From 938f2b9979e8aae74307571d2c56df3f9b2981f5 Mon Sep 17 00:00:00 2001
From: Drew Blessing <drew@gitlab.com>
Date: Thu, 16 Jun 2016 15:11:09 -0500
Subject: [PATCH] Fix subsequent SAML sign ins

---
 lib/gitlab/o_auth/user.rb         |  2 +-
 spec/lib/gitlab/saml/user_spec.rb | 18 +++++++++++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb
index 78f3ecb4cb4..7af75a9cc4c 100644
--- a/lib/gitlab/o_auth/user.rb
+++ b/lib/gitlab/o_auth/user.rb
@@ -74,7 +74,7 @@ module Gitlab
         if user
           # Case when a LDAP user already exists in Gitlab. Add the OAuth identity to existing account.
           log.info "LDAP account found for user #{user.username}. Building new #{auth_hash.provider} identity."
-          user.identities.build(extern_uid: auth_hash.uid, provider: auth_hash.provider)
+          user.identities.find_or_initialize_by(extern_uid: auth_hash.uid, provider: auth_hash.provider)
         else
           log.info "No existing LDAP account was found in GitLab. Checking for #{auth_hash.provider} account."
           user = find_by_uid_and_provider
diff --git a/spec/lib/gitlab/saml/user_spec.rb b/spec/lib/gitlab/saml/user_spec.rb
index 84c21ceefd9..2753aecc1f4 100644
--- a/spec/lib/gitlab/saml/user_spec.rb
+++ b/spec/lib/gitlab/saml/user_spec.rb
@@ -164,7 +164,14 @@ describe Gitlab::Saml::User, lib: true do
             end
 
             context 'and LDAP user has an account already' do
-              let!(:existing_user) { create(:omniauth_user, email: 'john@mail.com', extern_uid: 'uid=user1,ou=People,dc=example', provider: 'ldapmain', username: 'john') }
+              before do
+                create(:omniauth_user,
+                       email: 'john@mail.com',
+                       extern_uid: 'uid=user1,ou=People,dc=example',
+                       provider: 'ldapmain',
+                       username: 'john')
+              end
+
               it 'adds the omniauth identity to the LDAP account' do
                 saml_user.save
 
@@ -177,6 +184,15 @@ describe Gitlab::Saml::User, lib: true do
                                                             { provider: 'saml', extern_uid: uid }
                                                           ])
               end
+
+              it 'saves successfully on subsequent tries, when both identities are present' do
+                saml_user.save
+                local_saml_user = described_class.new(auth_hash)
+                local_saml_user.save
+
+                expect(local_saml_user.gl_user).to be_valid
+                expect(local_saml_user.gl_user).to be_persisted
+              end
             end
 
             context 'user has SAML user, and wants to add their LDAP identity' do