BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
4380c0e7
Commit
4380c0e7
authored
Mar 29, 2018
by
Marin Jankovski
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'cherry-pick-
ab8f13c3
' into '10-6-stable'
[10.6] Fix LDAP login without user in DB See merge request gitlab-org/gitlab-ce!18075
parents
166d2cec
886ba87d
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
28 additions
and
22 deletions
+28
-22
44608-Cloning-a-repository-over-HTTPS-with-LDAP-credentials-causes-a-HTTP-401-Access-denied.yml
...with-LDAP-credentials-causes-a-HTTP-401-Access-denied.yml
+5
-0
auth.rb
lib/gitlab/auth.rb
+5
-1
authentication.rb
lib/gitlab/auth/database/authentication.rb
+1
-1
authentication.rb
lib/gitlab/auth/ldap/authentication.rb
+6
-16
authentication.rb
lib/gitlab/auth/o_auth/authentication.rb
+1
-0
auth_spec.rb
spec/lib/gitlab/auth_spec.rb
+10
-4
No files found.
changelogs/unreleased/44608-Cloning-a-repository-over-HTTPS-with-LDAP-credentials-causes-a-HTTP-401-Access-denied.yml
0 → 100644
View file @
4380c0e7
---
title
:
'
Cloning
a
repository
over
HTTPS
with
LDAP
credentials
causes
a
HTTP
401
Access
denied'
merge_request
:
!17988
author
:
Horatiu Eugen Vlad
type
:
fixed
lib/gitlab/auth.rb
View file @
4380c0e7
...
...
@@ -69,7 +69,11 @@ module Gitlab
authenticators
.
compact!
user
if
authenticators
.
find
{
|
auth
|
auth
.
login
(
login
,
password
)
}
# return found user that was authenticated first for given login credentials
authenticators
.
find
do
|
auth
|
authenticated_user
=
auth
.
login
(
login
,
password
)
break
authenticated_user
if
authenticated_user
end
end
end
...
...
lib/gitlab/auth/database/authentication.rb
View file @
4380c0e7
...
...
@@ -8,7 +8,7 @@ module Gitlab
def
login
(
login
,
password
)
return
false
unless
Gitlab
::
CurrentSettings
.
password_authentication_enabled_for_git?
user
&
.
valid_password?
(
password
)
return
user
if
user
&
.
valid_password?
(
password
)
end
end
end
...
...
lib/gitlab/auth/ldap/authentication.rb
View file @
4380c0e7
...
...
@@ -12,30 +12,26 @@ module Gitlab
return
unless
Gitlab
::
Auth
::
LDAP
::
Config
.
enabled?
return
unless
login
.
present?
&&
password
.
present?
auth
=
nil
# loop through providers until valid bind
# return found user that was authenticated by first provider for given login credentials
providers
.
find
do
|
provider
|
auth
=
new
(
provider
)
auth
.
login
(
login
,
password
)
# true will exit the loop
break
auth
.
user
if
auth
.
login
(
login
,
password
)
# true will exit the loop
end
# If (login, password) was invalid for all providers, the value of auth is now the last
# Gitlab::Auth::LDAP::Authentication instance we tried.
auth
.
user
end
def
self
.
providers
Gitlab
::
Auth
::
LDAP
::
Config
.
providers
end
attr_accessor
:ldap_user
def
login
(
login
,
password
)
@ldap_user
=
adapter
.
bind_as
(
result
=
adapter
.
bind_as
(
filter:
user_filter
(
login
),
size:
1
,
password:
password
)
return
unless
result
@user
=
Gitlab
::
Auth
::
LDAP
::
User
.
find_by_uid_and_provider
(
result
.
dn
,
provider
)
end
def
adapter
...
...
@@ -56,12 +52,6 @@ module Gitlab
filter
end
def
user
return
unless
ldap_user
Gitlab
::
Auth
::
LDAP
::
User
.
find_by_uid_and_provider
(
ldap_user
.
dn
,
provider
)
end
end
end
end
...
...
lib/gitlab/auth/o_auth/authentication.rb
View file @
4380c0e7
...
...
@@ -12,6 +12,7 @@ module Gitlab
@user
=
user
end
# Implementation must return user object if login successful
def
login
(
login
,
password
)
raise
NotImplementedError
end
...
...
spec/lib/gitlab/auth_spec.rb
View file @
4380c0e7
...
...
@@ -315,13 +315,19 @@ describe Gitlab::Auth do
it
"tries to autheticate with db before ldap"
do
expect
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
not_to
receive
(
:login
)
gl_auth
.
find_with_user_password
(
username
,
password
)
expect
(
gl_auth
.
find_with_user_password
(
username
,
password
)).
to
eq
(
user
)
end
it
"does not find user by using ldap as fallback to for authentication"
do
expect
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
to
receive
(
:login
).
and_return
(
nil
)
expect
(
gl_auth
.
find_with_user_password
(
'ldap_user'
,
'password'
)).
to
be_nil
end
it
"
uses
ldap as fallback to for authentication"
do
expect
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
to
receive
(
:login
)
it
"
find new user by using
ldap as fallback to for authentication"
do
expect
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
to
receive
(
:login
)
.
and_return
(
user
)
gl_auth
.
find_with_user_password
(
'ldap_user'
,
'password'
)
expect
(
gl_auth
.
find_with_user_password
(
'ldap_user'
,
'password'
)).
to
eq
(
user
)
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment