diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-10-07 16:06:30 +0300 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-10-07 16:06:30 +0300 |
commit | baa65e89b90f21047e586c5842a1b7d499625fd0 (patch) | |
tree | af76ea8dbb59aa5e4ce23c7cbf79ee986d7e4e47 | |
parent | 2db9410945049c20b2245750f2bba06b63b95755 (diff) | |
download | gitlab-ce-baa65e89b90f21047e586c5842a1b7d499625fd0.tar.gz |
Check if LDAP user was removed or blocked when use git over ssh
-rw-r--r-- | lib/api/internal.rb | 1 | ||||
-rw-r--r-- | lib/gitlab/ldap/user.rb | 10 |
2 files changed, 11 insertions, 0 deletions
diff --git a/lib/api/internal.rb b/lib/api/internal.rb index 79f8eb3a543..ed6b50c3a6a 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -35,6 +35,7 @@ module API user = key.user return false if user.blocked? + return false if user.ldap_user? && Gitlab::LDAP::User.blocked?(user.extern_uid) action = case git_cmd when *DOWNLOAD_COMMANDS diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb index 260bacfeeb0..78fc5dab9cb 100644 --- a/lib/gitlab/ldap/user.rb +++ b/lib/gitlab/ldap/user.rb @@ -71,6 +71,16 @@ module Gitlab find_by_uid(ldap_user.dn) if ldap_user end + # Check LDAP user existance by dn. User in git over ssh check + # + # It covers 2 cases: + # * when ldap account was removed + # * when ldap account was deactivated by change of OU membership in 'dn' + def blocked?(dn) + ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf) + ldap.connection.search(base: dn, size: 1).blank? + end + private def find_by_uid(uid) |