Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
718e5b08
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
718e5b08
编写于
9月 12, 2017
作者:
T
Tiago Botelho
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Attempt to link saml users to ldap by email
上级
4d88f649
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
101 addition
and
8 deletion
+101
-8
changelogs/unreleased/33493-attempt-to-link-saml-users-to-ldap-by-email.yml
...sed/33493-attempt-to-link-saml-users-to-ldap-by-email.yml
+5
-0
lib/gitlab/ldap/person.rb
lib/gitlab/ldap/person.rb
+4
-0
lib/gitlab/o_auth/user.rb
lib/gitlab/o_auth/user.rb
+5
-2
lib/gitlab/saml/user.rb
lib/gitlab/saml/user.rb
+10
-6
spec/lib/gitlab/saml/user_spec.rb
spec/lib/gitlab/saml/user_spec.rb
+77
-0
未找到文件。
changelogs/unreleased/33493-attempt-to-link-saml-users-to-ldap-by-email.yml
0 → 100644
浏览文件 @
718e5b08
---
title
:
Link SAML users to LDAP by email.
merge_request
:
14216
author
:
type
:
changed
lib/gitlab/ldap/person.rb
浏览文件 @
718e5b08
...
...
@@ -17,6 +17,10 @@ module Gitlab
adapter
.
user
(
'dn'
,
dn
)
end
def
self
.
find_by_email
(
email
,
adapter
)
Array
(
adapter
.
config
.
attributes
[
'email'
]).
find
{
|
attr
|
adapter
.
user
(
attr
,
email
)
}
end
def
self
.
disabled_via_active_directory?
(
dn
,
adapter
)
adapter
.
dn_matches_filter?
(
dn
,
AD_USER_DISABLED
)
end
...
...
lib/gitlab/o_auth/user.rb
浏览文件 @
718e5b08
...
...
@@ -108,9 +108,12 @@ module Gitlab
end
def
find_ldap_person
(
auth_hash
,
adapter
)
by_uid
=
Gitlab
::
LDAP
::
Person
.
find_by_uid
(
auth_hash
.
uid
,
adapter
)
person
=
Gitlab
::
LDAP
::
Person
.
find_by_uid
(
auth_hash
.
uid
,
adapter
)
# The `uid` might actually be a DN. Try it next.
by_uid
||
Gitlab
::
LDAP
::
Person
.
find_by_dn
(
auth_hash
.
uid
,
adapter
)
person
||=
Gitlab
::
LDAP
::
Person
.
find_by_dn
(
auth_hash
.
uid
,
adapter
)
# The `uid` might actually be a Email. Try it next.
person
||
Gitlab
::
LDAP
::
Person
.
find_by_email
(
auth_hash
.
uid
,
adapter
)
end
def
ldap_config
...
...
lib/gitlab/saml/user.rb
浏览文件 @
718e5b08
...
...
@@ -11,16 +11,16 @@ module Gitlab
end
def
gl_user
if
auto_link_ldap_user?
if
auto_link_saml_user?
@user
||=
find_by_email
end
if
auto_link_ldap_user?
&&
!
@user
&
.
ldap_user?
@user
||=
find_or_create_ldap_user
end
@user
||=
find_by_uid_and_provider
if
auto_link_saml_user?
@user
||=
find_by_email
end
if
signup_enabled?
@user
||=
build_new_user
end
...
...
@@ -42,7 +42,11 @@ module Gitlab
def
find_by_email
if
auth_hash
.
has_attribute?
(
:email
)
user
=
::
User
.
find_by
(
email:
auth_hash
.
email
.
downcase
)
user
.
identities
.
new
(
extern_uid:
auth_hash
.
uid
,
provider:
auth_hash
.
provider
)
if
user
if
user
&
.
identities
&
.
empty?
user
.
identities
.
new
(
extern_uid:
auth_hash
.
uid
,
provider:
auth_hash
.
provider
)
end
user
end
end
...
...
spec/lib/gitlab/saml/user_spec.rb
浏览文件 @
718e5b08
...
...
@@ -170,6 +170,7 @@ describe Gitlab::Saml::User do
allow
(
ldap_user
).
to
receive
(
:dn
)
{
'uid=user1,ou=People,dc=example'
}
allow
(
Gitlab
::
LDAP
::
Person
).
to
receive
(
:find_by_uid
).
and_return
(
ldap_user
)
allow
(
Gitlab
::
LDAP
::
Person
).
to
receive
(
:find_by_dn
).
and_return
(
ldap_user
)
allow
(
Gitlab
::
LDAP
::
Person
).
to
receive
(
:find_by_email
).
and_return
(
ldap_user
)
end
context
'and no account for the LDAP user'
do
...
...
@@ -195,6 +196,82 @@ describe Gitlab::Saml::User do
username:
'john'
)
end
shared_examples
'find ldap person'
do
|
uid_type
,
uid
|
before
do
allow
(
Gitlab
::
LDAP
::
Person
).
to
receive
(
:"find_by_
#{
uid_type
}
"
).
and_return
(
ldap_user
)
end
it
'adds the omniauth identity to the LDAP account'
do
identities
=
[
{
provider:
'ldapmain'
,
extern_uid:
'uid=user1,ou=People,dc=example'
},
{
provider:
'saml'
,
extern_uid:
extern_uid
}
]
identities_as_hash
=
gl_user
.
identities
.
map
do
|
id
|
{
provider:
id
.
provider
,
extern_uid:
id
.
extern_uid
}
end
saml_user
.
save
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
.
username
).
to
eql
'john'
expect
(
gl_user
.
email
).
to
eql
'john@mail.com'
expect
(
gl_user
.
identities
.
length
).
to
be
2
expect
(
identities_as_hash
).
to
match_array
(
identities
)
end
end
context
'when uid is an uid'
do
it_behaves_like
'find ldap person'
,
'uid'
do
let
(
:extern_uid
)
{
uid
}
let
(
:auth_hash
)
do
OmniAuth
::
AuthHash
.
new
(
uid:
uid
,
provider:
provider
,
info:
info_hash
,
extra:
{
raw_info:
OneLogin
::
RubySaml
::
Attributes
.
new
(
{
'groups'
=>
%w(Developers Freelancers Designers)
}
)
})
end
end
end
context
'when uid is a dn'
do
it_behaves_like
'find ldap person'
,
'email'
do
let
(
:extern_uid
)
{
'uid=user1,ou=People,dc=example'
}
let
(
:auth_hash
)
do
OmniAuth
::
AuthHash
.
new
(
uid:
extern_uid
,
provider:
provider
,
info:
info_hash
,
extra:
{
raw_info:
OneLogin
::
RubySaml
::
Attributes
.
new
(
{
'groups'
=>
%w(Developers Freelancers Designers)
}
)
})
end
end
end
context
'when uid is an email'
do
it_behaves_like
'find ldap person'
,
'email'
do
let
(
:extern_uid
)
{
'john@mail.com'
}
let
(
:auth_hash
)
do
OmniAuth
::
AuthHash
.
new
(
uid:
extern_uid
,
provider:
provider
,
info:
info_hash
,
extra:
{
raw_info:
OneLogin
::
RubySaml
::
Attributes
.
new
(
{
'groups'
=>
%w(Developers Freelancers Designers)
}
)
})
end
end
end
it
'adds the omniauth identity to the LDAP account'
do
saml_user
.
save
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录