Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
7d017926
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
7d017926
编写于
3月 26, 2018
作者:
H
Horatiu Eugen Vlad
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix LDAP login without user in DB
上级
391732a2
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
28 addition
and
22 deletion
+28
-22
changelogs/unreleased/44608-Cloning-a-repository-over-HTTPS-with-LDAP-credentials-causes-a-HTTP-401-Access-denied.yml
...with-LDAP-credentials-causes-a-HTTP-401-Access-denied.yml
+5
-0
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+5
-1
lib/gitlab/auth/database/authentication.rb
lib/gitlab/auth/database/authentication.rb
+1
-1
lib/gitlab/auth/ldap/authentication.rb
lib/gitlab/auth/ldap/authentication.rb
+6
-16
lib/gitlab/auth/o_auth/authentication.rb
lib/gitlab/auth/o_auth/authentication.rb
+1
-0
spec/lib/gitlab/auth_spec.rb
spec/lib/gitlab/auth_spec.rb
+10
-4
未找到文件。
changelogs/unreleased/44608-Cloning-a-repository-over-HTTPS-with-LDAP-credentials-causes-a-HTTP-401-Access-denied.yml
0 → 100644
浏览文件 @
7d017926
---
title
:
'
Cloning
a
repository
over
HTTPS
with
LDAP
credentials
causes
a
HTTP
401
Access
denied'
merge_request
:
!17988
author
:
Horatiu Eugen Vlad
type
:
fixed
lib/gitlab/auth.rb
浏览文件 @
7d017926
...
...
@@ -69,7 +69,11 @@ module Gitlab
authenticators
.
compact!
user
if
authenticators
.
find
{
|
auth
|
auth
.
login
(
login
,
password
)
}
# return found user that was authenticated first for given login credentials
authenticators
.
find
do
|
auth
|
authenticated_user
=
auth
.
login
(
login
,
password
)
break
authenticated_user
if
authenticated_user
end
end
end
...
...
lib/gitlab/auth/database/authentication.rb
浏览文件 @
7d017926
...
...
@@ -8,7 +8,7 @@ module Gitlab
def
login
(
login
,
password
)
return
false
unless
Gitlab
::
CurrentSettings
.
password_authentication_enabled_for_git?
user
&
.
valid_password?
(
password
)
return
user
if
user
&
.
valid_password?
(
password
)
end
end
end
...
...
lib/gitlab/auth/ldap/authentication.rb
浏览文件 @
7d017926
...
...
@@ -12,30 +12,26 @@ module Gitlab
return
unless
Gitlab
::
Auth
::
LDAP
::
Config
.
enabled?
return
unless
login
.
present?
&&
password
.
present?
auth
=
nil
# loop through providers until valid bind
# return found user that was authenticated by first provider for given login credentials
providers
.
find
do
|
provider
|
auth
=
new
(
provider
)
auth
.
login
(
login
,
password
)
# true will exit the loop
break
auth
.
user
if
auth
.
login
(
login
,
password
)
# true will exit the loop
end
# If (login, password) was invalid for all providers, the value of auth is now the last
# Gitlab::Auth::LDAP::Authentication instance we tried.
auth
.
user
end
def
self
.
providers
Gitlab
::
Auth
::
LDAP
::
Config
.
providers
end
attr_accessor
:ldap_user
def
login
(
login
,
password
)
@ldap_user
=
adapter
.
bind_as
(
result
=
adapter
.
bind_as
(
filter:
user_filter
(
login
),
size:
1
,
password:
password
)
return
unless
result
@user
=
Gitlab
::
Auth
::
LDAP
::
User
.
find_by_uid_and_provider
(
result
.
dn
,
provider
)
end
def
adapter
...
...
@@ -56,12 +52,6 @@ module Gitlab
filter
end
def
user
return
unless
ldap_user
Gitlab
::
Auth
::
LDAP
::
User
.
find_by_uid_and_provider
(
ldap_user
.
dn
,
provider
)
end
end
end
end
...
...
lib/gitlab/auth/o_auth/authentication.rb
浏览文件 @
7d017926
...
...
@@ -12,6 +12,7 @@ module Gitlab
@user
=
user
end
# Implementation must return user object if login successful
def
login
(
login
,
password
)
raise
NotImplementedError
end
...
...
spec/lib/gitlab/auth_spec.rb
浏览文件 @
7d017926
...
...
@@ -315,13 +315,19 @@ describe Gitlab::Auth do
it
"tries to autheticate with db before ldap"
do
expect
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
not_to
receive
(
:login
)
gl_auth
.
find_with_user_password
(
username
,
password
)
expect
(
gl_auth
.
find_with_user_password
(
username
,
password
)).
to
eq
(
user
)
end
it
"does not find user by using ldap as fallback to for authentication"
do
expect
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
to
receive
(
:login
).
and_return
(
nil
)
expect
(
gl_auth
.
find_with_user_password
(
'ldap_user'
,
'password'
)).
to
be_nil
end
it
"
uses
ldap as fallback to for authentication"
do
expect
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
to
receive
(
:login
)
it
"
find new user by using
ldap as fallback to for authentication"
do
expect
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
to
receive
(
:login
)
.
and_return
(
user
)
gl_auth
.
find_with_user_password
(
'ldap_user'
,
'password'
)
expect
(
gl_auth
.
find_with_user_password
(
'ldap_user'
,
'password'
)).
to
eq
(
user
)
end
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录