Commit 125cb9b8 authored by Douwe Maan's avatar Douwe Maan

Don't accidentally unblock auto created users from Active Directory.

parent f84e78f3
......@@ -52,6 +52,7 @@ v 7.11.0 (unreleased)
- Add current_sign_in_at to UserFull REST api.
- Make Sidekiq MemoryKiller shutdown signal configurable
- Add "Create Merge Request" buttons to commits and branches pages and push event.
- Fix automatic blocking of auto-created users from Active Directory.
v 7.10.2
- Fix CI links on MR page
......
......@@ -40,7 +40,7 @@ def allowed?
user.block unless user.blocked?
false
else
user.activate if user.blocked?
user.activate if user.blocked? && !ldap_config.block_auto_created_users
true
end
else
......
......@@ -16,7 +16,7 @@
context 'when the user is found' do
before { Gitlab::LDAP::Person.stub(find_by_dn: :ldap_user) }
context 'and the user is diabled via active directory' do
context 'and the user is disabled via active directory' do
before { Gitlab::LDAP::Person.stub(disabled_via_active_directory?: true) }
it { is_expected.to be_falsey }
......@@ -36,9 +36,28 @@
it { is_expected.to be_truthy }
it "should unblock user in GitLab" do
access.allowed?
user.should_not be_blocked
context 'when auto-created users are blocked' do
before do
Gitlab::LDAP::Config.any_instance.stub(block_auto_created_users: true)
end
it "does not unblock user in GitLab" do
access.allowed?
user.should be_blocked
end
end
context "when auto-created users are not blocked" do
before do
Gitlab::LDAP::Config.any_instance.stub(block_auto_created_users: false)
end
it "should unblock user in GitLab" do
access.allowed?
user.should_not be_blocked
end
end
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment