From: Izaak Alpert <ialpert@blackberry.com>
Date: Thu, 12 Sep 2013 20:27:51 +0000 (-0400)
Subject: Allows username only updates to ldap properties
X-Git-Tag: v6.2.0~147^2~2
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=4fcc17e6673b271992a9d4a5106f8bd64cfe86b1;p=wvm%2Fgitlab.git

Allows username only updates to ldap properties

-when logging in if users are allowed to login with just usernames in ldap we will update uid of the user if their uid is out of date

Conflicts:
	spec/lib/auth_spec.rb

Change-Id: Ia171b3d5133da86edc18c0d08ecfaf6a174f2574
---

diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb
index c8f3a6937..1606210aa 100644
--- a/lib/gitlab/ldap/user.rb
+++ b/lib/gitlab/ldap/user.rb
@@ -26,7 +26,7 @@ module Gitlab
             # * When user already has account and need to link his LDAP account.
             # * LDAP uid changed for user with same email and we need to update his uid
             #
-            user = model.find_by_email(email)
+            user = find_user(email)
 
             if user
               user.update_attributes(extern_uid: uid, provider: provider)
@@ -43,6 +43,15 @@ module Gitlab
           user
         end
 
+        def find_user(email)
+          if user = model.find_by_email(email)
+          elsif ldap_conf['allow_username_or_email_login']
+            uname = (email.partition('@').first) unless email.nil?
+            user = model.find_by_username(uname)
+          end
+          user
+        end
+
         def authenticate(login, password)
           # Check user against LDAP backend if user is not authenticated
           # Only check with valid login and password to prevent anonymous bind results
diff --git a/spec/lib/auth_oauth_spec.rb b/spec/lib/auth_oauth_spec.rb
new file mode 100644
index 000000000..c9deb590f
--- /dev/null
+++ b/spec/lib/auth_oauth_spec.rb
@@ -0,0 +1,98 @@
+require 'spec_helper'
+
+describe Gitlab::Auth do
+  let(:gl_auth) { Gitlab::Auth.new }
+
+  before do
+    Gitlab.config.stub(omniauth: {})
+
+    @info = mock(
+      uid: '12djsak321',
+      name: 'John',
+      email: 'john@mail.com'
+    )
+  end
+
+  describe :find_for_ldap_auth do
+    before do
+      @auth = mock(
+        uid: '12djsak321',
+        info: @info,
+        provider: 'ldap'
+      )
+    end
+
+    it "should find by uid & provider" do
+      User.should_receive :find_by_extern_uid_and_provider
+      gl_auth.find_for_ldap_auth(@auth)
+    end
+
+    it "should update credentials by email if missing uid" do
+      user = double('User')
+      User.stub find_by_extern_uid_and_provider: nil
+      User.stub find_by_email: user
+      user.should_receive :update_attributes
+      gl_auth.find_for_ldap_auth(@auth)
+    end
+
+    it "should update credentials by username if missing uid and Gitlab.config.ldap.allow_username_or_email_login is true" do
+      user = double('User')
+      value = Gitlab.config.ldap.allow_username_or_email_login
+      Gitlab.config.ldap['allow_username_or_email_login'] = true
+      User.stub find_by_extern_uid_and_provider: nil
+      User.stub find_by_email: nil
+      User.stub find_by_username: user
+      user.should_receive :update_attributes
+      gl_auth.find_for_ldap_auth(@auth)
+      Gitlab.config.ldap['allow_username_or_email_login'] = value
+    end
+
+    it "should not update credentials by username if missing uid and Gitlab.config.ldap.allow_username_or_email_login is false" do
+      user = double('User')
+      value = Gitlab.config.ldap.allow_username_or_email_login
+      Gitlab.config.ldap['allow_username_or_email_login'] = false
+      User.stub find_by_extern_uid_and_provider: nil
+      User.stub find_by_email: nil
+      User.stub find_by_username: user
+      user.should_not_receive :update_attributes
+      gl_auth.find_for_ldap_auth(@auth)
+      Gitlab.config.ldap['allow_username_or_email_login'] = value
+    end
+
+    it "should create from auth if user does not exist"do
+      User.stub find_by_extern_uid_and_provider: nil
+      User.stub find_by_email: nil
+      gl_auth.should_receive :create_from_omniauth
+      gl_auth.find_for_ldap_auth(@auth)
+    end
+  end
+
+  describe :find_or_new_for_omniauth do
+    before do
+      @auth = mock(
+        info: @info,
+        provider: 'twitter',
+        uid: '12djsak321',
+      )
+    end
+
+    it "should find user"do
+      User.should_receive :find_by_provider_and_extern_uid
+      gl_auth.should_not_receive :create_from_omniauth
+      gl_auth.find_or_new_for_omniauth(@auth)
+    end
+
+    it "should not create user"do
+      User.stub find_by_provider_and_extern_uid: nil
+      gl_auth.should_not_receive :create_from_omniauth
+      gl_auth.find_or_new_for_omniauth(@auth)
+    end
+
+    it "should create user if single_sing_on"do
+      Gitlab.config.omniauth['allow_single_sign_on'] = true
+      User.stub find_by_provider_and_extern_uid: nil
+      gl_auth.should_receive :create_from_omniauth
+      gl_auth.find_or_new_for_omniauth(@auth)
+    end
+  end
+end