diff options
author | Stan Hu <stanhu@gmail.com> | 2019-01-28 22:35:25 -0800 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2019-01-29 11:15:06 -0800 |
commit | ab4aba7065b52281fcd1224e1e883fe35128751c (patch) | |
tree | 819c7939825c4fa53c1bc446d7ac8ac8c841c29f /spec/models/identity_spec.rb | |
parent | bbf6e65dd2874ae1866ee6d87713f45de1f95d55 (diff) | |
download | gitlab-ce-ab4aba7065b52281fcd1224e1e883fe35128751c.tar.gz |
Fix failed LDAP logins when nil user_id present
When a LDAP user signs in the for the first time and if there
is an `Identity` object with `user_id` of `nil`, new users
will not be able to be register until that entry is cleared
because of the way identities are created:
1. First, the User object is built but not saved, so it has no `id`.
2. Then, `user.identities.build(provider: 'ldapmain')` is called,
but it does not have an associated `user_id` as a result.
3. `User#save` is called, but the `Identity` validation fails if an
existing entry with `user_id` of `nil` already exists.
The uniqueness validation for `nil` values doesn't make any sense in
this case. We should be enforcing this at the database level with a
foreign key constraint. To work around the issue we can validate
against the user instead, which does the right thing even when
the user isn't saved yet.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56734
Diffstat (limited to 'spec/models/identity_spec.rb')
-rw-r--r-- | spec/models/identity_spec.rb | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/spec/models/identity_spec.rb b/spec/models/identity_spec.rb index a5ce245c21d..e1a7a59dfd1 100644 --- a/spec/models/identity_spec.rb +++ b/spec/models/identity_spec.rb @@ -10,6 +10,40 @@ describe Identity do it { is_expected.to respond_to(:extern_uid) } end + describe 'validations' do + set(:user) { create(:user) } + + context 'with existing user and provider' do + before do + create(:identity, provider: 'ldapmain', user_id: user.id) + end + + it 'returns false for a duplicate entry' do + identity = user.identities.build(provider: 'ldapmain', user_id: user.id) + + expect(identity.validate).to be_falsey + end + + it 'returns true when a different provider is used' do + identity = user.identities.build(provider: 'gitlab', user_id: user.id) + + expect(identity.validate).to be_truthy + end + end + + context 'with newly-created user' do + before do + create(:identity, provider: 'ldapmain', user_id: nil) + end + + it 'successfully validates even with a nil user_id' do + identity = user.identities.build(provider: 'ldapmain') + + expect(identity.validate).to be_truthy + end + end + end + describe '#is_ldap?' do let(:ldap_identity) { create(:identity, provider: 'ldapmain') } let(:other_identity) { create(:identity, provider: 'twitter') } |