summaryrefslogtreecommitdiff
path: root/spec/services
diff options
context:
space:
mode:
authorDouwe Maan <douwe@gitlab.com>2016-01-14 11:00:08 +0000
committerDouwe Maan <douwe@gitlab.com>2016-01-14 11:00:08 +0000
commit4d64a32c88dd5f87621d391c0f10f6acef094073 (patch)
tree1a6f479e09c97d2e0526da4405c98f57f9825456 /spec/services
parentcda9635441fee1543966830a0ba1d95221b2a379 (diff)
parentdd6fc01ff8a073880b67a323a547edeb5d63f167 (diff)
downloadgitlab-ce-4d64a32c88dd5f87621d391c0f10f6acef094073.tar.gz
Merge branch 'feature/ldap-sync-edgecases' into 'master'
LDAP Sync blocked user edgecases Allow GitLab admins to block otherwise valid GitLab LDAP users (https://gitlab.com/gitlab-org/gitlab-ce/issues/3462) Based on the discussion on the original issue, we are going to differentiate "normal" block operations to the ldap automatic ones in order to make some decisions when its one or the other. Expected behavior: - [x] "ldap_blocked" users respond to both `blocked?` and `ldap_blocked?` - [x] "ldap_blocked" users can't be unblocked by the Admin UI - [x] "ldap_blocked" users can't be unblocked by the API - [x] Block operations that are originated from LDAP synchronization will flag user as "ldap_blocked" - [x] Only "ldap_blocked" users will be automatically unblocked by LDAP synchronization - [x] When LDAP identity is removed, we should convert `ldap_blocked` into `blocked` Mockup for the Admin UI with both "ldap_blocked" and normal "blocked" users: ![image](/uploads/4f56fc17b73cb2c9e2a154a22e7ad291/image.png) There will be another MR for the EE version. See merge request !2242
Diffstat (limited to 'spec/services')
-rw-r--r--spec/services/repair_ldap_blocked_user_service_spec.rb23
1 files changed, 23 insertions, 0 deletions
diff --git a/spec/services/repair_ldap_blocked_user_service_spec.rb b/spec/services/repair_ldap_blocked_user_service_spec.rb
new file mode 100644
index 00000000000..ce7d1455975
--- /dev/null
+++ b/spec/services/repair_ldap_blocked_user_service_spec.rb
@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe RepairLdapBlockedUserService, services: true do
+ let(:user) { create(:omniauth_user, provider: 'ldapmain', state: 'ldap_blocked') }
+ let(:identity) { user.ldap_identity }
+ subject(:service) { RepairLdapBlockedUserService.new(user) }
+
+ describe '#execute' do
+ it 'change to normal block after destroying last ldap identity' do
+ identity.destroy
+ service.execute
+
+ expect(user.reload).not_to be_ldap_blocked
+ end
+
+ it 'change to normal block after changing last ldap identity to another provider' do
+ identity.update_attribute(:provider, 'twitter')
+ service.execute
+
+ expect(user.reload).not_to be_ldap_blocked
+ end
+ end
+end