diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-06-09 13:48:31 +0300 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2016-06-09 13:48:31 +0300 |
| commit | 30ee4ea6659c91ac6a249d700a9fcdd266676942 (patch) | |
| tree | d8f75d19b9bff13fd93d8fe38ce4373404d7b331 /spec/lib | |
| parent | 1e4db9ed0f538d17e876ec36b538f05a31989cc0 (diff) | |
| parent | 9282810fb7b6102657a0ddb2a02f71b6da22067f (diff) | |
Merge branch 'saml-ldap-link-flow' into 'master'
Adjust the SAML control flow to allow LDAP identities to be added to an existing SAML user.
## What does this MR do?
It correctly lets an existing SAML user to add their LDAP identity automatically at login.
## Why was this MR needed?
A customer had issues with the `auto_link_ldap_user` feature. The flow was not working if there was an account with a SAML identity, but no LDAP identity. GitLab would pick up the correct LDAP person, but due to the order of the flow, that LDAP person was never associated with the user.
## What are the relevant issue numbers?
Fixes #17346
/cc @dblessing @balameb @stanhu
See merge request !4498
Diffstat (limited to 'spec/lib')
| -rw-r--r-- | spec/lib/gitlab/saml/user_spec.rb | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/spec/lib/gitlab/saml/user_spec.rb b/spec/lib/gitlab/saml/user_spec.rb index c2a51d9249c..84c21ceefd9 100644 --- a/spec/lib/gitlab/saml/user_spec.rb +++ b/spec/lib/gitlab/saml/user_spec.rb @@ -145,6 +145,7 @@ describe Gitlab::Saml::User, lib: true do allow(ldap_user).to receive(:email) { %w(john@mail.com john2@example.com) } allow(ldap_user).to receive(:dn) { 'uid=user1,ou=People,dc=example' } allow(Gitlab::LDAP::Person).to receive(:find_by_uid).and_return(ldap_user) + allow(Gitlab::LDAP::Person).to receive(:find_by_dn).and_return(ldap_user) end context 'and no account for the LDAP user' do @@ -177,6 +178,23 @@ describe Gitlab::Saml::User, lib: true do ]) end end + + context 'user has SAML user, and wants to add their LDAP identity' do + it 'adds the LDAP identity to the existing SAML user' do + create(:omniauth_user, email: 'john@mail.com', extern_uid: 'uid=user1,ou=People,dc=example', provider: 'saml', username: 'john') + local_hash = OmniAuth::AuthHash.new(uid: 'uid=user1,ou=People,dc=example', provider: provider, info: info_hash) + local_saml_user = described_class.new(local_hash) + local_saml_user.save + local_gl_user = local_saml_user.gl_user + + expect(local_gl_user).to be_valid + expect(local_gl_user.identities.length).to eql 2 + identities_as_hash = local_gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } } + expect(identities_as_hash).to match_array([ { provider: 'ldapmain', extern_uid: 'uid=user1,ou=People,dc=example' }, + { provider: 'saml', extern_uid: 'uid=user1,ou=People,dc=example' } + ]) + end + end end end end |