Test authenticate method for Gitlab::LDAP::User

author: Jan-Willem van der Meer <mail@jewilmeer.nl> 2014-09-08 14:53:59 +0200
committer: Jan-Willem van der Meer <mail@jewilmeer.nl> 2014-09-08 14:53:59 +0200
commit: 11bb67c3c6d4b90629744f8a011121e35968c58b (patch)
tree: 25c4251a65634cf86539a7bbf07f9bcf54efe6ed
parent: f27830fa4c11548279b5eed68e92b6f352ad4a9f (diff)
download: gitlab-ce-11bb67c3c6d4b90629744f8a011121e35968c58b.tar.gz
2 files changed, 32 insertions, 11 deletions
diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb
index 6d1bec5f54a..e0d718d1065 100644
--- a/lib/gitlab/ldap/user.rb
+++ b/lib/gitlab/ldap/user.rb
@@ -41,17 +41,8 @@ module Gitlab
           # Only check with valid login and password to prevent anonymous bind results
           return nil unless ldap_conf.enabled && login.present? && password.present?
 
-          ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf)
-          filter = Net::LDAP::Filter.eq(ldap.uid, login)
-
-          # Apply LDAP user filter if present
-          if ldap_conf['user_filter'].present?
-            user_filter = Net::LDAP::Filter.construct(ldap_conf['user_filter'])
-            filter = Net::LDAP::Filter.join(filter, user_filter)
-          end
-
-          ldap_user = ldap.bind_as(
-            filter: filter,
+          ldap_user = adapter.bind_as(
+            filter: user_filter(login),
             size: 1,
             password: password
           )
@@ -59,6 +50,10 @@ module Gitlab
           find_by_uid(ldap_user.dn) if ldap_user
         end
 
+        def adapter
+          @adapter ||= OmniAuth::LDAP::Adaptor.new(ldap_conf)
+        end
+
         protected
 
         def find_by_uid_and_provider
@@ -81,6 +76,16 @@ module Gitlab
         def ldap_conf
           Gitlab.config.ldap
         end
+
+        def user_filter(login)
+          filter = Net::LDAP::Filter.eq(adapter.uid, login)
+          # Apply LDAP user filter if present
+          if ldap_conf['user_filter'].present?
+            user_filter = Net::LDAP::Filter.construct(ldap_conf['user_filter'])
+            filter = Net::LDAP::Filter.join(filter, user_filter)
+          end
+          filter
+        end
       end
 
       def needs_blocking?
diff --git a/spec/lib/gitlab/ldap/user_spec.rb b/spec/lib/gitlab/ldap/user_spec.rb
index 4ddf6b3039f..d232cb20759 100644
--- a/spec/lib/gitlab/ldap/user_spec.rb
+++ b/spec/lib/gitlab/ldap/user_spec.rb
@@ -35,4 +35,20 @@ describe Gitlab::LDAP::User do
       expect{ gl_user.find_or_create(auth) }.to change{ User.count }.by(1)
     end
   end
+
+  describe "authenticate" do
+    let(:login) { 'john' }
+    let(:password) { 'my-secret' }
+
+    before {
+      Gitlab.config.ldap['enabled'] = true
+      Gitlab.config.ldap['user_filter'] = 'employeeType=developer'
+    }
+    after  { Gitlab.config.ldap['enabled'] = false }
+
+    it "send an authentication request to ldap" do
+      expect( Gitlab::LDAP::User.adapter ).to receive(:bind_as)
+      Gitlab::LDAP::User.authenticate(login, password)
+    end
+  end
 end
author	Jan-Willem van der Meer <mail@jewilmeer.nl>	2014-09-08 14:53:59 +0200
committer	Jan-Willem van der Meer <mail@jewilmeer.nl>	2014-09-08 14:53:59 +0200
commit	11bb67c3c6d4b90629744f8a011121e35968c58b (patch)
tree	25c4251a65634cf86539a7bbf07f9bcf54efe6ed
parent	f27830fa4c11548279b5eed68e92b6f352ad4a9f (diff)
download	gitlab-ce-11bb67c3c6d4b90629744f8a011121e35968c58b.tar.gz