Skip to content
Snippets Groups Projects
Commit b7fbaa75 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets Committed by Wes Gurney
Browse files

Check if LDAP user was removed or blocked when use git over ssh

parent 592aff2d
No related branches found
No related tags found
1 merge request!4954Add support to configure webhook_timeout in gitlab.yaml
This commit is part of merge request !4954. Comments created here will be created in the context of that merge request.
Loading
Loading
@@ -35,6 +35,7 @@ module API
user = key.user
 
return false if user.blocked?
return false if user.ldap_user? && Gitlab::LDAP::User.blocked?(user.extern_uid)
 
action = case git_cmd
when *DOWNLOAD_COMMANDS
Loading
Loading
Loading
Loading
@@ -71,6 +71,16 @@ module Gitlab
find_by_uid(ldap_user.dn) if ldap_user
end
 
# Check LDAP user existance by dn. User in git over ssh check
#
# It covers 2 cases:
# * when ldap account was removed
# * when ldap account was deactivated by change of OU membership in 'dn'
def blocked?(dn)
ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf)
ldap.connection.search(base: dn, size: 1).blank?
end
private
 
def find_by_uid(uid)
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment