Unblocks user when active_directory is disabled and it can be foundpatch/fix-ldap-unblock-user-logic

author: Gabriel Mazetto <gabriel@gitlab.com> 2016-04-05 16:33:37 -0300
committer: Gabriel Mazetto <gabriel@gitlab.com> 2016-04-05 16:34:31 -0300
commit: 5ee6badade3c453c7090e9c1f1f4d636c5bb068e (patch)
tree: 2bdc59fa820512c44eff139c9eabd558c6a8bdd4
parent: 4a01b5e293ccb358d77ac1a25b92d14fd913a4d7 (diff)
download: gitlab-ce-patch/fix-ldap-unblock-user-logic.tar.gz
2 files changed, 30 insertions, 2 deletions
diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb
index da4435c7308..f2b649e50a2 100644
--- a/lib/gitlab/ldap/access.rb
+++ b/lib/gitlab/ldap/access.rb
@@ -33,7 +33,10 @@ module Gitlab
 
       def allowed?
         if ldap_user
-          return true unless ldap_config.active_directory
+          unless ldap_config.active_directory
+            user.activate if user.ldap_blocked?
+            return true
+          end
 
           # Block user in GitLab if he/she was blocked in AD
           if Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter)
diff --git a/spec/lib/gitlab/ldap/access_spec.rb b/spec/lib/gitlab/ldap/access_spec.rb
index 32a19bf344b..f5b66b8156f 100644
--- a/spec/lib/gitlab/ldap/access_spec.rb
+++ b/spec/lib/gitlab/ldap/access_spec.rb
@@ -33,7 +33,7 @@ describe Gitlab::LDAP::Access, lib: true do
 
         it { is_expected.to be_falsey }
 
-        it 'should block user in GitLab' do
+        it 'blocks user in GitLab' do
           access.allowed?
           expect(user).to be_blocked
           expect(user).to be_ldap_blocked
@@ -78,6 +78,31 @@ describe Gitlab::LDAP::Access, lib: true do
         end
 
         it { is_expected.to be_truthy }
+
+        context 'when user cannot be found' do
+          before do
+            allow(Gitlab::LDAP::Person).to receive(:find_by_dn).and_return(nil)
+          end
+
+          it { is_expected.to be_falsey }
+
+          it 'blocks user in GitLab' do
+            access.allowed?
+            expect(user).to be_blocked
+            expect(user).to be_ldap_blocked
+          end
+        end
+
+        context 'when user was previously ldap_blocked' do
+          before do
+            user.ldap_block
+          end
+
+          it 'unblocks the user if it exists' do
+            access.allowed?
+            expect(user).not_to be_blocked
+          end
+        end
       end
     end
   end
author	Gabriel Mazetto <gabriel@gitlab.com>	2016-04-05 16:33:37 -0300
committer	Gabriel Mazetto <gabriel@gitlab.com>	2016-04-05 16:34:31 -0300
commit	5ee6badade3c453c7090e9c1f1f4d636c5bb068e (patch)
tree	2bdc59fa820512c44eff139c9eabd558c6a8bdd4
parent	4a01b5e293ccb358d77ac1a25b92d14fd913a4d7 (diff)
download	gitlab-ce-patch/fix-ldap-unblock-user-logic.tar.gz