Refactor OAuth refactorings to CE

1 files changed, 41 insertions, 34 deletions

diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb
index 25b5a702f9a..006ef170726 100644
--- a/lib/gitlab/ldap/user.rb
+++ b/lib/gitlab/ldap/user.rb
@@ -10,22 +10,6 @@ module Gitlab
   module LDAP
     class User < Gitlab::OAuth::User
       class << self
-        def find_or_create(auth_hash)
-          self.auth_hash = auth_hash
-          find(auth_hash) || find_and_connect_by_email(auth_hash) || create(auth_hash)
-        end
-
-        def find_and_connect_by_email(auth_hash)
-          self.auth_hash = auth_hash
-          user = model.find_by(email: self.auth_hash.email)
-
-          if user
-            user.update_attributes(extern_uid: auth_hash.uid, provider: auth_hash.provider)
-            Gitlab::AppLogger.info("(LDAP) Updating legacy LDAP user #{self.auth_hash.email} with extern_uid => #{auth_hash.uid}")
-            return user
-          end
-        end
-
         def authenticate(login, password)
           # Check user against LDAP backend if user is not authenticated
           # Only check with valid login and password to prevent anonymous bind results
@@ -44,10 +28,18 @@ module Gitlab
           @adapter ||= OmniAuth::LDAP::Adaptor.new(ldap_conf)
         end
 
-        protected
+        def user_filter(login)
+          filter = Net::LDAP::Filter.eq(adapter.uid, login)
+          # Apply LDAP user filter if present
+          if ldap_conf['user_filter'].present?
+            user_filter = Net::LDAP::Filter.construct(ldap_conf['user_filter'])
+            filter = Net::LDAP::Filter.join(filter, user_filter)
+          end
+          filter
+        end
 
-        def find_by_uid_and_provider
-          find_by_uid(auth_hash.uid)
+        def ldap_conf
+          Gitlab.config.ldap
         end
 
         def find_by_uid(uid)
@@ -58,24 +50,39 @@ module Gitlab
         def provider
           'ldap'
         end
+      end
 
-        def raise_error(message)
-          raise OmniAuth::Error, "(LDAP) " + message
-        end
+      def initialize(auth_hash)
+        super
+        update_user_attributes
+      end
 
-        def ldap_conf
-          Gitlab.config.ldap
-        end
+      # instance methods
+      def gl_user
+        @gl_user ||= find_by_uid_and_provider || find_by_email || build_new_user
+      end
 
-        def user_filter(login)
-          filter = Net::LDAP::Filter.eq(adapter.uid, login)
-          # Apply LDAP user filter if present
-          if ldap_conf['user_filter'].present?
-            user_filter = Net::LDAP::Filter.construct(ldap_conf['user_filter'])
-            filter = Net::LDAP::Filter.join(filter, user_filter)
-          end
-          filter
-        end
+      def find_by_uid_and_provider
+        # LDAP distinguished name is case-insensitive
+        model.
+          where(provider: auth_hash.provider).
+          where('lower(extern_uid) = ?', auth_hash.uid.downcase).last
+      end
+
+      def find_by_email
+        model.find_by(email: auth_hash.email)
+      end
+
+      def update_user_attributes
+        gl_user.attributes = {
+          extern_uid: auth_hash.uid,
+          provider: auth_hash.provider,
+          email: auth_hash.email
+        }
+      end
+
+      def changed?
+        gl_user.changed?
       end
 
       def needs_blocking?