Merge branch 'ldap_migration'

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> Conflicts: db/schema.rb
2015-04-13 17:18:02 +03:00 · 2015-04-13 17:18:02 +03:00 · 4ab717ea6a
commit 4ab717ea6a
parent ecb58dacd6 f39b150a02
8 changed files with 48 additions and 20 deletions
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@ -15,4 +15,5 @@ class Identity < ActiveRecord::Base
  belongs_to :user

  validates :extern_uid, allow_blank: true, uniqueness: { scope: :provider }
+  validates :user_id, uniqueness: { scope: :provider }
 end
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@ -105,6 +105,15 @@ production: &base
  ldap:
    enabled: false
    servers:
+      ##########################################################################
+      #
+      # Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab
+      # Enterprise Edition now supports connecting to multiple LDAP servers.
+      #
+      # If you are updating from the old (pre-7.4) syntax, you MUST give your
+      # old server the ID 'main'.
+      #
+      ##########################################################################
      main: # 'main' is the GitLab 'provider ID' of this LDAP server
        ## label
        #
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@ -66,10 +66,11 @@ Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
 # backwards compatibility, we only have one host
 if Settings.ldap['enabled'] || Rails.env.test?
  if Settings.ldap['host'].present?
+    # We detected old LDAP configuration syntax. Update the config to make it
+    # look like it was entered with the new syntax.
    server = Settings.ldap.except('sync_time')
-    server['provider_name'] = 'ldap'
    Settings.ldap['servers'] = {
-      'ldap' => server
+      'main' => server
    }
  end

@ -82,6 +83,7 @@ if Settings.ldap['enabled'] || Rails.env.test?
  end
 end

+
 Settings['omniauth'] ||= Settingslogic.new({})
 Settings.omniauth['enabled']      = false if Settings.omniauth['enabled'].nil?
 Settings.omniauth['providers']  ||= []
--- a/db/migrate/20150411000035_fix_identities.rb
+++ b/db/migrate/20150411000035_fix_identities.rb
@ -0,0 +1,32 @@
+class FixIdentities < ActiveRecord::Migration
+  def up
+    # Up until now, legacy 'ldap' references in the database were charitably
+    # interpreted to point to the first LDAP server specified in the GitLab
+    # configuration. So if the database said 'provider: ldap' but the first
+    # LDAP server was called 'ldapmain', then we would try to interpret
+    # 'provider: ldap' as if it said 'provider: ldapmain'. This migration (and
+    # accompanying changes in the GitLab LDAP code) get rid of this complicated
+    # behavior. Any database references to 'provider: ldap' get rewritten to
+    # whatever the code would have interpreted it as, i.e. as a reference to
+    # the first LDAP server specified in gitlab.yml / gitlab.rb.
+    new_provider = if Gitlab.config.ldap.enabled
+                     first_ldap_server = Gitlab.config.ldap.servers.values.first
+                     first_ldap_server['provider_name']
+                   else
+                     'ldapmain'
+                   end
+
+    # Delete duplicate identities
+    execute "DELETE FROM identities WHERE provider = 'ldap' AND user_id IN (SELECT user_id FROM identities WHERE provider = '#{new_provider}')"
+
+    # Update legacy identities
+    execute "UPDATE identities SET provider = '#{new_provider}' WHERE provider = 'ldap';"
+
+    if table_exists?('ldap_group_links')
+      execute "UPDATE ldap_group_links SET provider = '#{new_provider}' WHERE provider IS NULL OR provider = 'ldap';"
+    end
+  end
+
+  def down
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -460,6 +460,7 @@ ActiveRecord::Schema.define(version: 20150411180045) do
    t.integer  "notification_level",            default: 1,     null: false
    t.datetime "password_expires_at"
    t.integer  "created_by_id"
+    t.datetime "last_credential_check_at"
    t.string   "avatar"
    t.string   "confirmation_token"
    t.datetime "confirmed_at"
@ -467,7 +468,6 @@ ActiveRecord::Schema.define(version: 20150411180045) do
    t.string   "unconfirmed_email"
    t.boolean  "hide_no_ssh_key",               default: false
    t.string   "website_url",                   default: "",    null: false
-    t.datetime "last_credential_check_at"
    t.string   "github_access_token"
    t.string   "gitlab_access_token"
    t.string   "notification_email"
--- a/lib/gitlab/ldap/config.rb
+++ b/lib/gitlab/ldap/config.rb
@ -27,8 +27,6 @@ module Gitlab
      def initialize(provider)
        if self.class.valid_provider?(provider)
          @provider = provider
-        elsif provider == 'ldap'
-          @provider = self.class.providers.first
        else
          self.class.invalid_provider(provider)
        end
--- a/lib/gitlab/ldap/user.rb
+++ b/lib/gitlab/ldap/user.rb
@ -13,7 +13,7 @@ module Gitlab
        def find_by_uid_and_provider(uid, provider)
          # LDAP distinguished name is case-insensitive
          identity = ::Identity.
-            where(provider: [provider, :ldap]).
+            where(provider: provider).
            where('lower(extern_uid) = ?', uid.downcase).last
          identity && identity.user
        end
--- a/spec/lib/gitlab/ldap/config_spec.rb
+++ b/spec/lib/gitlab/ldap/config_spec.rb
@ -16,19 +16,5 @@ describe Gitlab::LDAP::Config do
    it "raises an error if a unknow provider is used" do
      expect{ Gitlab::LDAP::Config.new 'unknown' }.to raise_error
    end
-
-    context "if 'ldap' is the provider name" do
-      let(:provider) { 'ldap' }
-
-      context "and 'ldap' is not in defined as a provider" do
-        before { Gitlab::LDAP::Config.stub(providers: %w{ldapmain}) }
-
-        it "uses the first provider" do
-          # Fetch the provider_name attribute from 'options' so that we know
-          # that the 'options' Hash is not empty/nil.
-          expect(config.options['provider_name']).to eq('ldapmain')
-        end
-      end
-    end
  end
 end