Commit a8717235 authored by Drew Blessing's avatar Drew Blessing Committed by Drew Blessing

Fix admin mode when authenticating with LDAP

When users reauthenticate to enable admin mode, and are signing
in with an external authentication provider such as LDAP, we need
to use a case-insensitive, normalized lookup of the user identity.
This changes the match identity method in the user model to use
the existing scope which normalizes the uid and does a case-insensitive
lookup.

Changelog: changed
parent 2fca139b
...@@ -1230,7 +1230,7 @@ class User < ApplicationRecord ...@@ -1230,7 +1230,7 @@ class User < ApplicationRecord
end end
def matches_identity?(provider, extern_uid) def matches_identity?(provider, extern_uid)
identities.where(provider: provider, extern_uid: extern_uid).exists? identities.with_extern_uid(provider, extern_uid).exists?
end end
def project_deploy_keys def project_deploy_keys
......
...@@ -2812,6 +2812,14 @@ RSpec.describe User do ...@@ -2812,6 +2812,14 @@ RSpec.describe User do
end end
end end
describe '#matches_identity?' do
it 'finds the identity when the DN is formatted differently' do
user = create(:omniauth_user, provider: 'ldapmain', extern_uid: 'uid=john smith,ou=people,dc=example,dc=com')
expect(user.matches_identity?('ldapmain', 'uid=John Smith, ou=People, dc=example, dc=com')).to eq(true)
end
end
describe '#ldap_block' do describe '#ldap_block' do
let(:user) { create(:omniauth_user, provider: 'ldapmain', name: 'John Smith') } let(:user) { create(:omniauth_user, provider: 'ldapmain', name: 'John Smith') }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment