Fix failed LDAP logins when nil user_id present

When a LDAP user signs in the for the first time and if there
is an `Identity` object with `user_id` of `nil`, new users
will not be able to be register until that entry is cleared
because of the way identities are created:

1. First, the User object is built but not saved, so it has no `id`.
2. Then, `user.identities.build(provider: 'ldapmain')` is called,
   but it does not have an associated `user_id` as a result.
3. `User#save` is called, but the `Identity` validation fails if an
   existing entry with `user_id` of `nil` already exists.

The uniqueness validation for `nil` values doesn't make any sense in
this case. We should be enforcing this at the database level with a
foreign key constraint. To work around the issue we can validate
against the user instead, which does the right thing even when
the user isn't saved yet.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56734

1 files changed, 1 insertions, 1 deletions

diff --git a/app/models/identity.rb b/app/models/identity.rb
index d63dd432426..acdde4f296b 100644
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@@ -8,7 +8,7 @@ class Identity < ActiveRecord::Base
 
   validates :provider, presence: true
   validates :extern_uid, allow_blank: true, uniqueness: { scope: UniquenessScopes.scopes, case_sensitive: false }
-  validates :user_id, uniqueness: { scope: UniquenessScopes.scopes }
+  validates :user, uniqueness: { scope: UniquenessScopes.scopes }
 
   before_save :ensure_normalized_extern_uid, if: :extern_uid_changed?
   after_destroy :clear_user_synced_attributes, if: :user_synced_attributes_metadata_from_provider?