diff options
| author | Douwe Maan <douwe@gitlab.com> | 2015-05-12 11:21:56 +0200 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-05-12 11:26:43 +0200 |
| commit | 125cb9b866b66a4ae21a3fec8ae5ad6e1b3ae4ec (patch) | |
| tree | ca2371ba805ccaea0410a302b831ef42be72716a | |
| parent | f84e78f3d750776793371940803b7ff781050f09 (diff) | |
| download | gitlab-ce-ad-block_auto_created_users.tar.gz | |
Don't accidentally unblock auto created users from Active Directory.ad-block_auto_created_users
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | lib/gitlab/ldap/access.rb | 2 | ||||
| -rw-r--r-- | spec/lib/gitlab/ldap/access_spec.rb | 27 |
3 files changed, 25 insertions, 5 deletions
diff --git a/CHANGELOG b/CHANGELOG index 8a98da1a524..3e41526181e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -52,6 +52,7 @@ v 7.11.0 (unreleased) - Add current_sign_in_at to UserFull REST api. - Make Sidekiq MemoryKiller shutdown signal configurable - Add "Create Merge Request" buttons to commits and branches pages and push event. + - Fix automatic blocking of auto-created users from Active Directory. v 7.10.2 - Fix CI links on MR page diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb index 960fb3849b4..16ff03c38d4 100644 --- a/lib/gitlab/ldap/access.rb +++ b/lib/gitlab/ldap/access.rb @@ -40,7 +40,7 @@ module Gitlab user.block unless user.blocked? false else - user.activate if user.blocked? + user.activate if user.blocked? && !ldap_config.block_auto_created_users true end else diff --git a/spec/lib/gitlab/ldap/access_spec.rb b/spec/lib/gitlab/ldap/access_spec.rb index 707a0521ab3..2189e313d6a 100644 --- a/spec/lib/gitlab/ldap/access_spec.rb +++ b/spec/lib/gitlab/ldap/access_spec.rb @@ -16,7 +16,7 @@ describe Gitlab::LDAP::Access do context 'when the user is found' do before { Gitlab::LDAP::Person.stub(find_by_dn: :ldap_user) } - context 'and the user is diabled via active directory' do + context 'and the user is disabled via active directory' do before { Gitlab::LDAP::Person.stub(disabled_via_active_directory?: true) } it { is_expected.to be_falsey } @@ -36,9 +36,28 @@ describe Gitlab::LDAP::Access do it { is_expected.to be_truthy } - it "should unblock user in GitLab" do - access.allowed? - user.should_not be_blocked + context 'when auto-created users are blocked' do + + before do + Gitlab::LDAP::Config.any_instance.stub(block_auto_created_users: true) + end + + it "does not unblock user in GitLab" do + access.allowed? + user.should be_blocked + end + end + + context "when auto-created users are not blocked" do + + before do + Gitlab::LDAP::Config.any_instance.stub(block_auto_created_users: false) + end + + it "should unblock user in GitLab" do + access.allowed? + user.should_not be_blocked + end end end |