Refactor to distinguish between UIDs and DNs

2 files changed, 30 insertions, 1 deletions

diff --git a/lib/gitlab/ldap/auth_hash.rb b/lib/gitlab/ldap/auth_hash.rb
index 3123da17fd9..da75649d6d5 100644
--- a/lib/gitlab/ldap/auth_hash.rb
+++ b/lib/gitlab/ldap/auth_hash.rb
@@ -4,7 +4,7 @@ module Gitlab
   module LDAP
     class AuthHash < Gitlab::OAuth::AuthHash
       def uid
-        Gitlab::LDAP::Person.normalize_dn(super)
+        Gitlab::LDAP::Person.normalize_uid_or_dn(super)
       end
 
       private
diff --git a/lib/gitlab/ldap/person.rb b/lib/gitlab/ldap/person.rb
index 4299d35fabc..5c8924f1472 100644
--- a/lib/gitlab/ldap/person.rb
+++ b/lib/gitlab/ldap/person.rb
@@ -36,6 +36,35 @@ module Gitlab
         ]
       end
 
+      # Returns the UID or DN in a normalized form
+      def self.normalize_uid_or_dn(uid_or_dn)
+        if is_dn?(uid_or_dn)
+          normalize_dn(uid_or_dn)
+        else
+          normalize_uid(uid_or_dn)
+        end
+      end
+
+      # Returns true if the string looks like a DN rather than a UID.
+      #
+      # An empty string is technically a valid DN (null DN), although we should
+      # never need to worry about that.
+      def self.is_dn?(uid_or_dn)
+        uid_or_dn.blank? || uid_or_dn.include?('=')
+      end
+
+      # Returns the UID in a normalized form.
+      #
+      # 1. Excess spaces are stripped
+      # 2. The string is downcased (for case-insensitivity)
+      def self.normalize_uid(uid)
+        normalize_dn_part(uid)
+      end
+
+      # Returns the DN in a normalized form.
+      #
+      # 1. Excess spaces around attribute names and values are stripped
+      # 2. The string is downcased (for case-insensitivity)
       def self.normalize_dn(dn)
         dn.split(/([,+=])/).map do |part|
           normalize_dn_part(part)