From c915e2c8237ddcae57ec48e700badd9d5bfd8c8c Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Tue, 8 Sep 2015 10:58:48 +0100
Subject: [PATCH] Allow configuration of LDAP attributes GitLab will use for
 the new user account.

---
 config/gitlab.yml.example                | 15 +++++++++
 lib/gitlab/ldap/auth_hash.rb             | 40 ++++++++++++++++++++++++
 lib/gitlab/ldap/user.rb                  |  4 +++
 lib/gitlab/o_auth/auth_hash.rb           | 24 +++++++-------
 spec/lib/gitlab/o_auth/auth_hash_spec.rb |  6 ++--
 spec/lib/gitlab/o_auth/user_spec.rb      |  2 +-
 6 files changed, 76 insertions(+), 15 deletions(-)
 create mode 100644 lib/gitlab/ldap/auth_hash.rb

diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 9eb99dae456..cb697fad7ab 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -144,6 +144,21 @@ production: &base
         bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
         password: '_the_password_of_the_bind_user'
 
+        # LDAP attributes that GitLab will use to create an account for the LDAP user.
+        # Can be either the name of an attribute as a string (e.g. 'mail'),
+        # or an array of names of attributes to try in order (e.g. ['mail', 'email']).
+        # The default values are listed.
+        attributes:
+          # username: ['uid', 'userid', 'sAMAccountName']
+          # name:     'cn' # Also falls back to a combination of first_name and last_name, see below
+          # email:    ['mail', 'email', 'userPrincipalName']
+
+          # If no full name could be found at the attribute specified for `name`,
+          # the full name is determined as `<first_name> <last_name>`, using the 
+          # attributes specified below.
+          # first_name: 'givenName'
+          # last_name:  'sn'
+          
         # This setting specifies if LDAP server is Active Directory LDAP server.
         # For non AD servers it skips the AD specific queries.
         # If your LDAP server is not AD, set this to false.
diff --git a/lib/gitlab/ldap/auth_hash.rb b/lib/gitlab/ldap/auth_hash.rb
new file mode 100644
index 00000000000..caca7bb3b57
--- /dev/null
+++ b/lib/gitlab/ldap/auth_hash.rb
@@ -0,0 +1,40 @@
+# Class to parse and transform the info provided by omniauth
+#
+module Gitlab
+  module LDAP
+    class AuthHash < Gitlab::OAuth::AuthHash
+      attr_accessor :config
+
+      def initialize(auth_hash, config)
+        super(auth_hash)
+        @config = config
+      end
+
+      private
+
+      def get_info(key)
+        raw_key = config.attributes[key]
+        return super unless raw_key
+
+        value =
+          case raw_key
+          when String
+            get_raw(raw_key)
+          when Array
+            raw_key.inject(nil) { |value, key| value || get_raw(key).presence }
+          else
+            nil
+          end
+        
+        return super unless value
+
+        Gitlab::Utils.force_utf8(value)
+        value
+      end
+
+      def get_raw(key)
+        auth_hash.extra[:raw_info][key]
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb
index 04a22237478..e568b0e3b31 100644
--- a/lib/gitlab/ldap/user.rb
+++ b/lib/gitlab/ldap/user.rb
@@ -71,6 +71,10 @@ module Gitlab
       def ldap_config
         Gitlab::LDAP::Config.new(auth_hash.provider)
       end
+
+      def auth_hash=(auth_hash)
+        @auth_hash = Gitlab::LDAP::AuthHash.new(auth_hash, ldap_config)
+      end
     end
   end
 end
diff --git a/lib/gitlab/o_auth/auth_hash.rb b/lib/gitlab/o_auth/auth_hash.rb
index 9b8e783d16c..76fbe698c74 100644
--- a/lib/gitlab/o_auth/auth_hash.rb
+++ b/lib/gitlab/o_auth/auth_hash.rb
@@ -16,16 +16,6 @@ module Gitlab
         @provider ||= Gitlab::Utils.force_utf8(auth_hash.provider.to_s)
       end
 
-      def info
-        auth_hash.info
-      end
-
-      def get_info(key)
-        value = info.try(key)
-        Gitlab::Utils.force_utf8(value) if value
-        value
-      end
-
       def name
         @name ||= get_info(:name) || "#{get_info(:first_name)} #{get_info(:last_name)}"
       end
@@ -44,9 +34,21 @@ module Gitlab
 
       private
 
+      def info
+        auth_hash.info
+      end
+
+      def get_info(key)
+        key = :nickname if key == :username
+
+        value = info[key]
+        Gitlab::Utils.force_utf8(value) if value
+        value
+      end
+
       def username_and_email
         @username_and_email ||= begin
-          username  = get_info(:nickname) || get_info(:username)
+          username  = get_info(:username)
           email     = get_info(:email)
 
           username ||= generate_username(email)             if email
diff --git a/spec/lib/gitlab/o_auth/auth_hash_spec.rb b/spec/lib/gitlab/o_auth/auth_hash_spec.rb
index e4a6cd954cc..5632f2306ec 100644
--- a/spec/lib/gitlab/o_auth/auth_hash_spec.rb
+++ b/spec/lib/gitlab/o_auth/auth_hash_spec.rb
@@ -3,11 +3,11 @@ require 'spec_helper'
 describe Gitlab::OAuth::AuthHash do
   let(:auth_hash) do
     Gitlab::OAuth::AuthHash.new(
-      double({
+      OmniAuth::AuthHash.new(
         provider: provider_ascii,
         uid: uid_ascii,
-        info: double(info_hash)
-      })
+        info: info_hash
+      )
     )
   end
 
diff --git a/spec/lib/gitlab/o_auth/user_spec.rb b/spec/lib/gitlab/o_auth/user_spec.rb
index c6cca98a037..c0083fc85be 100644
--- a/spec/lib/gitlab/o_auth/user_spec.rb
+++ b/spec/lib/gitlab/o_auth/user_spec.rb
@@ -5,7 +5,7 @@ describe Gitlab::OAuth::User do
   let(:gl_user) { oauth_user.gl_user }
   let(:uid) { 'my-uid' }
   let(:provider) { 'my-provider' }
-  let(:auth_hash) { double(uid: uid, provider: provider, info: double(info_hash)) }
+  let(:auth_hash) { OmniAuth::AuthHash.new(uid: uid, provider: provider, info: info_hash) }
   let(:info_hash) do
     {
       nickname: '-john+gitlab-ETC%.git@gmail.com',
-- 
GitLab