diff options
-rw-r--r-- | app/models/identity.rb | 2 | ||||
-rw-r--r-- | changelogs/unreleased/sh-disable-nil-user-id-identity-validation.yml | 5 | ||||
-rw-r--r-- | spec/models/identity_spec.rb | 34 |
3 files changed, 40 insertions, 1 deletions
diff --git a/app/models/identity.rb b/app/models/identity.rb index d63dd432426..acdde4f296b 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -8,7 +8,7 @@ class Identity < ActiveRecord::Base validates :provider, presence: true validates :extern_uid, allow_blank: true, uniqueness: { scope: UniquenessScopes.scopes, case_sensitive: false } - validates :user_id, uniqueness: { scope: UniquenessScopes.scopes } + validates :user, uniqueness: { scope: UniquenessScopes.scopes } before_save :ensure_normalized_extern_uid, if: :extern_uid_changed? after_destroy :clear_user_synced_attributes, if: :user_synced_attributes_metadata_from_provider? diff --git a/changelogs/unreleased/sh-disable-nil-user-id-identity-validation.yml b/changelogs/unreleased/sh-disable-nil-user-id-identity-validation.yml new file mode 100644 index 00000000000..5af3bdce51b --- /dev/null +++ b/changelogs/unreleased/sh-disable-nil-user-id-identity-validation.yml @@ -0,0 +1,5 @@ +--- +title: Fix failed LDAP logins when nil user_id present +merge_request: 24749 +author: +type: fixed diff --git a/spec/models/identity_spec.rb b/spec/models/identity_spec.rb index a5ce245c21d..e1a7a59dfd1 100644 --- a/spec/models/identity_spec.rb +++ b/spec/models/identity_spec.rb @@ -10,6 +10,40 @@ describe Identity do it { is_expected.to respond_to(:extern_uid) } end + describe 'validations' do + set(:user) { create(:user) } + + context 'with existing user and provider' do + before do + create(:identity, provider: 'ldapmain', user_id: user.id) + end + + it 'returns false for a duplicate entry' do + identity = user.identities.build(provider: 'ldapmain', user_id: user.id) + + expect(identity.validate).to be_falsey + end + + it 'returns true when a different provider is used' do + identity = user.identities.build(provider: 'gitlab', user_id: user.id) + + expect(identity.validate).to be_truthy + end + end + + context 'with newly-created user' do + before do + create(:identity, provider: 'ldapmain', user_id: nil) + end + + it 'successfully validates even with a nil user_id' do + identity = user.identities.build(provider: 'ldapmain') + + expect(identity.validate).to be_truthy + end + end + end + describe '#is_ldap?' do let(:ldap_identity) { create(:identity, provider: 'ldapmain') } let(:other_identity) { create(:identity, provider: 'twitter') } |