5 files changed, 38 insertions, 6 deletions

diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb
index a715f17ecd6..25465e73b95 100644
--- a/lib/gitlab/auth/auth_finders.rb
+++ b/lib/gitlab/auth/auth_finders.rb
@@ -32,6 +32,17 @@ module Gitlab
       RUNNER_JOB_TOKEN_PARAM = :token
       PATH_DEPENDENT_FEED_TOKEN_REGEX = /\A#{User::FEED_TOKEN_PREFIX}(\h{64})-(\d+)\z/
 
+      PARAM_TOKEN_KEYS = [
+        PRIVATE_TOKEN_PARAM,
+        JOB_TOKEN_PARAM,
+        RUNNER_JOB_TOKEN_PARAM
+      ].map(&:to_s).freeze
+      HEADER_TOKEN_KEYS = [
+        PRIVATE_TOKEN_HEADER,
+        JOB_TOKEN_HEADER,
+        DEPLOY_TOKEN_HEADER
+      ].freeze
+
       # Check the Rails session for valid authentication details
       def find_user_from_warden
         current_request.env['warden']&.authenticate if verified_request?
@@ -204,6 +215,12 @@ module Gitlab
         end
       end
 
+      def authentication_token_present?
+        PARAM_TOKEN_KEYS.intersection(current_request.params.keys).any? ||
+          HEADER_TOKEN_KEYS.intersection(current_request.env.keys).any? ||
+          parsed_oauth_token.present?
+      end
+
       private
 
       def find_user_from_job_bearer_token
diff --git a/lib/gitlab/auth/ldap/auth_hash.rb b/lib/gitlab/auth/ldap/auth_hash.rb
index 5435355f136..6d1d1519fc2 100644
--- a/lib/gitlab/auth/ldap/auth_hash.rb
+++ b/lib/gitlab/auth/ldap/auth_hash.rb
@@ -6,6 +6,8 @@ module Gitlab
   module Auth
     module Ldap
       class AuthHash < Gitlab::Auth::OAuth::AuthHash
+        extend ::Gitlab::Utils::Override
+
         def uid
           @uid ||= Gitlab::Auth::Ldap::Person.normalize_dn(super)
         end
@@ -44,6 +46,12 @@ module Gitlab
         def ldap_config
           @ldap_config ||= Gitlab::Auth::Ldap::Config.new(self.provider)
         end
+
+        # Overrding this method as LDAP allows email as the username !
+        override :get_username
+        def get_username
+          username_claims.map { |claim| get_from_auth_hash_or_info(claim) }.find(&:presence)
+        end
       end
     end
   end
diff --git a/lib/gitlab/auth/ldap/config.rb b/lib/gitlab/auth/ldap/config.rb
index ed7caf84558..15e8cb04ea4 100644
--- a/lib/gitlab/auth/ldap/config.rb
+++ b/lib/gitlab/auth/ldap/config.rb
@@ -94,7 +94,7 @@ module Gitlab
         def omniauth_options
           opts = base_options.merge(
             base: base,
-            encryption: options['encryption'],
+            encryption: encryption,
             filter: omniauth_user_filter,
             name_proc: name_proc,
             disable_verify_certificates: !options['verify_certificates'],
@@ -188,6 +188,10 @@ module Gitlab
           options['sync_name']
         end
 
+        def encryption
+          options['encryption'] || 'plain'
+        end
+
         def name_proc
           if allow_username_or_email_login
             proc { |name| name.gsub(/@.*\z/, '') }
@@ -235,7 +239,7 @@ module Gitlab
         end
 
         def translate_method
-          NET_LDAP_ENCRYPTION_METHOD[options['encryption']&.to_sym]
+          NET_LDAP_ENCRYPTION_METHOD[encryption.to_sym]
         end
 
         def tls_options
diff --git a/lib/gitlab/auth/o_auth/auth_hash.rb b/lib/gitlab/auth/o_auth/auth_hash.rb
index cce08750296..c2b49c1c068 100644
--- a/lib/gitlab/auth/o_auth/auth_hash.rb
+++ b/lib/gitlab/auth/o_auth/auth_hash.rb
@@ -68,7 +68,7 @@ module Gitlab
         end
 
         def provider_config
-          Gitlab::Auth::OAuth::Provider.config_for(@provider) || {}
+          Gitlab::Auth::OAuth::Provider.config_for(provider) || {}
         end
 
         def provider_args
@@ -96,7 +96,10 @@ module Gitlab
         end
 
         def get_username
-          username_claims.map { |claim| get_from_auth_hash_or_info(claim) }.find { |name| name.presence }
+          username_claims.map { |claim| get_from_auth_hash_or_info(claim) }
+            .find { |name| name.presence }
+            &.split("@")
+            &.first
         end
 
         def username_and_email
diff --git a/lib/gitlab/auth/o_auth/user.rb b/lib/gitlab/auth/o_auth/user.rb
index 3981594478d..d70c788dac8 100644
--- a/lib/gitlab/auth/o_auth/user.rb
+++ b/lib/gitlab/auth/o_auth/user.rb
@@ -225,7 +225,7 @@ module Gitlab
           if creating_linked_ldap_user?
             username = ldap_person.username.presence
             name = ldap_person.name.presence
-            email = ldap_person.email.first.presence
+            email = ldap_person.email&.first.presence
           end
 
           username ||= auth_hash.username
@@ -272,7 +272,7 @@ module Gitlab
 
           if creating_linked_ldap_user?
             metadata.set_attribute_synced(:name, true) if gl_user.name == ldap_person.name
-            metadata.set_attribute_synced(:email, true) if gl_user.email == ldap_person.email.first
+            metadata.set_attribute_synced(:email, true) if gl_user.email == ldap_person.email&.first
             metadata.provider = ldap_person.provider
           end
         end