Allow LDAP users to change their email if it was not set by the LDAP server

author: Douwe Maan <douwe@gitlab.com> 2016-01-19 16:25:38 +0100
committer: Douwe Maan <douwe@gitlab.com> 2016-01-19 16:25:38 +0100
commit: 98e1a5b63424b6912de98ee5055d3f9e57e63899 (patch)
tree: 773952fd630e222ec72d368f53e4a238d3d6c839 /lib
parent: 425f8d6f572a3ae47c971a48bfefc9907c7bda55 (diff)
download: gitlab-ce-98e1a5b63424b6912de98ee5055d3f9e57e63899.tar.gz
3 files changed, 29 insertions, 22 deletions
diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb
index aef08c97d1d..e044f0ecc6d 100644
--- a/lib/gitlab/ldap/user.rb
+++ b/lib/gitlab/ldap/user.rb
@@ -30,28 +30,31 @@ module Gitlab
       end
 
       def find_by_uid_and_provider
-        self.class.find_by_uid_and_provider(
-          auth_hash.uid, auth_hash.provider)
+        self.class.find_by_uid_and_provider(auth_hash.uid, auth_hash.provider)
       end
 
       def find_by_email
-        ::User.find_by(email: auth_hash.email.downcase)
+        ::User.find_by(email: auth_hash.email.downcase) if auth_hash.has_email?
       end
 
       def update_user_attributes
-        return unless persisted?
+        if persisted?
+          if auth_hash.has_email?
+            gl_user.skip_reconfirmation!
+            gl_user.email = auth_hash.email
+          end
 
-        gl_user.skip_reconfirmation!
-        gl_user.email = auth_hash.email
+          # find_or_initialize_by doesn't update `gl_user.identities`, and isn't autosaved.
+          identity = gl_user.identities.find { |identity|  identity.provider == auth_hash.provider }
+          identity ||= gl_user.identities.build(provider: auth_hash.provider)
 
-        # find_or_initialize_by doesn't update `gl_user.identities`, and isn't autosaved.
-        identity = gl_user.identities.find { |identity|  identity.provider == auth_hash.provider }
-        identity ||= gl_user.identities.build(provider: auth_hash.provider)
+          # For a new identity set extern_uid to the LDAP DN
+          # For an existing identity with matching email but changed DN, update the DN.
+          # For an existing identity with no change in DN, this line changes nothing.
+          identity.extern_uid = auth_hash.uid
+        end
 
-        # For a new user set extern_uid to the LDAP DN
-        # For an existing user with matching email but changed DN, update the DN.
-        # For an existing user with no change in DN, this line changes nothing.
-        identity.extern_uid = auth_hash.uid
+        gl_user.ldap_email = auth_hash.has_email?
 
         gl_user
       end
diff --git a/lib/gitlab/o_auth/auth_hash.rb b/lib/gitlab/o_auth/auth_hash.rb
index ba31599432b..36e5c2670bb 100644
--- a/lib/gitlab/o_auth/auth_hash.rb
+++ b/lib/gitlab/o_auth/auth_hash.rb
@@ -32,6 +32,10 @@ module Gitlab
         @password ||= Gitlab::Utils.force_utf8(Devise.friendly_token[0, 8].downcase)
       end
 
+      def has_email?
+        get_info(:email).present?
+      end
+
       private
 
       def info
@@ -46,8 +50,8 @@ module Gitlab
 
       def username_and_email
         @username_and_email ||= begin
-          username  = get_info(:username) || get_info(:nickname)
-          email     = get_info(:email)
+          username  = get_info(:username).presence || get_info(:nickname).presence
+          email     = get_info(:email).presence
 
           username ||= generate_username(email)             if email
           email    ||= generate_temporarily_email(username) if username
diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb
index e3d2cc65a8f..d87a72f7ba3 100644
--- a/lib/gitlab/o_auth/user.rb
+++ b/lib/gitlab/o_auth/user.rb
@@ -111,7 +111,7 @@ module Gitlab
       def block_after_signup?
         if creating_linked_ldap_user?
           ldap_config.block_auto_created_users
-        else 
+        else
           Gitlab.config.omniauth.block_auto_created_users
         end
       end
@@ -135,16 +135,16 @@ module Gitlab
       def user_attributes
         # Give preference to LDAP for sensitive information when creating a linked account
         if creating_linked_ldap_user?
-          username = ldap_person.username
-          email = ldap_person.email.first
-        else
-          username = auth_hash.username
-          email = auth_hash.email
+          username = ldap_person.username.presence
+          email = ldap_person.email.first.presence
         end
 
+        username ||= auth_hash.username
+        email ||= auth_hash.email
+
         name = auth_hash.name
         name = ::Namespace.clean_path(username) if name.strip.empty?
-        
+
         {
           name:                       name,
           username:                   ::Namespace.clean_path(username),
author	Douwe Maan <douwe@gitlab.com>	2016-01-19 16:25:38 +0100
committer	Douwe Maan <douwe@gitlab.com>	2016-01-19 16:25:38 +0100
commit	98e1a5b63424b6912de98ee5055d3f9e57e63899 (patch)
tree	773952fd630e222ec72d368f53e4a238d3d6c839 /lib
parent	425f8d6f572a3ae47c971a48bfefc9907c7bda55 (diff)
download	gitlab-ce-98e1a5b63424b6912de98ee5055d3f9e57e63899.tar.gz