Check if LDAP user was removed or blocked when use git over ssh

2013-10-07 16:06:30 +03:00 · 2013-10-07 16:06:30 +03:00 · baa65e89b9
commit baa65e89b9
parent 2db9410945
2 changed files with 11 additions and 0 deletions
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@ -35,6 +35,7 @@ module API
          user = key.user

          return false if user.blocked?
+          return false if user.ldap_user? && Gitlab::LDAP::User.blocked?(user.extern_uid)

          action = case git_cmd
                   when *DOWNLOAD_COMMANDS
--- a/lib/gitlab/ldap/user.rb
+++ b/lib/gitlab/ldap/user.rb
@ -71,6 +71,16 @@ module Gitlab
          find_by_uid(ldap_user.dn) if ldap_user
        end

+        # Check LDAP user existance by dn. User in git over ssh check
+        #
+        # It covers 2 cases:
+        # * when ldap account was removed
+        # * when ldap account was deactivated by change of OU membership in 'dn'
+        def blocked?(dn)
+          ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf)
+          ldap.connection.search(base: dn, size: 1).blank?
+        end
+
        private

        def find_by_uid(uid)