Fix broken Git over HTTP clones with LDAP users

Due to a regression in !20608, the LDAP authenticator was not being used unless OmniAuth was enabled. This change allows the LDAP provider to be used if it is configured regardless of the OmniAuth setting. Closes #50579

Fix broken Git over HTTP clones with LDAP users
7486d424 · Stan Hu · 0e9dc23d · 7486d424 · 7486d424 · 7486d424
Commit 7486d424 authored 6 years ago by Stan Hu
--- a/changelogs/unreleased/sh-fix-broken-ldap-clones.yml
+++ b/changelogs/unreleased/sh-fix-broken-ldap-clones.yml
+---
+title: Fix broken Git over HTTP clones with LDAP users
+merge_request: 21352
+author:
+type: fixed
--- a/lib/gitlab/auth/o_auth/provider.rb
+++ b/lib/gitlab/auth/o_auth/provider.rb
@@ -29,6 +29,7 @@ module Gitlab
  
        def self.enabled?(name)
          return true if name == 'database'
+          return true if self.ldap_provider?(name) && providers.include?(name.to_sym)
  
          Gitlab::Auth.omniauth_enabled? && providers.include?(name.to_sym)
        end

--- a/spec/lib/gitlab/auth/o_auth/provider_spec.rb
+++ b/spec/lib/gitlab/auth/o_auth/provider_spec.rb
 require 'spec_helper'
  
 describe Gitlab::Auth::OAuth::Provider do
+  describe '.enabled?' do
+    before do
+      allow(described_class).to receive(:providers).and_return([:ldapmain, :google_oauth2])
+    end
+
+    context 'when OmniAuth is disabled' do
+      before do
+        allow(Gitlab::Auth).to receive(:omniauth_enabled?).and_return(false)
+      end
+
+      it 'allows database auth' do
+        expect(described_class.enabled?('database')).to be_truthy
+      end
+
+      it 'allows LDAP auth' do
+        expect(described_class.enabled?('ldapmain')).to be_truthy
+      end
+
+      it 'does not allow other OmniAuth providers' do
+        expect(described_class.enabled?('google_oauth2')).to be_falsey
+      end
+    end
+
+    context 'when OmniAuth is enabled' do
+      before do
+        allow(Gitlab::Auth).to receive(:omniauth_enabled?).and_return(true)
+      end
+
+      it 'allows database auth' do
+        expect(described_class.enabled?('database')).to be_truthy
+      end
+
+      it 'allows LDAP auth' do
+        expect(described_class.enabled?('ldapmain')).to be_truthy
+      end
+
+      it 'allows other OmniAuth providers' do
+        expect(described_class.enabled?('google_oauth2')).to be_truthy
+      end
+    end
+  end
+
  describe '#config_for' do
    context 'for an LDAP provider' do
      context 'when the provider exists' do