From 2fec9ba34edd4a9ea817158c5963d01917af1b12 Mon Sep 17 00:00:00 2001 From: James Edwards-Jones Date: Mon, 23 Apr 2018 00:51:17 +0100 Subject: [PATCH] Group SAML strips LRM chars from ADFS cert fingerprint --- ee/app/models/saml_provider.rb | 8 ++++++++ ee/changelogs/unreleased/jej-strip-lrm-for-adfs.yml | 5 +++++ ee/spec/models/saml_provider_spec.rb | 4 ++++ 3 files changed, 17 insertions(+) create mode 100644 ee/changelogs/unreleased/jej-strip-lrm-for-adfs.yml diff --git a/ee/app/models/saml_provider.rb b/ee/app/models/saml_provider.rb index c7dde15680a806..4147139d3285c7 100644 --- a/ee/app/models/saml_provider.rb +++ b/ee/app/models/saml_provider.rb @@ -21,6 +21,10 @@ def name_identifier_format NAME_IDENTIFIER_FORMAT end + def certificate_fingerprint=(value) + super(strip_left_to_right_chars(value)) + end + def settings { assertion_consumer_service_url: assertion_consumer_service_url, @@ -44,4 +48,8 @@ def set_defaults def host @host ||= Gitlab.config.gitlab.url end + + def strip_left_to_right_chars(input) + input&.gsub(/[\u200E]/, '') + end end diff --git a/ee/changelogs/unreleased/jej-strip-lrm-for-adfs.yml b/ee/changelogs/unreleased/jej-strip-lrm-for-adfs.yml new file mode 100644 index 00000000000000..670f6bf23e2ff1 --- /dev/null +++ b/ee/changelogs/unreleased/jej-strip-lrm-for-adfs.yml @@ -0,0 +1,5 @@ +--- +title: Per-Group SAML (for GitLab.com) strips LRM chars from ADFS certificate fingerprints +merge_request: 5466 +author: +type: fixed diff --git a/ee/spec/models/saml_provider_spec.rb b/ee/spec/models/saml_provider_spec.rb index c8df818561d9c8..5a21f6a8cb58ee 100644 --- a/ee/spec/models/saml_provider_spec.rb +++ b/ee/spec/models/saml_provider_spec.rb @@ -29,6 +29,10 @@ expect(subject).not_to allow_value(invalid_characters).for(:certificate_fingerprint) end + it 'strips left-to-right marks from certificate_fingerprint' do + expect(subject).to allow_value("\u200E00 00 30 ED C2 85 E0 1D 6B 5E A3 30 10 A7 9A DD 14 2F 50 04‎").for(:certificate_fingerprint) + end + it 'requires group to be top-level' do group = create(:group) nested_group = create(:group, :nested) -- GitLab