Fix LDAP login without user in DB

author: Horatiu Eugen Vlad <horatiu@vlad.eu> 2018-03-26 11:23:54 +0200
committer: Horatiu Eugen Vlad <horatiu@vlad.eu> 2018-03-27 09:21:17 +0200
commit: 7d01792614e48c8f94307d660298014cd01cb79c (patch)
tree: c5981e90b915ee09871a6505193f4c9fc5ab65dd /lib/gitlab/auth
parent: 391732a2c1b04baf565c77f2788a1ec035b1d85e (diff)
download: gitlab-ce-7d01792614e48c8f94307d660298014cd01cb79c.tar.gz
3 files changed, 8 insertions, 17 deletions
diff --git a/lib/gitlab/auth/database/authentication.rb b/lib/gitlab/auth/database/authentication.rb
index 260a77058a4..1234ace0334 100644
--- a/lib/gitlab/auth/database/authentication.rb
+++ b/lib/gitlab/auth/database/authentication.rb
@@ -8,7 +8,7 @@ module Gitlab
         def login(login, password)
           return false unless Gitlab::CurrentSettings.password_authentication_enabled_for_git?
 
-          user&.valid_password?(password)
+          return user if user&.valid_password?(password)
         end
       end
     end
diff --git a/lib/gitlab/auth/ldap/authentication.rb b/lib/gitlab/auth/ldap/authentication.rb
index e70c3ab6b46..7c134fb6438 100644
--- a/lib/gitlab/auth/ldap/authentication.rb
+++ b/lib/gitlab/auth/ldap/authentication.rb
@@ -12,30 +12,26 @@ module Gitlab
           return unless Gitlab::Auth::LDAP::Config.enabled?
           return unless login.present? && password.present?
 
-          auth = nil
-          # loop through providers until valid bind
+          # return found user that was authenticated by first provider for given login credentials
           providers.find do |provider|
             auth = new(provider)
-            auth.login(login, password) # true will exit the loop
+            break auth.user if auth.login(login, password) # true will exit the loop
           end
-
-          # If (login, password) was invalid for all providers, the value of auth is now the last
-          # Gitlab::Auth::LDAP::Authentication instance we tried.
-          auth.user
         end
 
         def self.providers
           Gitlab::Auth::LDAP::Config.providers
         end
 
-        attr_accessor :ldap_user
-
         def login(login, password)
-          @ldap_user = adapter.bind_as(
+          result = adapter.bind_as(
             filter: user_filter(login),
             size: 1,
             password: password
           )
+          return unless result
+
+          @user = Gitlab::Auth::LDAP::User.find_by_uid_and_provider(result.dn, provider)
         end
 
         def adapter
@@ -56,12 +52,6 @@ module Gitlab
 
           filter
         end
-
-        def user
-          return unless ldap_user
-
-          Gitlab::Auth::LDAP::User.find_by_uid_and_provider(ldap_user.dn, provider)
-        end
       end
     end
   end
diff --git a/lib/gitlab/auth/o_auth/authentication.rb b/lib/gitlab/auth/o_auth/authentication.rb
index ed03b9f8b40..d4e7f35c857 100644
--- a/lib/gitlab/auth/o_auth/authentication.rb
+++ b/lib/gitlab/auth/o_auth/authentication.rb
@@ -12,6 +12,7 @@ module Gitlab
           @user = user
         end
 
+        # Implementation must return user object if login successful
         def login(login, password)
           raise NotImplementedError
         end
author	Horatiu Eugen Vlad <horatiu@vlad.eu>	2018-03-26 11:23:54 +0200
committer	Horatiu Eugen Vlad <horatiu@vlad.eu>	2018-03-27 09:21:17 +0200
commit	7d01792614e48c8f94307d660298014cd01cb79c (patch)
tree	c5981e90b915ee09871a6505193f4c9fc5ab65dd /lib/gitlab/auth
parent	391732a2c1b04baf565c77f2788a1ec035b1d85e (diff)
download	gitlab-ce-7d01792614e48c8f94307d660298014cd01cb79c.tar.gz