Add latest changes from gitlab-org/gitlab@13-3-stable-ee

4 files changed, 20 insertions, 4 deletions

diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb
index bd5aed0d964..f3d0c053880 100644
--- a/lib/gitlab/auth/auth_finders.rb
+++ b/lib/gitlab/auth/auth_finders.rb
@@ -20,6 +20,7 @@ module Gitlab
     module AuthFinders
       include Gitlab::Utils::StrongMemoize
       include ActionController::HttpAuthentication::Basic
+      include ActionController::HttpAuthentication::Token
 
       PRIVATE_TOKEN_HEADER = 'HTTP_PRIVATE_TOKEN'
       PRIVATE_TOKEN_PARAM = :private_token
@@ -81,7 +82,7 @@ module Gitlab
 
         login, password = user_name_and_password(current_request)
         return unless login.present? && password.present?
-        return unless ::Ci::Build::CI_REGISTRY_USER == login
+        return unless ::Gitlab::Auth::CI_JOB_USER == login
 
         job = ::Ci::Build.find_by_token(password)
         raise UnauthorizedError unless job
@@ -131,6 +132,15 @@ module Gitlab
         deploy_token
       end
 
+      def cluster_agent_token_from_authorization_token
+        return unless route_authentication_setting[:cluster_agent_token_allowed]
+        return unless current_request.authorization.present?
+
+        authorization_token, _options = token_and_options(current_request)
+
+        ::Clusters::AgentToken.find_by_token(authorization_token)
+      end
+
       def find_runner_from_token
         return unless api_request?
 
diff --git a/lib/gitlab/auth/ldap/adapter.rb b/lib/gitlab/auth/ldap/adapter.rb
index f64fcd822c6..4f448211abf 100644
--- a/lib/gitlab/auth/ldap/adapter.rb
+++ b/lib/gitlab/auth/ldap/adapter.rb
@@ -54,7 +54,7 @@ module Gitlab
             if results.nil?
               response = ldap.get_operation_result
 
-              unless response.code.zero?
+              unless response.code == 0
                 Rails.logger.warn("LDAP search error: #{response.message}") # rubocop:disable Gitlab/RailsLogger
               end
 
diff --git a/lib/gitlab/auth/ldap/person.rb b/lib/gitlab/auth/ldap/person.rb
index b3321c0b1fb..8c5000147c4 100644
--- a/lib/gitlab/auth/ldap/person.rb
+++ b/lib/gitlab/auth/ldap/person.rb
@@ -11,7 +11,7 @@ module Gitlab
 
         InvalidEntryError = Class.new(StandardError)
 
-        attr_accessor :entry, :provider
+        attr_accessor :provider
 
         def self.find_by_uid(uid, adapter)
           uid = Net::LDAP::Filter.escape(uid)
diff --git a/lib/gitlab/auth/o_auth/user.rb b/lib/gitlab/auth/o_auth/user.rb
index 8a60d6ef482..086f4a2e91c 100644
--- a/lib/gitlab/auth/o_auth/user.rb
+++ b/lib/gitlab/auth/o_auth/user.rb
@@ -12,7 +12,7 @@ module Gitlab
         SignupDisabledError = Class.new(StandardError)
         SigninDisabledForProviderError = Class.new(StandardError)
 
-        attr_accessor :auth_hash, :gl_user
+        attr_reader :auth_hash
 
         def initialize(auth_hash)
           self.auth_hash = auth_hash
@@ -62,6 +62,7 @@ module Gitlab
         def find_user
           user = find_by_uid_and_provider
 
+          user ||= find_by_email if auto_link_user?
           user ||= find_or_build_ldap_user if auto_link_ldap_user?
           user ||= build_new_user if signup_enabled?
 
@@ -150,6 +151,7 @@ module Gitlab
         def find_ldap_person(auth_hash, adapter)
           Gitlab::Auth::Ldap::Person.find_by_uid(auth_hash.uid, adapter) ||
             Gitlab::Auth::Ldap::Person.find_by_email(auth_hash.uid, adapter) ||
+            Gitlab::Auth::Ldap::Person.find_by_email(auth_hash.email, adapter) ||
             Gitlab::Auth::Ldap::Person.find_by_dn(auth_hash.uid, adapter)
         rescue Gitlab::Auth::Ldap::LdapConnectionError
           nil
@@ -269,6 +271,10 @@ module Gitlab
                                 .disabled_oauth_sign_in_sources
                                 .include?(auth_hash.provider)
         end
+
+        def auto_link_user?
+          Gitlab.config.omniauth.auto_link_user
+        end
       end
     end
   end