From add60f8c226eef0639c0131a337603ac0e267123 Mon Sep 17 00:00:00 2001
From: Marin Hannache <git@mareo.fr>
Date: Mon, 12 Sep 2022 07:03:22 +0000
Subject: [PATCH] Add internal API support for Kerberos authentication in
 gitlab-sshd

Changelog: added
EE: true

Signed-off-by: Marin Hannache <git@mareo.fr>
---
 ee/lib/ee/api/support/git_access_actor.rb     | 24 +++++++++++++++++++
 .../ee/api/support/git_access_actor_spec.rb   | 16 +++++++++++++
 lib/api/support/git_access_actor.rb           |  2 ++
 3 files changed, 42 insertions(+)
 create mode 100644 ee/lib/ee/api/support/git_access_actor.rb
 create mode 100644 ee/spec/lib/ee/api/support/git_access_actor_spec.rb

diff --git a/ee/lib/ee/api/support/git_access_actor.rb b/ee/lib/ee/api/support/git_access_actor.rb
new file mode 100644
index 00000000000000..dd6d1368126963
--- /dev/null
+++ b/ee/lib/ee/api/support/git_access_actor.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module EE
+  module API
+    module Support
+      module GitAccessActor
+        extend ActiveSupport::Concern
+
+        class_methods do
+          extend ::Gitlab::Utils::Override
+
+          override :from_params
+          def from_params(params)
+            if params[:krb5principal]
+              new(user: ::User.by_provider_and_extern_uid(:kerberos, params[:krb5principal]).first)
+            else
+              super
+            end
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/ee/spec/lib/ee/api/support/git_access_actor_spec.rb b/ee/spec/lib/ee/api/support/git_access_actor_spec.rb
new file mode 100644
index 00000000000000..3db6cd926b0d6a
--- /dev/null
+++ b/ee/spec/lib/ee/api/support/git_access_actor_spec.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe API::Support::GitAccessActor do
+  describe '.from_params' do
+    context 'when passing a Kerberos principal' do
+      it 'finds the user based on a principal' do
+        principal = "test@TEST.TEST"
+        user = create(:omniauth_user, provider: :kerberos, extern_uid: principal)
+
+        expect(described_class.from_params({ krb5principal: principal }).user).to eq(user)
+      end
+    end
+  end
+end
diff --git a/lib/api/support/git_access_actor.rb b/lib/api/support/git_access_actor.rb
index f450630afdd95f..16861a146aed1e 100644
--- a/lib/api/support/git_access_actor.rb
+++ b/lib/api/support/git_access_actor.rb
@@ -57,3 +57,5 @@ def key_details
     end
   end
 end
+
+API::Support::GitAccessActor.prepend_mod_with('API::Support::GitAccessActor')
-- 
GitLab