kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Fix SAML error 500 when no groups are defined for user

Browse source 
When there are no groups defined in the auth hash attributes,
`Gitlab::Saml::AuthHash#groups` should return an empty array, and
`Gitlab::Saml::User#find_user` should not mark the user as external.

Closes gitlab-org/gitlab-ce#38923.
This commit is contained in:
Toon Claes 2017-10-17 15:20:07 +02:00
parent f69b54682f
commit b40ff63412
6 changed files with 74 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
changelogs/unreleased/tc-saml-fix-false-empty.yml Normal file
View file

@ -0,0 +1,5 @@
---
title: Fix SAML error 500 when no groups are defined for user
merge_request: 14913
author:
type: fixed

2
lib/gitlab/saml/auth_hash.rb
View file

@ -2,7 +2,7 @@ module Gitlab
module Saml module Saml
class AuthHash < Gitlab::OAuth::AuthHash class AuthHash < Gitlab::OAuth::AuthHash
def groups def groups
get_raw(Gitlab::Saml::Config.groups) Array.wrap(get_raw(Gitlab::Saml::Config.groups))
end end
private private

40
spec/lib/gitlab/saml/auth_hash_spec.rb Normal file
View file

@ -0,0 +1,40 @@
require 'spec_helper'
describe Gitlab::Saml::AuthHash do
include LoginHelpers
let(:raw_info_attr) { { 'groups' => %w(Developers Freelancers) } }
subject(:saml_auth_hash) { described_class.new(omniauth_auth_hash) }
let(:info_hash) do
{
name: 'John',
email: 'john@mail.com'
}
end
let(:omniauth_auth_hash) do
OmniAuth::AuthHash.new(uid: 'my-uid',
provider: 'saml',
info: info_hash,
extra: { raw_info: OneLogin::RubySaml::Attributes.new(raw_info_attr) } )
end
before do
stub_saml_group_config(%w(Developers Freelancers Designers))
end
describe '#groups' do
it 'returns array of groups' do
expect(saml_auth_hash.groups).to eq(%w(Developers Freelancers))
end
context 'raw info hash attributes empty' do
let(:raw_info_attr) { {} }
it 'returns an empty array' do
expect(saml_auth_hash.groups).to be_a(Array)
end
end
end
end

32
spec/lib/gitlab/saml/user_spec.rb
View file

@ -2,13 +2,15 @@ require 'spec_helper'
describe Gitlab::Saml::User do describe Gitlab::Saml::User do
include LdapHelpers include LdapHelpers
include LoginHelpers
let(:saml_user) { described_class.new(auth_hash) } let(:saml_user) { described_class.new(auth_hash) }
let(:gl_user) { saml_user.gl_user } let(:gl_user) { saml_user.gl_user }
let(:uid) { 'my-uid' } let(:uid) { 'my-uid' }
let(:dn) { 'uid=user1,ou=People,dc=example' } let(:dn) { 'uid=user1,ou=People,dc=example' }
let(:provider) { 'saml' } let(:provider) { 'saml' }
let(:auth_hash) { OmniAuth::AuthHash.new(uid: uid, provider: provider, info: info_hash, extra: { raw_info: OneLogin::RubySaml::Attributes.new({ 'groups' => %w(Developers Freelancers Designers) }) }) } let(:raw_info_attr) { { 'groups' => %w(Developers Freelancers Designers) } }
let(:auth_hash) { OmniAuth::AuthHash.new(uid: uid, provider: provider, info: info_hash, extra: { raw_info: OneLogin::RubySaml::Attributes.new(raw_info_attr) }) }
let(:info_hash) do let(:info_hash) do
{ {
name: 'John', name: 'John',
@ -18,22 +20,6 @@ describe Gitlab::Saml::User do
let(:ldap_user) { Gitlab::LDAP::Person.new(Net::LDAP::Entry.new, 'ldapmain') } let(:ldap_user) { Gitlab::LDAP::Person.new(Net::LDAP::Entry.new, 'ldapmain') }
describe '#save' do describe '#save' do
def stub_omniauth_config(messages)
allow(Gitlab.config.omniauth).to receive_messages(messages)
end
def stub_ldap_config(messages)
allow(Gitlab::LDAP::Config).to receive_messages(messages)
end
def stub_basic_saml_config
allow(Gitlab::Saml::Config).to receive_messages({ options: { name: 'saml', args: {} } })
end
def stub_saml_group_config(groups)
allow(Gitlab::Saml::Config).to receive_messages({ options: { name: 'saml', groups_attribute: 'groups', external_groups: groups, args: {} } })
end
before do before do
stub_basic_saml_config stub_basic_saml_config
end end
@ -402,4 +388,16 @@ describe Gitlab::Saml::User do
end end
end end
end end
describe '#find_user' do
context 'raw info hash attributes empty' do
let(:raw_info_attr) { {} }
it 'does not mark user as external' do
stub_saml_group_config(%w(Freelancers))
expect(saml_user.find_user.external).to be_falsy
end
end
end
end end

5
spec/support/ldap_helpers.rb
View file

@ -15,10 +15,7 @@ module LdapHelpers
# admin_group: 'my-admin-group' # admin_group: 'my-admin-group'
# ) # )
def stub_ldap_config(messages) def stub_ldap_config(messages)
messages.each do |config, value| allow_any_instance_of(::Gitlab::LDAP::Config).to receive_messages(messages)
allow_any_instance_of(::Gitlab::LDAP::Config)
.to receive(config.to_sym).and_return(value)
end
end end
# Stub an LDAP person search and provide the return entry. Specify `nil` for # Stub an LDAP person search and provide the return entry. Specify `nil` for

12
spec/support/login_helpers.rb
View file

@ -120,4 +120,16 @@ module LoginHelpers
allow_any_instance_of(Object).to receive(:user_saml_omniauth_authorize_path).and_return('/users/auth/saml') allow_any_instance_of(Object).to receive(:user_saml_omniauth_authorize_path).and_return('/users/auth/saml')
allow_any_instance_of(Object).to receive(:omniauth_authorize_path).with(:user, "saml").and_return('/users/auth/saml') allow_any_instance_of(Object).to receive(:omniauth_authorize_path).with(:user, "saml").and_return('/users/auth/saml')
end end
def stub_omniauth_config(messages)
allow(Gitlab.config.omniauth).to receive_messages(messages)
end
def stub_basic_saml_config
allow(Gitlab::Saml::Config).to receive_messages({ options: { name: 'saml', args: {} } })
end
def stub_saml_group_config(groups)
allow(Gitlab::Saml::Config).to receive_messages({ options: { name: 'saml', groups_attribute: 'groups', external_groups: groups, args: {} } })
end
end end