4 files changed, 12 insertions, 7 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
index bd4b310fcbf..58d0506c07d 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -42,10 +42,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
 
   def handle_omniauth
     if current_user
-      # Change a logged-in user's authentication method:
-      current_user.extern_uid = oauth['uid']
-      current_user.provider = oauth['provider']
-      current_user.save
+      # Add new authentication method
+      current_user.identities.find_or_create_by(extern_uid: oauth['uid'], provider: oauth['provider'])
       redirect_to profile_path
     else
       @user = Gitlab::OAuth::User.new(oauth)
@@ -53,6 +51,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
 
       # Only allow properly saved users to login.
       if @user.persisted? && @user.valid?
+        # binding.pry
         sign_in_and_redirect(@user.gl_user)
       else
         error_message =
diff --git a/app/helpers/profile_helper.rb b/app/helpers/profile_helper.rb
index 0b375558305..816074e0247 100644
--- a/app/helpers/profile_helper.rb
+++ b/app/helpers/profile_helper.rb
@@ -1,6 +1,6 @@
 module ProfileHelper
   def oauth_active_class(provider)
-    if current_user.provider == provider.to_s
+    if current_user.identities.exists?(provider: provider.to_s)
       'active'
     end
   end
diff --git a/app/models/identity.rb b/app/models/identity.rb
new file mode 100644
index 00000000000..e6af93bcc50
--- /dev/null
+++ b/app/models/identity.rb
@@ -0,0 +1,7 @@
+class Identity < ActiveRecord::Base
+  belongs_to :user
+
+  validates :extern_uid, allow_blank: true, uniqueness: {scope: :provider}
+
+  scope :ldap, -> { where('provider LIKE ?', 'ldap%') }
+end
+\ No newline at end of file
diff --git a/app/models/user.rb b/app/models/user.rb
index 1cddd85ada0..0cf0946593c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -79,6 +79,7 @@ class User < ActiveRecord::Base
   # Profile
   has_many :keys, dependent: :destroy
   has_many :emails, dependent: :destroy
+  has_many :identities, dependent: :destroy
 
   # Groups
   has_many :members, dependent: :destroy
@@ -113,7 +114,6 @@ class User < ActiveRecord::Base
   validates :name, presence: true
   validates :email, presence: true, email: {strict_mode: true}, uniqueness: true
   validates :bio, length: { maximum: 255 }, allow_blank: true
-  validates :extern_uid, allow_blank: true, uniqueness: {scope: :provider}
   validates :projects_limit, presence: true, numericality: {greater_than_or_equal_to: 0}
   validates :username, presence: true, uniqueness: { case_sensitive: false },
             exclusion: { in: Gitlab::Blacklist.path },
@@ -178,7 +178,6 @@ class User < ActiveRecord::Base
   scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) }
   scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all }
   scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') }
-  scope :ldap, -> { where('provider LIKE ?', 'ldap%') }
   scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active  }
 
   #