Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
bf8a48e1
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
bf8a48e1
编写于
9月 02, 2016
作者:
D
Drew Blessing
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Request only the LDAP attributes we need
上级
eb2d2066
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
149 addition
and
28 deletion
+149
-28
CHANGELOG
CHANGELOG
+1
-0
lib/gitlab/ldap/adapter.rb
lib/gitlab/ldap/adapter.rb
+33
-25
spec/lib/gitlab/ldap/adapter_spec.rb
spec/lib/gitlab/ldap/adapter_spec.rb
+68
-3
spec/support/ldap_helpers.rb
spec/support/ldap_helpers.rb
+47
-0
未找到文件。
CHANGELOG
浏览文件 @
bf8a48e1
...
...
@@ -23,6 +23,7 @@ v 8.12.0 (unreleased)
- Set path for all JavaScript cookies to honor GitLab's subdirectory setting !5627 (Mike Greiling)
- Fix blame table layout width
- Fix bug where pagination is still displayed despite all todos marked as done (ClemMakesApps)
- Request only the LDAP attributes we need !6187
- Center build stage columns in pipeline overview (ClemMakesApps)
- Rename behaviour to behavior in bug issue template for consistency (ClemMakesApps)
- Remove suggested colors hover underline (ClemMakesApps)
...
...
lib/gitlab/ldap/adapter.rb
浏览文件 @
bf8a48e1
...
...
@@ -23,31 +23,7 @@ module Gitlab
end
def
users
(
field
,
value
,
limit
=
nil
)
if
field
.
to_sym
==
:dn
options
=
{
base:
value
,
scope:
Net
::
LDAP
::
SearchScope_BaseObject
}
else
options
=
{
base:
config
.
base
,
filter:
Net
::
LDAP
::
Filter
.
eq
(
field
,
value
)
}
end
if
config
.
user_filter
.
present?
user_filter
=
Net
::
LDAP
::
Filter
.
construct
(
config
.
user_filter
)
options
[
:filter
]
=
if
options
[
:filter
]
Net
::
LDAP
::
Filter
.
join
(
options
[
:filter
],
user_filter
)
else
user_filter
end
end
if
limit
.
present?
options
.
merge!
(
size:
limit
)
end
options
=
user_options
(
field
,
value
,
limit
)
entries
=
ldap_search
(
options
).
select
do
|
entry
|
entry
.
respond_to?
config
.
uid
...
...
@@ -90,6 +66,38 @@ module Gitlab
Rails
.
logger
.
warn
(
"LDAP search timed out after
#{
config
.
timeout
}
seconds"
)
[]
end
private
def
user_options
(
field
,
value
,
limit
)
options
=
{
attributes:
%W(
#{
config
.
uid
}
cn mail dn)
}
options
[
:size
]
=
limit
if
limit
if
field
.
to_sym
==
:dn
options
[
:base
]
=
value
options
[
:scope
]
=
Net
::
LDAP
::
SearchScope_BaseObject
options
[
:filter
]
=
user_filter
else
options
[
:base
]
=
config
.
base
options
[
:filter
]
=
user_filter
(
Net
::
LDAP
::
Filter
.
eq
(
field
,
value
))
end
options
end
def
user_filter
(
filter
=
nil
)
if
config
.
user_filter
.
present?
user_filter
=
Net
::
LDAP
::
Filter
.
construct
(
config
.
user_filter
)
end
if
user_filter
&&
filter
Net
::
LDAP
::
Filter
.
join
(
filter
,
user_filter
)
elsif
user_filter
user_filter
else
filter
end
end
end
end
end
spec/lib/gitlab/ldap/adapter_spec.rb
浏览文件 @
bf8a48e1
require
'spec_helper'
describe
Gitlab
::
LDAP
::
Adapter
,
lib:
true
do
let
(
:adapter
)
{
Gitlab
::
LDAP
::
Adapter
.
new
'ldapmain'
}
include
LdapHelpers
let
(
:ldap
)
{
double
(
:ldap
)
}
let
(
:adapter
)
{
ldap_adapter
(
'ldapmain'
,
ldap
)
}
describe
'#users'
do
before
do
stub_ldap_config
(
base:
'dc=example,dc=com'
)
end
it
'searches with the proper options when searching by uid'
do
# Requires this expectation style to match the filter
expect
(
adapter
).
to
receive
(
:ldap_search
)
do
|
arg
|
expect
(
arg
[
:filter
].
to_s
).
to
eq
(
'(uid=johndoe)'
)
expect
(
arg
[
:base
]).
to
eq
(
'dc=example,dc=com'
)
expect
(
arg
[
:attributes
]).
to
match
(
%w{uid cn mail dn}
)
end
.
and_return
({})
adapter
.
users
(
'uid'
,
'johndoe'
)
end
it
'searches with the proper options when searching by dn'
do
expect
(
adapter
).
to
receive
(
:ldap_search
).
with
(
base:
'uid=johndoe,ou=users,dc=example,dc=com'
,
scope:
Net
::
LDAP
::
SearchScope_BaseObject
,
attributes:
%w{uid cn mail dn}
,
filter:
nil
).
and_return
({})
adapter
.
users
(
'dn'
,
'uid=johndoe,ou=users,dc=example,dc=com'
)
end
it
'searches with the proper options when searching with a limit'
do
expect
(
adapter
)
.
to
receive
(
:ldap_search
).
with
(
hash_including
(
size:
100
)).
and_return
({})
adapter
.
users
(
'uid'
,
'johndoe'
,
100
)
end
it
'returns an LDAP::Person if search returns a result'
do
entry
=
ldap_user_entry
(
'johndoe'
)
allow
(
adapter
).
to
receive
(
:ldap_search
).
and_return
([
entry
])
results
=
adapter
.
users
(
'uid'
,
'johndoe'
)
expect
(
results
.
size
).
to
eq
(
1
)
expect
(
results
.
first
.
uid
).
to
eq
(
'johndoe'
)
end
it
'returns empty array if search entry does not respond to uid'
do
entry
=
Net
::
LDAP
::
Entry
.
new
entry
[
'dn'
]
=
user_dn
(
'johndoe'
)
allow
(
adapter
).
to
receive
(
:ldap_search
).
and_return
([
entry
])
results
=
adapter
.
users
(
'uid'
,
'johndoe'
)
expect
(
results
).
to
be_empty
end
it
'uses the right uid attribute when non-default'
do
stub_ldap_config
(
uid:
'sAMAccountName'
)
expect
(
adapter
).
to
receive
(
:ldap_search
).
with
(
hash_including
(
attributes:
%w{sAMAccountName cn mail dn}
)
).
and_return
({})
adapter
.
users
(
'sAMAccountName'
,
'johndoe'
)
end
end
describe
'#dn_matches_filter?'
do
let
(
:ldap
)
{
double
(
:ldap
)
}
subject
{
adapter
.
dn_matches_filter?
(
:dn
,
:filter
)
}
before
{
allow
(
adapter
).
to
receive
(
:ldap
).
and_return
(
ldap
)
}
context
"when the search is successful"
do
context
"and the result is non-empty"
do
...
...
spec/support/ldap_helpers.rb
0 → 100644
浏览文件 @
bf8a48e1
module
LdapHelpers
def
ldap_adapter
(
provider
=
'ldapmain'
,
ldap
=
double
(
:ldap
))
::
Gitlab
::
LDAP
::
Adapter
.
new
(
provider
,
ldap
)
end
def
user_dn
(
uid
)
"uid=
#{
uid
}
,ou=users,dc=example,dc=com"
end
# Accepts a hash of Gitlab::LDAP::Config keys and values.
#
# Example:
# stub_ldap_config(
# group_base: 'ou=groups,dc=example,dc=com',
# admin_group: 'my-admin-group'
# )
def
stub_ldap_config
(
messages
)
messages
.
each
do
|
config
,
value
|
allow_any_instance_of
(
::
Gitlab
::
LDAP
::
Config
)
.
to
receive
(
config
.
to_sym
).
and_return
(
value
)
end
end
# Stub an LDAP person search and provide the return entry. Specify `nil` for
# `entry` to simulate when an LDAP person is not found
#
# Example:
# adapter = ::Gitlab::LDAP::Adapter.new('ldapmain', double(:ldap))
# ldap_user_entry = ldap_user_entry('john_doe')
#
# stub_ldap_person_find_by_uid('john_doe', ldap_user_entry, adapter)
def
stub_ldap_person_find_by_uid
(
uid
,
entry
,
provider
=
'ldapmain'
)
return_value
=
::
Gitlab
::
LDAP
::
Person
.
new
(
entry
,
provider
)
if
entry
.
present?
allow
(
::
Gitlab
::
LDAP
::
Person
)
.
to
receive
(
:find_by_uid
).
with
(
uid
,
any_args
).
and_return
(
return_value
)
end
# Create a simple LDAP user entry.
def
ldap_user_entry
(
uid
)
entry
=
Net
::
LDAP
::
Entry
.
new
entry
[
'dn'
]
=
user_dn
(
uid
)
entry
[
'uid'
]
=
uid
entry
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录