Verify certificates in `omniauth-ldap`

cd13e4ae · Michael Kozono · 612b3864 · cd13e4ae · cd13e4ae
Commit cd13e4ae authored Jun 09, 2017 by Michael Kozono
Show whitespace changes
Inline Side-by-side

Showing with 32 additions and 1 deletion

lib/gitlab/ldap/config.rb lib/gitlab/ldap/config.rb +2 -1

spec/lib/gitlab/ldap/config_spec.rb spec/lib/gitlab/ldap/config_spec.rb +30 -0

No files found.
--- a/lib/gitlab/ldap/config.rb
+++ b/lib/gitlab/ldap/config.rb
@@ -62,7 +62,8 @@ module Gitlab
          base: base,
          encryption: options['encryption'],
          filter: omniauth_user_filter,
-          name_proc: name_proc
+          name_proc: name_proc,
+          disable_verify_certificates: !options['verify_certificates']
        )
        if has_auth?

--- a/spec/lib/gitlab/ldap/config_spec.rb
+++ b/spec/lib/gitlab/ldap/config_spec.rb
@@ -238,6 +238,36 @@ describe Gitlab::LDAP::Config, lib: true do
        password: 'super_secret'
      )
    end
+    context 'when verify_certificates is enabled' do
+      it 'specifies disable_verify_certificates as false' do
+        stub_ldap_config(
+          options: {
+            'host'                => 'ldap.example.com',
+            'port'                => 686,
+            'encryption'          => 'simple_tls',
+            'verify_certificates' => true
+          }
+        )
+        expect(config.omniauth_options).to include({ disable_verify_certificates: false })
+      end
+    end
+    context 'when verify_certificates is disabled' do
+      it 'specifies disable_verify_certificates as true' do
+        stub_ldap_config(
+          options: {
+            'host'                => 'ldap.example.com',
+            'port'                => 686,
+            'encryption'          => 'simple_tls',
+            'verify_certificates' => false
+          }
+        )
+        expect(config.omniauth_options).to include({ disable_verify_certificates: true })
+      end
+    end
  end
  describe '#has_auth?' do