From 8560c5945092c4a3f8773026a8051f5f94caac88 Mon Sep 17 00:00:00 2001 From: Drew Blessing Date: Thu, 16 Jun 2016 09:37:47 -0500 Subject: [PATCH 1/2] Make ldap_person more flexible --- lib/gitlab/o_auth/user.rb | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb index 78f3ecb4cb4b..26b1d3bd8b8a 100644 --- a/lib/gitlab/o_auth/user.rb +++ b/lib/gitlab/o_auth/user.rb @@ -1,3 +1,5 @@ +require 'net/ldap/dn' + # OAuth extension for User model # # * Find GitLab user based on omniauth uid and provider @@ -103,12 +105,30 @@ def ldap_person # Look for a corresponding person with same uid in any of the configured LDAP providers Gitlab::LDAP::Config.providers.each do |provider| adapter = Gitlab::LDAP::Adapter.new(provider) - @ldap_person = Gitlab::LDAP::Person.find_by_uid(auth_hash.uid, adapter) + @ldap_person = find_ldap_person(auth_hash.uid, adapter) + break if @ldap_person end @ldap_person end + # OmniAuth providers can send anything as the `uid`. Try to be flexible + # + # Currently, this method only looks for DN or username/uid. More may + # need to be added later. + def find_ldap_person(uid, adapter) + begin + if Net::LDAP::DN.new(auth_hash.uid) + return Gitlab::LDAP::Person.find_by_dn(uid, adapter) + end + rescue RuntimeError => e + # Net::LDAP raises a generic RuntimeError. Bad library! Bad! + logger.debug { "Omniauth UID: '#{dn}' doesn't look like a DN. Trying next step. Message: #{e.message}" } + + return Gitlab::LDAP::Person.find_by_uid(uid, adapter) + end + end + def ldap_config Gitlab::LDAP::Config.new(ldap_person.provider) if ldap_person end -- GitLab From 6e4ebebe9d7b7d4709fe08e4e57911ab01ca7900 Mon Sep 17 00:00:00 2001 From: Drew Blessing Date: Thu, 16 Jun 2016 09:43:22 -0500 Subject: [PATCH 2/2] simplify --- lib/gitlab/o_auth/user.rb | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb index 26b1d3bd8b8a..fbdd6c5934fe 100644 --- a/lib/gitlab/o_auth/user.rb +++ b/lib/gitlab/o_auth/user.rb @@ -114,19 +114,18 @@ def ldap_person # OmniAuth providers can send anything as the `uid`. Try to be flexible # - # Currently, this method only looks for DN or username/uid. More may + # Currently, this method only looks LDAP users by DN or uid. More may # need to be added later. def find_ldap_person(uid, adapter) - begin - if Net::LDAP::DN.new(auth_hash.uid) - return Gitlab::LDAP::Person.find_by_dn(uid, adapter) - end - rescue RuntimeError => e - # Net::LDAP raises a generic RuntimeError. Bad library! Bad! - logger.debug { "Omniauth UID: '#{dn}' doesn't look like a DN. Trying next step. Message: #{e.message}" } - - return Gitlab::LDAP::Person.find_by_uid(uid, adapter) + if Net::LDAP::DN.new(auth_hash.uid) + return Gitlab::LDAP::Person.find_by_dn(uid, adapter) end + rescue RuntimeError => e + # Net::LDAP raises a generic RuntimeError. Bad library! Bad! + logger.debug { "Omniauth UID: '#{dn}' doesn't look like a DN. Trying next step. Message: #{e.message}" } + + # Fallback to looking for an LDAP user by `uid`. + return Gitlab::LDAP::Person.find_by_uid(uid, adapter) end def ldap_config -- GitLab