From cd13e4ae734f6a5ff2d02986138bda54267425ae Mon Sep 17 00:00:00 2001 From: Michael Kozono Date: Fri, 9 Jun 2017 10:29:19 -0700 Subject: Verify certificates in `omniauth-ldap` --- lib/gitlab/ldap/config.rb | 3 ++- spec/lib/gitlab/ldap/config_spec.rb | 30 ++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/lib/gitlab/ldap/config.rb b/lib/gitlab/ldap/config.rb index a48a485dffd..9ed88330900 100644 --- a/lib/gitlab/ldap/config.rb +++ b/lib/gitlab/ldap/config.rb @@ -62,7 +62,8 @@ module Gitlab base: base, encryption: options['encryption'], filter: omniauth_user_filter, - name_proc: name_proc + name_proc: name_proc, + disable_verify_certificates: !options['verify_certificates'] ) if has_auth? diff --git a/spec/lib/gitlab/ldap/config_spec.rb b/spec/lib/gitlab/ldap/config_spec.rb index e24c7d6b9a2..0cebbab5c24 100644 --- a/spec/lib/gitlab/ldap/config_spec.rb +++ b/spec/lib/gitlab/ldap/config_spec.rb @@ -238,6 +238,36 @@ describe Gitlab::LDAP::Config, lib: true do password: 'super_secret' ) end + + context 'when verify_certificates is enabled' do + it 'specifies disable_verify_certificates as false' do + stub_ldap_config( + options: { + 'host' => 'ldap.example.com', + 'port' => 686, + 'encryption' => 'simple_tls', + 'verify_certificates' => true + } + ) + + expect(config.omniauth_options).to include({ disable_verify_certificates: false }) + end + end + + context 'when verify_certificates is disabled' do + it 'specifies disable_verify_certificates as true' do + stub_ldap_config( + options: { + 'host' => 'ldap.example.com', + 'port' => 686, + 'encryption' => 'simple_tls', + 'verify_certificates' => false + } + ) + + expect(config.omniauth_options).to include({ disable_verify_certificates: true }) + end + end end describe '#has_auth?' do -- cgit v1.2.1