From 7486d424b917cb31f60b26d66cf32c6d4b805eac Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Wed, 22 Aug 2018 13:05:01 -0700 Subject: [PATCH] Fix broken Git over HTTP clones with LDAP users Due to a regression in !20608, the LDAP authenticator was not being used unless OmniAuth was enabled. This change allows the LDAP provider to be used if it is configured regardless of the OmniAuth setting. Closes #50579 --- .../unreleased/sh-fix-broken-ldap-clones.yml | 5 +++ lib/gitlab/auth/o_auth/provider.rb | 1 + spec/lib/gitlab/auth/o_auth/provider_spec.rb | 42 +++++++++++++++++++ 3 files changed, 48 insertions(+) create mode 100644 changelogs/unreleased/sh-fix-broken-ldap-clones.yml diff --git a/changelogs/unreleased/sh-fix-broken-ldap-clones.yml b/changelogs/unreleased/sh-fix-broken-ldap-clones.yml new file mode 100644 index 00000000000..abe725924f2 --- /dev/null +++ b/changelogs/unreleased/sh-fix-broken-ldap-clones.yml @@ -0,0 +1,5 @@ +--- +title: Fix broken Git over HTTP clones with LDAP users +merge_request: 21352 +author: +type: fixed diff --git a/lib/gitlab/auth/o_auth/provider.rb b/lib/gitlab/auth/o_auth/provider.rb index e73743944a9..26da9d09ccc 100644 --- a/lib/gitlab/auth/o_auth/provider.rb +++ b/lib/gitlab/auth/o_auth/provider.rb @@ -29,6 +29,7 @@ module Gitlab def self.enabled?(name) return true if name == 'database' + return true if self.ldap_provider?(name) && providers.include?(name.to_sym) Gitlab::Auth.omniauth_enabled? && providers.include?(name.to_sym) end diff --git a/spec/lib/gitlab/auth/o_auth/provider_spec.rb b/spec/lib/gitlab/auth/o_auth/provider_spec.rb index fc35d430917..80d702cf9dc 100644 --- a/spec/lib/gitlab/auth/o_auth/provider_spec.rb +++ b/spec/lib/gitlab/auth/o_auth/provider_spec.rb @@ -1,6 +1,48 @@ require 'spec_helper' describe Gitlab::Auth::OAuth::Provider do + describe '.enabled?' do + before do + allow(described_class).to receive(:providers).and_return([:ldapmain, :google_oauth2]) + end + + context 'when OmniAuth is disabled' do + before do + allow(Gitlab::Auth).to receive(:omniauth_enabled?).and_return(false) + end + + it 'allows database auth' do + expect(described_class.enabled?('database')).to be_truthy + end + + it 'allows LDAP auth' do + expect(described_class.enabled?('ldapmain')).to be_truthy + end + + it 'does not allow other OmniAuth providers' do + expect(described_class.enabled?('google_oauth2')).to be_falsey + end + end + + context 'when OmniAuth is enabled' do + before do + allow(Gitlab::Auth).to receive(:omniauth_enabled?).and_return(true) + end + + it 'allows database auth' do + expect(described_class.enabled?('database')).to be_truthy + end + + it 'allows LDAP auth' do + expect(described_class.enabled?('ldapmain')).to be_truthy + end + + it 'allows other OmniAuth providers' do + expect(described_class.enabled?('google_oauth2')).to be_truthy + end + end + end + describe '#config_for' do context 'for an LDAP provider' do context 'when the provider exists' do