diff options
| author | Robert Speicher <robert@gitlab.com> | 2016-09-09 18:59:33 +0000 |
|---|---|---|
| committer | Robert Speicher <robert@gitlab.com> | 2016-09-09 18:59:33 +0000 |
| commit | 0b2a34108d3189aff9a15f30006c270fb84be00e (patch) | |
| tree | 9f3f644a0c4856d4f564849291d19868268b7702 /spec/support | |
| parent | 516100c55b589e69198feca602a2f71e4e66e280 (diff) | |
| parent | bf8a48e179119830f83f3b358f66f8a95af17963 (diff) | |
| download | gitlab-ce-0b2a34108d3189aff9a15f30006c270fb84be00e.tar.gz | |
Merge branch 'restrict_ldap_return_attributes' into 'master'
Restrict ldap return attributes
## What does this MR do?
Fixes the CE part of #13821. We really only ever need uid, dn, cn, and mail attributes, and in some cases, even less. This merge request strips the request down to those four attributes by default, and allows the caller to specify others, if needed.
## Why was this MR needed?
This will improve performance especially in cases where the connection is slow between GitLab and LDAP, or when the LDAP object has lots of attributes we don't care about.
See merge request !6187
Diffstat (limited to 'spec/support')
| -rw-r--r-- | spec/support/ldap_helpers.rb | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/spec/support/ldap_helpers.rb b/spec/support/ldap_helpers.rb new file mode 100644 index 00000000000..079f244475c --- /dev/null +++ b/spec/support/ldap_helpers.rb @@ -0,0 +1,47 @@ +module LdapHelpers + def ldap_adapter(provider = 'ldapmain', ldap = double(:ldap)) + ::Gitlab::LDAP::Adapter.new(provider, ldap) + end + + def user_dn(uid) + "uid=#{uid},ou=users,dc=example,dc=com" + end + + # Accepts a hash of Gitlab::LDAP::Config keys and values. + # + # Example: + # stub_ldap_config( + # group_base: 'ou=groups,dc=example,dc=com', + # admin_group: 'my-admin-group' + # ) + def stub_ldap_config(messages) + messages.each do |config, value| + allow_any_instance_of(::Gitlab::LDAP::Config) + .to receive(config.to_sym).and_return(value) + end + end + + # Stub an LDAP person search and provide the return entry. Specify `nil` for + # `entry` to simulate when an LDAP person is not found + # + # Example: + # adapter = ::Gitlab::LDAP::Adapter.new('ldapmain', double(:ldap)) + # ldap_user_entry = ldap_user_entry('john_doe') + # + # stub_ldap_person_find_by_uid('john_doe', ldap_user_entry, adapter) + def stub_ldap_person_find_by_uid(uid, entry, provider = 'ldapmain') + return_value = ::Gitlab::LDAP::Person.new(entry, provider) if entry.present? + + allow(::Gitlab::LDAP::Person) + .to receive(:find_by_uid).with(uid, any_args).and_return(return_value) + end + + # Create a simple LDAP user entry. + def ldap_user_entry(uid) + entry = Net::LDAP::Entry.new + entry['dn'] = user_dn(uid) + entry['uid'] = uid + + entry + end +end |