Fix broken Git over HTTP clones with LDAP users
Due to a regression in !20608, the LDAP authenticator was not being used unless OmniAuth was enabled. This change allows the LDAP provider to be used if it is configured regardless of the OmniAuth setting. Closes #50579
This commit is contained in:
parent
0e9dc23d46
commit
7486d424b9
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Fix broken Git over HTTP clones with LDAP users
|
||||
merge_request: 21352
|
||||
author:
|
||||
type: fixed
|
|
@ -29,6 +29,7 @@ module Gitlab
|
|||
|
||||
def self.enabled?(name)
|
||||
return true if name == 'database'
|
||||
return true if self.ldap_provider?(name) && providers.include?(name.to_sym)
|
||||
|
||||
Gitlab::Auth.omniauth_enabled? && providers.include?(name.to_sym)
|
||||
end
|
||||
|
|
|
@ -1,6 +1,48 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe Gitlab::Auth::OAuth::Provider do
|
||||
describe '.enabled?' do
|
||||
before do
|
||||
allow(described_class).to receive(:providers).and_return([:ldapmain, :google_oauth2])
|
||||
end
|
||||
|
||||
context 'when OmniAuth is disabled' do
|
||||
before do
|
||||
allow(Gitlab::Auth).to receive(:omniauth_enabled?).and_return(false)
|
||||
end
|
||||
|
||||
it 'allows database auth' do
|
||||
expect(described_class.enabled?('database')).to be_truthy
|
||||
end
|
||||
|
||||
it 'allows LDAP auth' do
|
||||
expect(described_class.enabled?('ldapmain')).to be_truthy
|
||||
end
|
||||
|
||||
it 'does not allow other OmniAuth providers' do
|
||||
expect(described_class.enabled?('google_oauth2')).to be_falsey
|
||||
end
|
||||
end
|
||||
|
||||
context 'when OmniAuth is enabled' do
|
||||
before do
|
||||
allow(Gitlab::Auth).to receive(:omniauth_enabled?).and_return(true)
|
||||
end
|
||||
|
||||
it 'allows database auth' do
|
||||
expect(described_class.enabled?('database')).to be_truthy
|
||||
end
|
||||
|
||||
it 'allows LDAP auth' do
|
||||
expect(described_class.enabled?('ldapmain')).to be_truthy
|
||||
end
|
||||
|
||||
it 'allows other OmniAuth providers' do
|
||||
expect(described_class.enabled?('google_oauth2')).to be_truthy
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#config_for' do
|
||||
context 'for an LDAP provider' do
|
||||
context 'when the provider exists' do
|
||||
|
|
Loading…
Reference in New Issue