Merge branch 'user-ldap-email' into 'master'

Allow LDAP users to change their email if it was not set by the LDAP server Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/3054 See merge request !2502
author: Robert Speicher <robert@gitlab.com> 2016-01-19 22:15:23 +0300
committer: Robert Speicher <robert@gitlab.com> 2016-01-19 22:15:23 +0300
commit: b9fca47854dd92415e2d4d3b68e2e967fee2d67b (patch)
tree: efb3672cf53834d5fa71d44d3ac72edf4846466f /lib
parent: 20cc4bc47533f34b62b7c8283e8de4eee8c5b852 (diff)
parent: 4f44455626a567c939bf6f84684e8879ce2db829 (diff)
3 files changed, 29 insertions, 22 deletions
diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb
index aef08c97d1d..e044f0ecc6d 100644
--- a/lib/gitlab/ldap/user.rb
+++ b/lib/gitlab/ldap/user.rb
@@ -30,28 +30,31 @@ module Gitlab
       end
 
       def find_by_uid_and_provider
-        self.class.find_by_uid_and_provider(
-          auth_hash.uid, auth_hash.provider)
+        self.class.find_by_uid_and_provider(auth_hash.uid, auth_hash.provider)
       end
 
       def find_by_email
-        ::User.find_by(email: auth_hash.email.downcase)
+        ::User.find_by(email: auth_hash.email.downcase) if auth_hash.has_email?
       end
 
       def update_user_attributes
-        return unless persisted?
+        if persisted?
+          if auth_hash.has_email?
+            gl_user.skip_reconfirmation!
+            gl_user.email = auth_hash.email
+          end
 
-        gl_user.skip_reconfirmation!
-        gl_user.email = auth_hash.email
+          # find_or_initialize_by doesn't update `gl_user.identities`, and isn't autosaved.
+          identity = gl_user.identities.find { |identity|  identity.provider == auth_hash.provider }
+          identity ||= gl_user.identities.build(provider: auth_hash.provider)
 
-        # find_or_initialize_by doesn't update `gl_user.identities`, and isn't autosaved.
-        identity = gl_user.identities.find { |identity|  identity.provider == auth_hash.provider }
-        identity ||= gl_user.identities.build(provider: auth_hash.provider)
+          # For a new identity set extern_uid to the LDAP DN
+          # For an existing identity with matching email but changed DN, update the DN.
+          # For an existing identity with no change in DN, this line changes nothing.
+          identity.extern_uid = auth_hash.uid
+        end
 
-        # For a new user set extern_uid to the LDAP DN
-        # For an existing user with matching email but changed DN, update the DN.
-        # For an existing user with no change in DN, this line changes nothing.
-        identity.extern_uid = auth_hash.uid
+        gl_user.ldap_email = auth_hash.has_email?
 
         gl_user
       end
diff --git a/lib/gitlab/o_auth/auth_hash.rb b/lib/gitlab/o_auth/auth_hash.rb
index ba31599432b..36e5c2670bb 100644
--- a/lib/gitlab/o_auth/auth_hash.rb
+++ b/lib/gitlab/o_auth/auth_hash.rb
@@ -32,6 +32,10 @@ module Gitlab
         @password ||= Gitlab::Utils.force_utf8(Devise.friendly_token[0, 8].downcase)
       end
 
+      def has_email?
+        get_info(:email).present?
+      end
+
       private
 
       def info
@@ -46,8 +50,8 @@ module Gitlab
 
       def username_and_email
         @username_and_email ||= begin
-          username  = get_info(:username) || get_info(:nickname)
-          email     = get_info(:email)
+          username  = get_info(:username).presence || get_info(:nickname).presence
+          email     = get_info(:email).presence
 
           username ||= generate_username(email)             if email
           email    ||= generate_temporarily_email(username) if username
diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb
index e3d2cc65a8f..d87a72f7ba3 100644
--- a/lib/gitlab/o_auth/user.rb
+++ b/lib/gitlab/o_auth/user.rb
@@ -111,7 +111,7 @@ module Gitlab
       def block_after_signup?
         if creating_linked_ldap_user?
           ldap_config.block_auto_created_users
-        else 
+        else
           Gitlab.config.omniauth.block_auto_created_users
         end
       end
@@ -135,16 +135,16 @@ module Gitlab
       def user_attributes
         # Give preference to LDAP for sensitive information when creating a linked account
         if creating_linked_ldap_user?
-          username = ldap_person.username
-          email = ldap_person.email.first
-        else
-          username = auth_hash.username
-          email = auth_hash.email
+          username = ldap_person.username.presence
+          email = ldap_person.email.first.presence
         end
 
+        username ||= auth_hash.username
+        email ||= auth_hash.email
+
         name = auth_hash.name
         name = ::Namespace.clean_path(username) if name.strip.empty?
-        
+
         {
           name:                       name,
           username:                   ::Namespace.clean_path(username),
author	Robert Speicher <robert@gitlab.com>	2016-01-19 22:15:23 +0300
committer	Robert Speicher <robert@gitlab.com>	2016-01-19 22:15:23 +0300
commit	b9fca47854dd92415e2d4d3b68e2e967fee2d67b (patch)
tree	efb3672cf53834d5fa71d44d3ac72edf4846466f /lib
parent	20cc4bc47533f34b62b7c8283e8de4eee8c5b852 (diff)
parent	4f44455626a567c939bf6f84684e8879ce2db829 (diff)