From 4d2f36118a3b21b6bb4ee702b98d032967ba463a Mon Sep 17 00:00:00 2001
From: Joel Koglin <JoelKoglin@gmail.com>
Date: Tue, 21 Jul 2015 14:03:26 -0700
Subject: Issue #993: Fixed login failure when extern_uid changes

---
 lib/gitlab/ldap/user.rb | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb
index f7f3ba9ad7d..2ffb1241966 100644
--- a/lib/gitlab/ldap/user.rb
+++ b/lib/gitlab/ldap/user.rb
@@ -44,9 +44,13 @@ module Gitlab
         gl_user.skip_reconfirmation!
         gl_user.email = auth_hash.email
 
-        # Build new identity only if we dont have have same one
-        gl_user.identities.find_or_initialize_by(provider: auth_hash.provider,
-                                                 extern_uid: auth_hash.uid)
+        # If we don't have an identity for this provider yet, create one
+        if gl_user.identities.find_by(provider: auth_hash.provider).nil?
+          gl_user.identities.new(extern_uid: auth_hash.uid, provider: auth_hash.provider)
+        else # Update the UID attribute for this provider in case it has changed
+          identity = gl_user.identities.select { |identity|  identity.provider == auth_hash.provider }
+          identity.first.extern_uid = auth_hash.uid
+        end
 
         gl_user
       end
-- 
cgit v1.2.1


From d92f428024b2878682bb23b6b03bc671636b5afe Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Fri, 7 Aug 2015 16:09:48 +0200
Subject: Minor refactor

---
 lib/gitlab/ldap/user.rb | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'lib')

diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb
index 2ffb1241966..04a22237478 100644
--- a/lib/gitlab/ldap/user.rb
+++ b/lib/gitlab/ldap/user.rb
@@ -44,13 +44,14 @@ module Gitlab
         gl_user.skip_reconfirmation!
         gl_user.email = auth_hash.email
 
-        # If we don't have an identity for this provider yet, create one
-        if gl_user.identities.find_by(provider: auth_hash.provider).nil?
-          gl_user.identities.new(extern_uid: auth_hash.uid, provider: auth_hash.provider)
-        else # Update the UID attribute for this provider in case it has changed
-          identity = gl_user.identities.select { |identity|  identity.provider == auth_hash.provider }
-          identity.first.extern_uid = auth_hash.uid
-        end
+        # find_or_initialize_by doesn't update `gl_user.identities`, and isn't autosaved.
+        identity = gl_user.identities.find { |identity|  identity.provider == auth_hash.provider }
+        identity ||= gl_user.identities.build(provider: auth_hash.provider)
+        
+        # For a new user set extern_uid to the LDAP DN
+        # For an existing user with matching email but changed DN, update the DN.
+        # For an existing user with no change in DN, this line changes nothing.
+        identity.extern_uid = auth_hash.uid
 
         gl_user
       end
-- 
cgit v1.2.1