diff options
| -rw-r--r-- | changelogs/unreleased/sh-fix-broken-ldap-clones.yml | 5 | ||||
| -rw-r--r-- | lib/gitlab/auth/o_auth/provider.rb | 1 | ||||
| -rw-r--r-- | spec/lib/gitlab/auth/o_auth/provider_spec.rb | 42 |
3 files changed, 48 insertions, 0 deletions
diff --git a/changelogs/unreleased/sh-fix-broken-ldap-clones.yml b/changelogs/unreleased/sh-fix-broken-ldap-clones.yml new file mode 100644 index 00000000000..abe725924f2 --- /dev/null +++ b/changelogs/unreleased/sh-fix-broken-ldap-clones.yml @@ -0,0 +1,5 @@ +--- +title: Fix broken Git over HTTP clones with LDAP users +merge_request: 21352 +author: +type: fixed diff --git a/lib/gitlab/auth/o_auth/provider.rb b/lib/gitlab/auth/o_auth/provider.rb index e73743944a9..26da9d09ccc 100644 --- a/lib/gitlab/auth/o_auth/provider.rb +++ b/lib/gitlab/auth/o_auth/provider.rb @@ -29,6 +29,7 @@ module Gitlab def self.enabled?(name) return true if name == 'database' + return true if self.ldap_provider?(name) && providers.include?(name.to_sym) Gitlab::Auth.omniauth_enabled? && providers.include?(name.to_sym) end diff --git a/spec/lib/gitlab/auth/o_auth/provider_spec.rb b/spec/lib/gitlab/auth/o_auth/provider_spec.rb index fc35d430917..80d702cf9dc 100644 --- a/spec/lib/gitlab/auth/o_auth/provider_spec.rb +++ b/spec/lib/gitlab/auth/o_auth/provider_spec.rb @@ -1,6 +1,48 @@ require 'spec_helper' describe Gitlab::Auth::OAuth::Provider do + describe '.enabled?' do + before do + allow(described_class).to receive(:providers).and_return([:ldapmain, :google_oauth2]) + end + + context 'when OmniAuth is disabled' do + before do + allow(Gitlab::Auth).to receive(:omniauth_enabled?).and_return(false) + end + + it 'allows database auth' do + expect(described_class.enabled?('database')).to be_truthy + end + + it 'allows LDAP auth' do + expect(described_class.enabled?('ldapmain')).to be_truthy + end + + it 'does not allow other OmniAuth providers' do + expect(described_class.enabled?('google_oauth2')).to be_falsey + end + end + + context 'when OmniAuth is enabled' do + before do + allow(Gitlab::Auth).to receive(:omniauth_enabled?).and_return(true) + end + + it 'allows database auth' do + expect(described_class.enabled?('database')).to be_truthy + end + + it 'allows LDAP auth' do + expect(described_class.enabled?('ldapmain')).to be_truthy + end + + it 'allows other OmniAuth providers' do + expect(described_class.enabled?('google_oauth2')).to be_truthy + end + end + end + describe '#config_for' do context 'for an LDAP provider' do context 'when the provider exists' do |