WIP: Use case-insensitive lookup for Kerberos Spnego identity.
What does this MR do?
Clients can send the Kerberos username/principal in any case - the
Kerberos server itself does not care. However, GitLab stores
the Kerberos username/principal as extern_uid in a case-sensitive
format. This change uses an iwhere
statement rather than
find_by
so it doesn't matter how the client send the
username/principal.
Are there points in the code the reviewer needs to double check?
Should we have specs for this? Where? There isn't a clear place to put specs for this helper class.
Why was this MR needed?
It was causing inability to authenticate for a customer in https://gitlab.zendesk.com/agent/tickets/82669
Screenshots (if relevant)
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
API support added -
Tests added for this feature/bug - Review
-
Has been reviewed by UX -
Has been reviewed by Frontend -
Has been reviewed by Backend -
Has been reviewed by Database
-
-
Conform by the merge request performance guides -
Conform by the style guides -
Squashed related commits together
Merge request reports
Activity
@tiagonbotelho Do you mind doing an initial review, please?
changed milestone to %10.1
@dblessing although the method we are changing is only used in a private method we can always check if the change works in https://gitlab.com/gitlab-org/gitlab-ee/blob/master/spec/requests/git_http_spec.rb
😄 These specs might help you get going: https://gitlab.com/gitlab-org/gitlab-ee/blob/master/spec/requests/git_http_spec.rb#L700
Thanks @dblessing
assigned to @dblessing
@dblessing I think https://gitlab.com/dblessing/gitlab-ee/-/jobs/34831574 is failing because of the spec you wrote
😄 @tiagonbotelho Yep, still working on tests.