diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb index c8f3a69376a..1606210aafc 100644 --- a/lib/gitlab/ldap/user.rb +++ b/lib/gitlab/ldap/user.rb @@ -26,7 +26,7 @@ module Gitlab # * When user already has account and need to link his LDAP account. # * LDAP uid changed for user with same email and we need to update his uid # - user = model.find_by_email(email) + user = find_user(email) if user user.update_attributes(extern_uid: uid, provider: provider) @@ -43,6 +43,15 @@ module Gitlab user end + def find_user(email) + if user = model.find_by_email(email) + elsif ldap_conf['allow_username_or_email_login'] + uname = (email.partition('@').first) unless email.nil? + user = model.find_by_username(uname) + end + user + end + def authenticate(login, password) # Check user against LDAP backend if user is not authenticated # Only check with valid login and password to prevent anonymous bind results diff --git a/spec/lib/auth_oauth_spec.rb b/spec/lib/auth_oauth_spec.rb new file mode 100644 index 00000000000..c9deb590f67 --- /dev/null +++ b/spec/lib/auth_oauth_spec.rb @@ -0,0 +1,98 @@ +require 'spec_helper' + +describe Gitlab::Auth do + let(:gl_auth) { Gitlab::Auth.new } + + before do + Gitlab.config.stub(omniauth: {}) + + @info = mock( + uid: '12djsak321', + name: 'John', + email: 'john@mail.com' + ) + end + + describe :find_for_ldap_auth do + before do + @auth = mock( + uid: '12djsak321', + info: @info, + provider: 'ldap' + ) + end + + it "should find by uid & provider" do + User.should_receive :find_by_extern_uid_and_provider + gl_auth.find_for_ldap_auth(@auth) + end + + it "should update credentials by email if missing uid" do + user = double('User') + User.stub find_by_extern_uid_and_provider: nil + User.stub find_by_email: user + user.should_receive :update_attributes + gl_auth.find_for_ldap_auth(@auth) + end + + it "should update credentials by username if missing uid and Gitlab.config.ldap.allow_username_or_email_login is true" do + user = double('User') + value = Gitlab.config.ldap.allow_username_or_email_login + Gitlab.config.ldap['allow_username_or_email_login'] = true + User.stub find_by_extern_uid_and_provider: nil + User.stub find_by_email: nil + User.stub find_by_username: user + user.should_receive :update_attributes + gl_auth.find_for_ldap_auth(@auth) + Gitlab.config.ldap['allow_username_or_email_login'] = value + end + + it "should not update credentials by username if missing uid and Gitlab.config.ldap.allow_username_or_email_login is false" do + user = double('User') + value = Gitlab.config.ldap.allow_username_or_email_login + Gitlab.config.ldap['allow_username_or_email_login'] = false + User.stub find_by_extern_uid_and_provider: nil + User.stub find_by_email: nil + User.stub find_by_username: user + user.should_not_receive :update_attributes + gl_auth.find_for_ldap_auth(@auth) + Gitlab.config.ldap['allow_username_or_email_login'] = value + end + + it "should create from auth if user does not exist"do + User.stub find_by_extern_uid_and_provider: nil + User.stub find_by_email: nil + gl_auth.should_receive :create_from_omniauth + gl_auth.find_for_ldap_auth(@auth) + end + end + + describe :find_or_new_for_omniauth do + before do + @auth = mock( + info: @info, + provider: 'twitter', + uid: '12djsak321', + ) + end + + it "should find user"do + User.should_receive :find_by_provider_and_extern_uid + gl_auth.should_not_receive :create_from_omniauth + gl_auth.find_or_new_for_omniauth(@auth) + end + + it "should not create user"do + User.stub find_by_provider_and_extern_uid: nil + gl_auth.should_not_receive :create_from_omniauth + gl_auth.find_or_new_for_omniauth(@auth) + end + + it "should create user if single_sing_on"do + Gitlab.config.omniauth['allow_single_sign_on'] = true + User.stub find_by_provider_and_extern_uid: nil + gl_auth.should_receive :create_from_omniauth + gl_auth.find_or_new_for_omniauth(@auth) + end + end +end