diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-05-12 13:28:33 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-05-12 13:28:33 +0000 |
| commit | 8b9e3af8bf7a6089a11ef3f5eb91dfef4940a3f4 (patch) | |
| tree | 8d7ee3bb08376dcfcbbdb38a886720af47224522 | |
| parent | 0bac9d0135a7b925382e9beb2968059978a284af (diff) | |
| parent | 125cb9b866b66a4ae21a3fec8ae5ad6e1b3ae4ec (diff) | |
| download | gitlab-ce-8b9e3af8bf7a6089a11ef3f5eb91dfef4940a3f4.tar.gz | |
Merge branch 'ad-block_auto_created_users' into 'master'
Don't accidentally unblock auto created users from Active Directory.
Fixes #1581.
See merge request !638
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | lib/gitlab/ldap/access.rb | 2 | ||||
| -rw-r--r-- | spec/lib/gitlab/ldap/access_spec.rb | 27 |
3 files changed, 25 insertions, 5 deletions
diff --git a/CHANGELOG b/CHANGELOG index 7330f23501c..d9c8d38991d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -54,6 +54,7 @@ v 7.11.0 (unreleased) - Make Sidekiq MemoryKiller shutdown signal configurable - Add "Create Merge Request" buttons to commits and branches pages and push event. - Show user roles by comments. + - Fix automatic blocking of auto-created users from Active Directory. v 7.10.2 - Fix CI links on MR page diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb index 960fb3849b4..16ff03c38d4 100644 --- a/lib/gitlab/ldap/access.rb +++ b/lib/gitlab/ldap/access.rb @@ -40,7 +40,7 @@ module Gitlab user.block unless user.blocked? false else - user.activate if user.blocked? + user.activate if user.blocked? && !ldap_config.block_auto_created_users true end else diff --git a/spec/lib/gitlab/ldap/access_spec.rb b/spec/lib/gitlab/ldap/access_spec.rb index 707a0521ab3..2189e313d6a 100644 --- a/spec/lib/gitlab/ldap/access_spec.rb +++ b/spec/lib/gitlab/ldap/access_spec.rb @@ -16,7 +16,7 @@ describe Gitlab::LDAP::Access do context 'when the user is found' do before { Gitlab::LDAP::Person.stub(find_by_dn: :ldap_user) } - context 'and the user is diabled via active directory' do + context 'and the user is disabled via active directory' do before { Gitlab::LDAP::Person.stub(disabled_via_active_directory?: true) } it { is_expected.to be_falsey } @@ -36,9 +36,28 @@ describe Gitlab::LDAP::Access do it { is_expected.to be_truthy } - it "should unblock user in GitLab" do - access.allowed? - user.should_not be_blocked + context 'when auto-created users are blocked' do + + before do + Gitlab::LDAP::Config.any_instance.stub(block_auto_created_users: true) + end + + it "does not unblock user in GitLab" do + access.allowed? + user.should be_blocked + end + end + + context "when auto-created users are not blocked" do + + before do + Gitlab::LDAP::Config.any_instance.stub(block_auto_created_users: false) + end + + it "should unblock user in GitLab" do + access.allowed? + user.should_not be_blocked + end end end |