Move EE-only code in Gitlab::OAuth::AuthHash into a prepended module

d2a55fc0 · Nick Thomas · d16c3015 · d2a55fc0 · d2a55fc0 · d2a55fc0
Commit d2a55fc0 authored Jul 11, 2017 by Nick Thomas
4 changed files
--- a/lib/ee/gitlab/o_auth/auth_hash.rb
+++ b/lib/ee/gitlab/o_auth/auth_hash.rb
+module EE
+  module Gitlab
+    module OAuth
+      module AuthHash
+        def kerberos_default_realm
+          ::Gitlab::Kerberos::Authentication.kerberos_default_realm
+        end
+        # For Kerberos, usernames `principal` and `principal@DEFAULT.REALM` are equivalent and
+        # may be used indifferently, but omniauth_kerberos does not normalize them as of version 0.3.0.
+        # Normalize here the uid to always have the canonical Kerberos principal name with realm.
+        def kerberos_normalized_uid
+          @kerberos_normalized_uid ||=
+            begin
+              uid = ::Gitlab::Utils.force_utf8(auth_hash.uid.to_s)
+              uid += '@' + kerberos_default_realm unless uid.include?('@')
+              uid
+            end
+        end
+        def uid
+          if provider == 'kerberos'
+            kerberos_normalized_uid
+          else
+            super
+          end
+        end
+      end
+    end
+  end
+end
--- a/lib/gitlab/o_auth/auth_hash.rb
+++ b/lib/gitlab/o_auth/auth_hash.rb
@@ -3,26 +3,15 @@
 module Gitlab
  module OAuth
    class AuthHash
+      prepend ::EE::Gitlab::OAuth::AuthHash
      attr_reader :auth_hash
      def initialize(auth_hash)
        @auth_hash = auth_hash
      end
-      def kerberos_default_realm
-        Gitlab::Kerberos::Authentication.kerberos_default_realm
-      end
-      def normalized_uid
-        return auth_hash.uid.to_s unless provider == 'kerberos'
-        # For Kerberos, usernames `principal` and `principal@DEFAULT.REALM` are equivalent and
-        # may be used indifferently, but omniauth_kerberos does not normalize them as of version 0.3.0.
-        # Normalize here the uid to always have the canonical Kerberos principal name with realm.
-        return auth_hash.uid if auth_hash.uid.include?("@")
-        auth_hash.uid + "@" + kerberos_default_realm
-      end
      def uid
-        @uid ||= Gitlab::Utils.force_utf8(normalized_uid)
+        @uid ||= Gitlab::Utils.force_utf8(auth_hash.uid.to_s)
      end
      def provider

--- a/spec/lib/ee/gitlab/o_auth/auth_hash_spec.rb
+++ b/spec/lib/ee/gitlab/o_auth/auth_hash_spec.rb
+require 'spec_helper'
+describe Gitlab::OAuth::AuthHash, lib: true do
+  let(:auth_hash) do
+    Gitlab::OAuth::AuthHash.new(
+      OmniAuth::AuthHash.new(
+        provider: ascii('kerberos'),
+        uid: ascii(uid),
+        info: { uid: ascii(uid) }
+      )
+    )
+  end
+  describe '#uid' do
+    subject { auth_hash.uid }
+    context 'contains a kerberos realm' do
+      let(:uid) { 'mylogin@BAR.COM' }
+      it 'preserves the canonical uid' do
+        is_expected.to eq('mylogin@BAR.COM')
+      end
+    end
+    context 'does not contain a kerberos realm' do
+      let(:uid) { 'mylogin' }
+      before do
+        allow(Gitlab::Kerberos::Authentication).to receive(:kerberos_default_realm).and_return('FOO.COM')
+      end
+      it 'canonicalizes uid with kerberos realm' do
+        is_expected.to eq('mylogin@FOO.COM')
+      end
+    end
+  end
+  def ascii(text)
+    text.force_encoding(Encoding::ASCII_8BIT)
+  end
+end
--- a/spec/lib/gitlab/o_auth/auth_hash_spec.rb
+++ b/spec/lib/gitlab/o_auth/auth_hash_spec.rb
@@ -54,29 +54,6 @@ describe Gitlab::OAuth::AuthHash, lib: true do
    it { expect(auth_hash.password).not_to be_empty }
  end
-  context 'with kerberos provider' do
-    let(:provider_ascii) { 'kerberos'.force_encoding(Encoding::ASCII_8BIT) }
-    context "and uid contains a kerberos realm" do
-      let(:uid_ascii) { 'mylogin@BAR.COM'.force_encoding(Encoding::ASCII_8BIT) }
-      it "preserves the canonical uid" do
-        expect(auth_hash.uid).to eq('mylogin@BAR.COM')
-      end
-    end
-    context "and uid does not contain a kerberos realm" do
-      let(:uid_ascii) { 'mylogin'.force_encoding(Encoding::ASCII_8BIT) }
-      before do
-        allow(Gitlab::Kerberos::Authentication).to receive(:kerberos_default_realm).and_return("FOO.COM")
-      end
-      it "canonicalizes uid with kerberos realm" do
-        expect(auth_hash.uid).to eq('mylogin@FOO.COM')
-      end
-    end
-  end
  context 'email not provided' do
    before do
      info_hash.delete(:email)