diff options
author | Gabriel Mazetto <gabriel@gitlab.com> | 2016-04-05 16:33:37 -0300 |
---|---|---|
committer | Gabriel Mazetto <gabriel@gitlab.com> | 2016-04-05 16:34:31 -0300 |
commit | 5ee6badade3c453c7090e9c1f1f4d636c5bb068e (patch) | |
tree | 2bdc59fa820512c44eff139c9eabd558c6a8bdd4 | |
parent | 4a01b5e293ccb358d77ac1a25b92d14fd913a4d7 (diff) | |
download | gitlab-ce-patch/fix-ldap-unblock-user-logic.tar.gz |
Unblocks user when active_directory is disabled and it can be foundpatch/fix-ldap-unblock-user-logic
-rw-r--r-- | lib/gitlab/ldap/access.rb | 5 | ||||
-rw-r--r-- | spec/lib/gitlab/ldap/access_spec.rb | 27 |
2 files changed, 30 insertions, 2 deletions
diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb index da4435c7308..f2b649e50a2 100644 --- a/lib/gitlab/ldap/access.rb +++ b/lib/gitlab/ldap/access.rb @@ -33,7 +33,10 @@ module Gitlab def allowed? if ldap_user - return true unless ldap_config.active_directory + unless ldap_config.active_directory + user.activate if user.ldap_blocked? + return true + end # Block user in GitLab if he/she was blocked in AD if Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter) diff --git a/spec/lib/gitlab/ldap/access_spec.rb b/spec/lib/gitlab/ldap/access_spec.rb index 32a19bf344b..f5b66b8156f 100644 --- a/spec/lib/gitlab/ldap/access_spec.rb +++ b/spec/lib/gitlab/ldap/access_spec.rb @@ -33,7 +33,7 @@ describe Gitlab::LDAP::Access, lib: true do it { is_expected.to be_falsey } - it 'should block user in GitLab' do + it 'blocks user in GitLab' do access.allowed? expect(user).to be_blocked expect(user).to be_ldap_blocked @@ -78,6 +78,31 @@ describe Gitlab::LDAP::Access, lib: true do end it { is_expected.to be_truthy } + + context 'when user cannot be found' do + before do + allow(Gitlab::LDAP::Person).to receive(:find_by_dn).and_return(nil) + end + + it { is_expected.to be_falsey } + + it 'blocks user in GitLab' do + access.allowed? + expect(user).to be_blocked + expect(user).to be_ldap_blocked + end + end + + context 'when user was previously ldap_blocked' do + before do + user.ldap_block + end + + it 'unblocks the user if it exists' do + access.allowed? + expect(user).not_to be_blocked + end + end end end end |