.logger.info("Returning original DN \"#{dn}\" due to error during normalization attempt: #{e.message}") # rubocop:disable Gitlab/RailsLogger
dn
......@@ -57,8 +57,8 @@ module Gitlab
# 1. Excess spaces are stripped
# 2. The string is downcased (for case-insensitivity)
def self.normalize_uid(uid)
::Gitlab::Auth::LDAP::DN.normalize_value(uid)
rescue ::Gitlab::Auth::LDAP::DN::FormatError => e
::Gitlab::Auth::Ldap::DN.normalize_value(uid)
rescue ::Gitlab::Auth::Ldap::DN::FormatError => e
Rails.logger.info("Returning original UID \"#{uid}\" due to error during normalization attempt: #{e.message}") # rubocop:disable Gitlab/RailsLogger
uid
......@@ -103,7 +103,7 @@ module Gitlab
attr_reader :entry
def config
@config ||= Gitlab::Auth::LDAP::Config.new(provider)
@config ||= Gitlab::Auth::Ldap::Config.new(provider)
end
# Using the LDAP attributes configuration, find and return the first
......
......@@ -8,10 +8,10 @@
#
module Gitlab
module Auth
module LDAP
module Ldap
class User < Gitlab::Auth::OAuth::User
extend ::Gitlab::Utils::Override
prepend_if_ee('::EE::Gitlab::Auth::LDAP::User') # rubocop: disable Cop/InjectEnterpriseEditionModule
prepend_if_ee('::EE::Gitlab::Auth::Ldap::User') # rubocop: disable Cop/InjectEnterpriseEditionModule
class << self
# rubocop: disable CodeReuse/ActiveRecord
......@@ -46,7 +46,7 @@ module Gitlab
end
def allowed?
Gitlab::Auth::LDAP::Access.allowed?(gl_user)
Gitlab::Auth::Ldap::Access.allowed?(gl_user)
end
def valid_sign_in?
......@@ -54,11 +54,11 @@ module Gitlab
end
def ldap_config
Gitlab::Auth::LDAP::Config.new(auth_hash.provider)
Gitlab::Auth::Ldap::Config.new(auth_hash.provider)
end
def auth_hash=(auth_hash)
@auth_hash = Gitlab::Auth::LDAP::AuthHash.new(auth_hash)
@auth_hash = Gitlab::Auth::Ldap::AuthHash.new(auth_hash)
end
end
end
......
......@@ -18,7 +18,7 @@ module Gitlab
authenticator =
case provider
when /^ldap/
Gitlab::Auth::LDAP::Authentication
Gitlab::Auth::Ldap::Authentication
when 'database'
Gitlab::Auth::Database::Authentication
end
......@@ -60,8 +60,8 @@ module Gitlab
def self.config_for(name)
name = name.to_s
if ldap_provider?(name)
if Gitlab::Auth::LDAP::Config.valid_provider?(name)
Gitlab::Auth::LDAP::Config.new(name).options
if Gitlab::Auth::Ldap::Config.valid_provider?(name)
Gitlab::Auth::Ldap::Config.new(name).options
else
nil
end
......
......@@ -111,7 +111,7 @@ module Gitlab
def find_or_build_ldap_user
return unless ldap_person
user = Gitlab::Auth::LDAP::User.find_by_uid_and_provider(ldap_person.dn, ldap_person.provider)
user = Gitlab::Auth::Ldap::User.find_by_uid_and_provider(ldap_person.dn, ldap_person.provider)
if user
log.info "LDAP account found for user #{user.username}. Building new #{auth_hash.provider} identity."
return user
......@@ -141,8 +141,8 @@ module Gitlab
return @ldap_person if defined?(@ldap_person)
# Look for a corresponding person with same uid in any of the configured LDAP providers
Gitlab::Auth::LDAP::Config.providers.each do |provider|
adapter = Gitlab::Auth::LDAP::Adapter.new(provider)
Gitlab::Auth::Ldap::Config.providers.each do |provider|
adapter = Gitlab::Auth::Ldap::Adapter.new(provider)
@ldap_person = find_ldap_person(auth_hash, adapter)
break if @ldap_person
end
......@@ -150,15 +150,15 @@ module Gitlab
end
def find_ldap_person(auth_hash, adapter)
Gitlab::Auth::LDAP::Person.find_by_uid(auth_hash.uid, adapter) ||
Gitlab::Auth::LDAP::Person.find_by_email(auth_hash.uid, adapter) ||
Gitlab::Auth::LDAP::Person.find_by_dn(auth_hash.uid, adapter)
rescue Gitlab::Auth::LDAP::LDAPConnectionError
Gitlab::Auth::Ldap::Person.find_by_uid(auth_hash.uid, adapter) ||
Gitlab::Auth::Ldap::Person.find_by_email(auth_hash.uid, adapter) ||
Gitlab::Auth::Ldap::Person.find_by_dn(auth_hash.uid, adapter)
rescue Gitlab::Auth::Ldap::LdapConnectionError
nil
end
def ldap_config
Gitlab::Auth::LDAP::Config.new(ldap_person.provider) if ldap_person
Gitlab::Auth::Ldap::Config.new(ldap_person.provider) if ldap_person
end
def needs_blocking?
......
......@@ -33,7 +33,7 @@ module Gitlab
return false unless can_access_git?
if user.requires_ldap_check? && user.try_obtain_ldap_lease
return false unless Gitlab::Auth::LDAP::Access.allowed?(user)
return false unless Gitlab::Auth::Ldap::Access.allowed?(user)
end
true
......
......@@ -6,7 +6,7 @@ module SystemCheck
set_name 'LDAP:'
def multi_check
if Gitlab::Auth::LDAP::Config.enabled?
if Gitlab::Auth::Ldap::Config.enabled?
# Only show up to 100 results because LDAP directories can be very big.
# This setting only affects the `rake gitlab:check` script.
limit = ENV['LDAP_CHECK_LIMIT']
......@@ -21,13 +21,13 @@ module SystemCheck
private
def check_ldap(limit)
servers = Gitlab::Auth::LDAP::Config.providers
servers = Gitlab::Auth::Ldap::Config.providers
servers.each do |server|
$stdout.puts "Server: #{server}"
begin
Gitlab::Auth::LDAP::Adapter.open(server) do |adapter|
Gitlab::Auth::Ldap::Adapter.open(server) do |adapter|
check_ldap_auth(adapter)
$stdout.puts "LDAP users with access to your GitLab server (only showing the first #{limit} results)"
......
......@@ -13,7 +13,7 @@ namespace :gitlab do
print "#{user.name} (#{user.ldap_identity.extern_uid}) ..."
if Gitlab::Auth::LDAP::Access.allowed?(user)
if Gitlab::Auth::Ldap::Access.allowed?(user)
puts " [OK]".color(:green)
else
if block_flag
......
......@@ -56,7 +56,7 @@ describe AuthHelper do
describe 'any_form_based_providers_enabled?' do
before do
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
end
it 'detects form-based providers' do
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe Gitlab::Auth::LDAP::Access do
describe Gitlab::Auth::Ldap::Access do
include LdapHelpers
let(:user) { create(:omniauth_user) }
......@@ -64,7 +64,7 @@ describe Gitlab::Auth::LDAP::Access do
context 'and the user is disabled via active directory' do
before do
allow(Gitlab::Auth::LDAP::Person).to receive(:disabled_via_active_directory?).and_return(true)
allow(Gitlab::Auth::Ldap::Person).to receive(:disabled_via_active_directory?).and_return(true)
end
it 'returns false' do
......@@ -90,7 +90,7 @@ describe Gitlab::Auth::LDAP::Access do
context 'and has no disabled flag in active directory' do
before do
allow(Gitlab::Auth::LDAP::Person).to receive(:disabled_via_active_directory?).and_return(false)
allow(Gitlab::Auth::Ldap::Person).to receive(:disabled_via_active_directory?).and_return(false)
end
it { is_expected.to be_truthy }
......@@ -135,8 +135,8 @@ describe Gitlab::Auth::LDAP::Access do
context 'without ActiveDirectory enabled' do
before do
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
allow_next_instance_of(Gitlab::Auth::LDAP::Config) do |instance|
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive(:active_directory).and_return(false)
end
end
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe Gitlab::Auth::LDAP::Adapter do
describe Gitlab::Auth::Ldap::Adapter do
include LdapHelpers
let(:ldap) { double(:ldap) }
......@@ -138,7 +138,7 @@ describe Gitlab::Auth::LDAP::Adapter do
it 'as many times as MAX_SEARCH_RETRIES' do
expect(ldap).to receive(:search).exactly(3).times
expect { subject }.to raise_error(Gitlab::Auth::LDAP::LDAPConnectionError)
expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
end
context 'when no more retries' do
......@@ -147,11 +147,11 @@ describe Gitlab::Auth::LDAP::Adapter do
end
it 'raises the exception' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::LDAPConnectionError)
expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
end
it 'logs the error' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::LDAPConnectionError)
expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
expect(Rails.logger).to have_received(:warn).with(
"LDAP search raised exception Net::LDAP::Error: some error")
end
......@@ -161,6 +161,6 @@ describe Gitlab::Auth::LDAP::Adapter do
end
def ldap_attributes
Gitlab::Auth::LDAP::Person.ldap_attributes(Gitlab::Auth::LDAP::Config.new('ldapmain'))
Gitlab::Auth::Ldap::Person.ldap_attributes(Gitlab::Auth::Ldap::Config.new('ldapmain'))
end
end
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe Gitlab::Auth::LDAP::AuthHash do
describe Gitlab::Auth::Ldap::AuthHash do
include LdapHelpers
let(:auth_hash) do
......@@ -58,7 +58,7 @@ describe Gitlab::Auth::LDAP::AuthHash do
end
before do
allow_next_instance_of(Gitlab::Auth::LDAP::Config) do |instance|
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive(:attributes).and_return(attributes)
end
end
......
......@@ -2,15 +2,15 @@
require 'spec_helper'
describe Gitlab::Auth::LDAP::Authentication do
describe Gitlab::Auth::Ldap::Authentication do
let(:dn) { 'uid=John Smith, ou=People, dc=example, dc=com' }
let(:user) { create(:omniauth_user, extern_uid: Gitlab::Auth::LDAP::Person.normalize_dn(dn)) }
let(:user) { create(:omniauth_user, extern_uid: Gitlab::Auth::Ldap::Person.normalize_dn(dn)) }
let(:login) { 'john' }
let(:password) { 'password' }
describe 'login' do
before do
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
end
it "finds the user if authentication is successful" do
......@@ -48,7 +48,7 @@ describe Gitlab::Auth::LDAP::Authentication do
end
it "fails if ldap is disabled" do
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(false)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(false)
expect(described_class.login(login, password)).to be_falsey
end
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe Gitlab::Auth::LDAP::Config do
describe Gitlab::Auth::Ldap::Config do
include LdapHelpers
let(:config) { described_class.new('ldapmain') }
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe Gitlab::Auth::LDAP::DN do
describe Gitlab::Auth::Ldap::DN do
using RSpec::Parameterized::TableSyntax
describe '#normalize_value' do
......@@ -15,7 +15,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'John Smith,' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, 'DN string ended unexpectedly')
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, 'DN string ended unexpectedly')
end
end
......@@ -23,7 +23,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { '#aa aa' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, "Expected the end of an attribute value, but got \"a\"")
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, "Expected the end of an attribute value, but got \"a\"")
end
end
......@@ -31,7 +31,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { '#aaXaaa' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, "Expected the first character of a hex pair, but got \"X\"")
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, "Expected the first character of a hex pair, but got \"X\"")
end
end
......@@ -39,7 +39,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { '#aaaYaa' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, "Expected the second character of a hex pair, but got \"Y\"")
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, "Expected the second character of a hex pair, but got \"Y\"")
end
end
......@@ -47,7 +47,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { '"Sebasti\\cX\\a1n"' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, "Expected the second character of a hex pair inside a double quoted value, but got \"X\"")
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, "Expected the second character of a hex pair inside a double quoted value, but got \"X\"")
end
end
......@@ -55,7 +55,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { '"James' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, 'DN string ended unexpectedly')
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, 'DN string ended unexpectedly')
end
end
......@@ -63,7 +63,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'J\ames' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, 'Invalid escaped hex code "\am"')
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, 'Invalid escaped hex code "\am"')
end
end
......@@ -71,7 +71,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'foo\\' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, 'DN string ended unexpectedly')
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, 'DN string ended unexpectedly')
end
end
end
......@@ -88,7 +88,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'uid=john smith+telephonenumber=+1 555-555-5555,ou=people,dc=example,dc=com' }
it 'raises UnsupportedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::UnsupportedError)
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::UnsupportedError)
end
end
......@@ -97,7 +97,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'uid = John Smith + telephoneNumber = + 1 555-555-5555 , ou = People,dc=example,dc=com' }
it 'raises UnsupportedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::UnsupportedError)
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::UnsupportedError)
end
end
......@@ -105,7 +105,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'uid = John Smith + telephoneNumber = +1 555-555-5555 , ou = People,dc=example,dc=com' }
it 'raises UnsupportedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::UnsupportedError)
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::UnsupportedError)
end
end
end
......@@ -117,7 +117,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'uid=John Smith,' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, 'DN string ended unexpectedly')
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, 'DN string ended unexpectedly')
end
end
......@@ -125,7 +125,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { '0.9.2342.19200300.100.1.25=#aa aa' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, "Expected the end of an attribute value, but got \"a\"")
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, "Expected the end of an attribute value, but got \"a\"")
end
end
......@@ -133,7 +133,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { '0.9.2342.19200300.100.1.25=#aaXaaa' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, "Expected the first character of a hex pair, but got \"X\"")
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, "Expected the first character of a hex pair, but got \"X\"")
end
end
......@@ -141,7 +141,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { '0.9.2342.19200300.100.1.25=#aaaYaa' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, "Expected the second character of a hex pair, but got \"Y\"")
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, "Expected the second character of a hex pair, but got \"Y\"")
end
end
......@@ -149,7 +149,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'uid="Sebasti\\cX\\a1n"' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, "Expected the second character of a hex pair inside a double quoted value, but got \"X\"")
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, "Expected the second character of a hex pair inside a double quoted value, but got \"X\"")
end
end
......@@ -157,7 +157,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'John' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, 'DN string ended unexpectedly')
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, 'DN string ended unexpectedly')
end
end
......@@ -165,7 +165,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'cn="James' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, 'DN string ended unexpectedly')
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, 'DN string ended unexpectedly')
end
end
......@@ -173,7 +173,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'cn=J\ames' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, 'Invalid escaped hex code "\am"')
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, 'Invalid escaped hex code "\am"')
end
end
......@@ -181,7 +181,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'cn=\\' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, 'DN string ended unexpectedly')
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, 'DN string ended unexpectedly')
end
end
......@@ -189,7 +189,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { '1.2.d=Value' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, 'Unrecognized RDN OID attribute type name character "d"')
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, 'Unrecognized RDN OID attribute type name character "d"')
end
end
......@@ -197,7 +197,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'd1.2=Value' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, 'Unrecognized RDN attribute type name character "."')
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, 'Unrecognized RDN attribute type name character "."')
end
end
......@@ -205,7 +205,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { ' -uid=John Smith' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, 'Unrecognized first character of an RDN attribute type name "-"')
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, 'Unrecognized first character of an RDN attribute type name "-"')
end
end
......@@ -213,7 +213,7 @@ describe Gitlab::Auth::LDAP::DN do
let(:given) { 'uid\\=john' }
it 'raises MalformedError' do
expect { subject }.to raise_error(Gitlab::Auth::LDAP::DN::MalformedError, 'Unrecognized RDN attribute type name character "\\"')
expect { subject }.to raise_error(Gitlab::Auth::Ldap::DN::MalformedError, 'Unrecognized RDN attribute type name character "\\"')
end
end
end
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe Gitlab::Auth::LDAP::Person do
describe Gitlab::Auth::Ldap::Person do
include LdapHelpers
let(:entry) { ldap_user_entry('john.doe') }
......@@ -61,7 +61,7 @@ describe Gitlab::Auth::LDAP::Person do
}
}
)
config = Gitlab::Auth::LDAP::Config.new('ldapmain')
config = Gitlab::Auth::Ldap::Config.new('ldapmain')
ldap_attributes = described_class.ldap_attributes(config)
expect(ldap_attributes).to match_array(%w(dn uid cn mail memberof))
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe Gitlab::Auth::LDAP::User do
describe Gitlab::Auth::Ldap::User do
include LdapHelpers
let(:ldap_user) { described_class.new(auth_hash) }
......
......@@ -22,7 +22,7 @@ describe Gitlab::Auth::OAuth::User do
}
}
end
let(:ldap_user) { Gitlab::Auth::LDAP::Person.new(Net::LDAP::Entry.new, 'ldapmain') }
let(:ldap_user) { Gitlab::Auth::Ldap::Person.new(Net::LDAP::Entry.new, 'ldapmain') }
describe '#persisted?' do
let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }
......@@ -230,7 +230,7 @@ describe Gitlab::Auth::OAuth::User do
context "and no account for the LDAP user" do
before do
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_uid).and_return(ldap_user)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).and_return(ldap_user)
oauth_user.save
end
......@@ -269,7 +269,7 @@ describe Gitlab::Auth::OAuth::User do
let!(:existing_user) { create(:omniauth_user, name: 'John Doe', email: 'john@example.com', extern_uid: dn, provider: 'ldapmain', username: 'john') }
it "adds the omniauth identity to the LDAP account" do
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_uid).and_return(ldap_user)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).and_return(ldap_user)
oauth_user.save
......@@ -290,8 +290,8 @@ describe Gitlab::Auth::OAuth::User do
context 'when an LDAP person is not found by uid' do
it 'tries to find an LDAP person by email and adds the omniauth identity to the user' do
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_uid).and_return(nil)
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_email).and_return(ldap_user)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).and_return(nil)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_email).and_return(ldap_user)
oauth_user.save
......@@ -301,9 +301,9 @@ describe Gitlab::Auth::OAuth::User do
context 'when also not found by email' do
it 'tries to find an LDAP person by DN and adds the omniauth identity to the user' do
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_uid).and_return(nil)
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_email).and_return(nil)
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_dn).and_return(ldap_user)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).and_return(nil)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_email).and_return(nil)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_dn).and_return(ldap_user)
oauth_user.save
......@@ -344,7 +344,7 @@ describe Gitlab::Auth::OAuth::User do
context 'and no account for the LDAP user' do
it 'creates a user favoring the LDAP username and strips email domain' do
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_uid).and_return(ldap_user)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).and_return(ldap_user)
oauth_user.save
......@@ -356,7 +356,7 @@ describe Gitlab::Auth::OAuth::User do
context "and no corresponding LDAP person" do
before do
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_uid).and_return(nil)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).and_return(nil)
end
include_examples "to verify compliance with allow_single_sign_on"
......@@ -405,13 +405,13 @@ describe Gitlab::Auth::OAuth::User do
allow(ldap_user).to receive(:username) { uid }
allow(ldap_user).to receive(:email) { ['johndoe@example.com', 'john2@example.com'] }
allow(ldap_user).to receive(:dn) { dn }
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_uid).and_return(ldap_user)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).and_return(ldap_user)
end
context "and no account for the LDAP user" do
context 'dont block on create (LDAP)' do
before do
allow_next_instance_of(Gitlab::Auth::LDAP::Config) do |instance|
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive_messages(block_auto_created_users: false)
end
end
......@@ -425,7 +425,7 @@ describe Gitlab::Auth::OAuth::User do
context 'block on create (LDAP)' do
before do
allow_next_instance_of(Gitlab::Auth::LDAP::Config) do |instance|
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive_messages(block_auto_created_users: true)
end
end
......@@ -443,7 +443,7 @@ describe Gitlab::Auth::OAuth::User do
context 'dont block on create (LDAP)' do
before do
allow_next_instance_of(Gitlab::Auth::LDAP::Config) do |instance|
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive_messages(block_auto_created_users: false)
end
end
......@@ -457,7 +457,7 @@ describe Gitlab::Auth::OAuth::User do
context 'block on create (LDAP)' do
before do
allow_next_instance_of(Gitlab::Auth::LDAP::Config) do |instance|
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive_messages(block_auto_created_users: true)
end
end
......@@ -503,7 +503,7 @@ describe Gitlab::Auth::OAuth::User do
context 'dont block on create (LDAP)' do
before do
allow_next_instance_of(Gitlab::Auth::LDAP::Config) do |instance|
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive_messages(block_auto_created_users: false)
end
end
......@@ -517,7 +517,7 @@ describe Gitlab::Auth::OAuth::User do
context 'block on create (LDAP)' do
before do
allow_next_instance_of(Gitlab::Auth::LDAP::Config) do |instance|
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive_messages(block_auto_created_users: true)
end
end
......@@ -806,7 +806,7 @@ describe Gitlab::Auth::OAuth::User do
end
it 'returns nil' do
adapter = Gitlab::Auth::LDAP::Adapter.new('ldapmain')
adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain')
hash = OmniAuth::AuthHash.new(uid: 'whatever', provider: 'ldapmain')
expect(oauth_user.send(:find_ldap_person, hash, adapter)).to be_nil
......
......@@ -19,7 +19,7 @@ describe Gitlab::Auth::Saml::User do
email: 'john@mail.com'
}
end
let(:ldap_user) { Gitlab::Auth::LDAP::Person.new(Net::LDAP::Entry.new, 'ldapmain') }
let(:ldap_user) { Gitlab::Auth::Ldap::Person.new(Net::LDAP::Entry.new, 'ldapmain') }
describe '#save' do
before do
......@@ -161,10 +161,10 @@ describe Gitlab::Auth::Saml::User do
allow(ldap_user).to receive(:username) { uid }
allow(ldap_user).to receive(:email) { %w(john@mail.com john2@example.com) }
allow(ldap_user).to receive(:dn) { dn }
allow(Gitlab::Auth::LDAP::Adapter).to receive(:new).and_return(adapter)
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_uid).with(uid, adapter).and_return(ldap_user)
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_dn).with(dn, adapter).and_return(ldap_user)
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_email).with('john@mail.com', adapter).and_return(ldap_user)
allow(Gitlab::Auth::Ldap::Adapter).to receive(:new).and_return(adapter)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).with(uid, adapter).and_return(ldap_user)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_dn).with(dn, adapter).and_return(ldap_user)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_email).with('john@mail.com', adapter).and_return(ldap_user)
end
context 'and no account for the LDAP user' do
......@@ -212,10 +212,10 @@ describe Gitlab::Auth::Saml::User do
nil_types = uid_types - [uid_type]
nil_types.each do |type|
allow(Gitlab::Auth::LDAP::Person).to receive(:"find_by_#{type}").and_return(nil)
allow(Gitlab::Auth::Ldap::Person).to receive(:"find_by_#{type}").and_return(nil)
end
allow(Gitlab::Auth::LDAP::Person).to receive(:"find_by_#{uid_type}").and_return(ldap_user)
allow(Gitlab::Auth::Ldap::Person).to receive(:"find_by_#{uid_type}").and_return(ldap_user)
end
it 'adds the omniauth identity to the LDAP account' do
......@@ -282,7 +282,7 @@ describe Gitlab::Auth::Saml::User do
it 'adds the LDAP identity to the existing SAML user' do
create(:omniauth_user, email: 'john@mail.com', extern_uid: dn, provider: 'saml', username: 'john')
allow(Gitlab::Auth::LDAP::Person).to receive(:find_by_uid).with(dn, adapter).and_return(ldap_user)
allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).with(dn, adapter).and_return(ldap_user)
local_hash = OmniAuth::AuthHash.new(uid: dn, provider: provider, info: info_hash)
local_saml_user = described_class.new(local_hash)
......
......@@ -590,23 +590,23 @@ describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
context "with ldap enabled" do
before do
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
end
it "tries to autheticate with db before ldap" do
expect(Gitlab::Auth::LDAP::Authentication).not_to receive(:login)
expect(Gitlab::Auth::Ldap::Authentication).not_to receive(:login)
expect(gl_auth.find_with_user_password(username, password)).to eq(user)
end
it "does not find user by using ldap as fallback to for authentication" do
expect(Gitlab::Auth::LDAP::Authentication).to receive(:login).and_return(nil)
expect(Gitlab::Auth::Ldap::Authentication).to receive(:login).and_return(nil)
expect(gl_auth.find_with_user_password('ldap_user', 'password')).to be_nil
end
it "find new user by using ldap as fallback to for authentication" do
expect(Gitlab::Auth::LDAP::Authentication).to receive(:login).and_return(user)
expect(Gitlab::Auth::Ldap::Authentication).to receive(:login).and_return(user)
expect(gl_auth.find_with_user_password('ldap_user', 'password')).to eq(user)
end
......@@ -623,7 +623,7 @@ describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
context "with ldap enabled" do
before do
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
end
it "does not find non-ldap user by valid login/password" do
......
......@@ -4197,7 +4197,7 @@ describe User, :do_not_mock_admin_mode do
describe '#read_only_attribute?' do
context 'when LDAP server is enabled' do
before do
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
end
%i[name email location].each do |attribute|
......
......@@ -639,8 +639,8 @@ describe 'Git HTTP requests' do
context 'when LDAP is configured' do
before do
allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
allow_any_instance_of(Gitlab::Auth::LDAP::Authentication)
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
allow_any_instance_of(Gitlab::Auth::Ldap::Authentication)
.to receive(:login).and_return(nil)
end
......@@ -862,8 +862,8 @@ describe 'Git HTTP requests' do
before do
allow(Gitlab::Auth::OAuth::Provider).to receive(:enabled?).and_return(true)
allow_any_instance_of(Gitlab::Auth::LDAP::Authentication).to receive(:login).and_return(nil)
allow_any_instance_of(Gitlab::Auth::LDAP::Authentication).to receive(:login).with(user.username, user.password).and_return(user)
allow_any_instance_of(Gitlab::Auth::Ldap::Authentication).to receive(:login).and_return(nil)
allow_any_instance_of(Gitlab::Auth::Ldap::Authentication).to receive(:login).with(user.username, user.password).and_return(user)
end
it_behaves_like 'pulls require Basic HTTP Authentication'
......
......@@ -2,14 +2,14 @@
module LdapHelpers
def ldap_adapter(provider = 'ldapmain', ldap = double(:ldap))
::Gitlab::Auth::LDAP::Adapter.new(provider, ldap)
::Gitlab::Auth::Ldap::Adapter.new(provider, ldap)
end
def user_dn(uid)
"uid=#{uid},ou=users,dc=example,dc=com"
end
# Accepts a hash of Gitlab::Auth::LDAP::Config keys and values.
# Accepts a hash of Gitlab::Auth::Ldap::Config keys and values.
#
# Example:
# stub_ldap_config(
......@@ -17,7 +17,7 @@ module LdapHelpers
# admin_group: 'my-admin-group'
# )
def stub_ldap_config(messages)
allow_any_instance_of(::Gitlab::Auth::LDAP::Config).to receive_messages(messages)
allow_any_instance_of(::Gitlab::Auth::Ldap::Config).to receive_messages(messages)
end
def stub_ldap_setting(messages)
......@@ -28,29 +28,29 @@ module LdapHelpers
# `entry` to simulate when an LDAP person is not found
#
# Example:
# adapter = ::Gitlab::Auth::LDAP::Adapter.new('ldapmain', double(:ldap))
# adapter = ::Gitlab::Auth::Ldap::Adapter.new('ldapmain', double(:ldap))
# ldap_user_entry = ldap_user_entry('john_doe')
#
# stub_ldap_person_find_by_uid('john_doe', ldap_user_entry, adapter)
def stub_ldap_person_find_by_uid(uid, entry, provider = 'ldapmain')
return_value = ::Gitlab::Auth::LDAP::Person.new(entry, provider) if entry.present?
return_value = ::Gitlab::Auth::Ldap::Person.new(entry, provider) if entry.present?
allow(::Gitlab::Auth::LDAP::Person)
allow(::Gitlab::Auth::Ldap::Person)
.to receive(:find_by_uid).with(uid, any_args).and_return(return_value)
end
def stub_ldap_person_find_by_dn(entry, provider = 'ldapmain')
person = ::Gitlab::Auth::LDAP::Person.new(entry, provider) if entry.present?
person = ::Gitlab::Auth::Ldap::Person.new(entry, provider) if entry.present?
allow(::Gitlab::Auth::LDAP::Person)
allow(::Gitlab::Auth::Ldap::Person)
.to receive(:find_by_dn)
.and_return(person)
end
def stub_ldap_person_find_by_email(email, entry, provider = 'ldapmain')
person = ::Gitlab::Auth::LDAP::Person.new(entry, provider) if entry.present?
person = ::Gitlab::Auth::Ldap::Person.new(entry, provider) if entry.present?
allow(::Gitlab::Auth::LDAP::Person)
allow(::Gitlab::Auth::Ldap::Person)
.to receive(:find_by_email)
.with(email, anything)
.and_return(person)
......@@ -66,8 +66,8 @@ module LdapHelpers
end
def raise_ldap_connection_error
allow_any_instance_of(Gitlab::Auth::LDAP::Adapter)
.to receive(:ldap_search).and_raise(Gitlab::Auth::LDAP::LDAPConnectionError)
allow_any_instance_of(Gitlab::Auth::Ldap::Adapter)
.to receive(:ldap_search).and_raise(Gitlab::Auth::Ldap::LdapConnectionError)
end
end
......
......@@ -30,7 +30,7 @@ RSpec.shared_context 'Ldap::OmniauthCallbacksController' do
@original_env_config_omniauth_auth = mock_auth_hash(provider.to_s, uid, user.email)
stub_omniauth_provider(provider, context: request)
allow(Gitlab::Auth::LDAP::Access).to receive(:allowed?).and_return(valid_login?)
allow(Gitlab::Auth::Ldap::Access).to receive(:allowed?).and_return(valid_login?)
end
after do
......
......@@ -68,8 +68,8 @@ describe 'check.rake' do
context 'when LDAP is not enabled' do
it 'does not attempt to bind or search for users' do
expect(Gitlab::Auth::LDAP::Config).not_to receive(:providers)
expect(Gitlab::Auth::LDAP::Adapter).not_to receive(:open)
expect(Gitlab::Auth::Ldap::Config).not_to receive(:providers)
expect(Gitlab::Auth::Ldap::Adapter).not_to receive(:open)
subject
end
......@@ -80,12 +80,12 @@ describe 'check.rake' do
let(:adapter) { ldap_adapter('ldapmain', ldap) }
before do
allow(Gitlab::Auth::LDAP::Config)
allow(Gitlab::Auth::Ldap::Config)
.to receive_messages(
enabled?: true,
providers: ['ldapmain']
)
allow(Gitlab::Auth::LDAP::Adapter).to receive(:open).and_yield(adapter)
allow(Gitlab::Auth::Ldap::Adapter).to receive(:open).and_yield(adapter)
allow(adapter).to receive(:users).and_return([])
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment