Commit 8b9e3af8 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'ad-block_auto_created_users' into 'master'

Don't accidentally unblock auto created users from Active Directory.

Fixes #1581.

See merge request !638
parents 0bac9d01 125cb9b8
......@@ -54,6 +54,7 @@ v 7.11.0 (unreleased)
- Make Sidekiq MemoryKiller shutdown signal configurable
- Add "Create Merge Request" buttons to commits and branches pages and push event.
- Show user roles by comments.
- Fix automatic blocking of auto-created users from Active Directory.
v 7.10.2
- Fix CI links on MR page
......
......@@ -40,7 +40,7 @@ module Gitlab
user.block unless user.blocked?
false
else
user.activate if user.blocked?
user.activate if user.blocked? && !ldap_config.block_auto_created_users
true
end
else
......
......@@ -16,7 +16,7 @@ describe Gitlab::LDAP::Access do
context 'when the user is found' do
before { Gitlab::LDAP::Person.stub(find_by_dn: :ldap_user) }
context 'and the user is diabled via active directory' do
context 'and the user is disabled via active directory' do
before { Gitlab::LDAP::Person.stub(disabled_via_active_directory?: true) }
it { is_expected.to be_falsey }
......@@ -36,11 +36,30 @@ describe Gitlab::LDAP::Access do
it { is_expected.to be_truthy }
context 'when auto-created users are blocked' do
before do
Gitlab::LDAP::Config.any_instance.stub(block_auto_created_users: true)
end
it "does not unblock user in GitLab" do
access.allowed?
user.should be_blocked
end
end
context "when auto-created users are not blocked" do
before do
Gitlab::LDAP::Config.any_instance.stub(block_auto_created_users: false)
end
it "should unblock user in GitLab" do
access.allowed?
user.should_not be_blocked
end
end
end
context 'without ActiveDirectory enabled' do
before do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment