root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@16-6-stable-ee

This commit is contained in:
GitLab Bot 2023-11-14 15:07:32 +00:00
parent 27d427e538
commit cda3f6ca48
5 changed files with 2 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config/feature_flags/development/invert_omniauth_args_merging.yml
View File

@ -1,8 +0,0 @@
---
name: invert_omniauth_args_merging
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/135770
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/430348
milestone: '16.6'
type: development
group: group::authentication
default_enabled: false

15
lib/gitlab/auth/saml/config.rb
View File

@ -8,21 +8,6 @@ module Gitlab
def enabled?
::AuthHelper.saml_providers.any?
end
def default_attribute_statements
defaults = OmniAuth::Strategies::SAML.default_options[:attribute_statements].to_hash.deep_symbolize_keys
defaults[:nickname] = %w[username nickname]
defaults[:name] << 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
defaults[:name] << 'http://schemas.microsoft.com/ws/2008/06/identity/claims/name'
defaults[:email] << 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
defaults[:email] << 'http://schemas.microsoft.com/ws/2008/06/identity/claims/emailaddress'
defaults[:first_name] << 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'
defaults[:first_name] << 'http://schemas.microsoft.com/ws/2008/06/identity/claims/givenname'
defaults[:last_name] << 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'
defaults[:last_name] << 'http://schemas.microsoft.com/ws/2008/06/identity/claims/surname'
defaults
end
end
DEFAULT_PROVIDER_NAME = 'saml'

11
lib/gitlab/omniauth_initializer.rb
View File

@ -29,8 +29,6 @@ module Gitlab
{
authorize_params: { gl_auth_type: 'login' }
}
when ->(provider_name) { AuthHelper.saml_providers.include?(provider_name.to_sym) }
{ attribute_statements: ::Gitlab::Auth::Saml::Config.default_attribute_statements }
else
{}
end
@ -63,7 +61,7 @@ module Gitlab
provider_arguments.concat arguments
provider_arguments << defaults unless defaults.empty?
when Hash, GitlabSettings::Options
hash_arguments = merge_hash_defaults_and_args(defaults, arguments)
hash_arguments = arguments.deep_symbolize_keys.deep_merge(defaults)
normalized = normalize_hash_arguments(hash_arguments)
# A Hash from the configuration will be passed as is.
@ -82,13 +80,6 @@ module Gitlab
provider_arguments
end
def merge_hash_defaults_and_args(defaults, arguments)
return arguments.to_hash if defaults.empty?
return defaults.deep_merge(arguments.deep_symbolize_keys) if Feature.enabled?(:invert_omniauth_args_merging)
arguments.to_hash.deep_symbolize_keys.deep_merge(defaults)
end
def normalize_hash_arguments(args)
args.deep_symbolize_keys!

35
spec/lib/gitlab/auth/saml/config_spec.rb
View File

@ -19,41 +19,6 @@ RSpec.describe Gitlab::Auth::Saml::Config do
end
end
describe '.default_attribute_statements' do
it 'includes upstream defaults, nickname and Microsoft values' do
expect(described_class.default_attribute_statements).to match_array(
{
nickname: %w[username nickname],
name: [
'name',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
'http://schemas.microsoft.com/ws/2008/06/identity/claims/name'
],
email: [
'email',
'mail',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
'http://schemas.microsoft.com/ws/2008/06/identity/claims/emailaddress'
],
first_name: [
'first_name',
'firstname',
'firstName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname',
'http://schemas.microsoft.com/ws/2008/06/identity/claims/givenname'
],
last_name: [
'last_name',
'lastname',
'lastName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',
'http://schemas.microsoft.com/ws/2008/06/identity/claims/surname'
]
}
)
end
end
describe '#external_groups' do
let(:config_1) { described_class.new('saml1') }

117
spec/lib/gitlab/omniauth_initializer_spec.rb
View File

@ -2,9 +2,7 @@
require 'spec_helper'
RSpec.describe Gitlab::OmniauthInitializer, feature_category: :system_access do
include LoginHelpers
RSpec.describe Gitlab::OmniauthInitializer do
let(:devise_config) { class_double(Devise) }
subject(:initializer) { described_class.new(devise_config) }
@ -226,119 +224,6 @@ RSpec.describe Gitlab::OmniauthInitializer, feature_category: :system_access do
subject.execute([shibboleth_config])
end
context 'when SAML providers are configured' do
it 'configures default args for a single SAML provider' do
stub_omniauth_config(providers: [{ name: 'saml', args: { idp_sso_service_url: 'https://saml.example.com' } }])
expect(devise_config).to receive(:omniauth).with(
:saml,
{
idp_sso_service_url: 'https://saml.example.com',
attribute_statements: ::Gitlab::Auth::Saml::Config.default_attribute_statements
}
)
initializer.execute(Gitlab.config.omniauth.providers)
end
context 'when configuration provides matching keys' do
before do
stub_omniauth_config(
providers: [
{
name: 'saml',
args: { idp_sso_service_url: 'https://saml.example.com', attribute_statements: { email: ['custom_attr'] } }
}
]
)
end
it 'merges arguments with user configuration preference' do
expect(devise_config).to receive(:omniauth).with(
:saml,
{
idp_sso_service_url: 'https://saml.example.com',
attribute_statements: ::Gitlab::Auth::Saml::Config.default_attribute_statements
.merge({ email: ['custom_attr'] })
}
)
initializer.execute(Gitlab.config.omniauth.providers)
end
it 'merges arguments with defaults preference when invert_omniauth_args_merging is not enabled' do
stub_feature_flags(invert_omniauth_args_merging: false)
expect(devise_config).to receive(:omniauth).with(
:saml,
{
idp_sso_service_url: 'https://saml.example.com',
attribute_statements: ::Gitlab::Auth::Saml::Config.default_attribute_statements
}
)
initializer.execute(Gitlab.config.omniauth.providers)
end
end
it 'configures defaults args for multiple SAML providers' do
stub_omniauth_config(
providers: [
{ name: 'saml', args: { idp_sso_service_url: 'https://saml.example.com' } },
{
name: 'saml2',
args: { strategy_class: 'OmniAuth::Strategies::SAML', idp_sso_service_url: 'https://saml2.example.com' }
}
]
)
expect(devise_config).to receive(:omniauth).with(
:saml,
{
idp_sso_service_url: 'https://saml.example.com',
attribute_statements: ::Gitlab::Auth::Saml::Config.default_attribute_statements
}
)
expect(devise_config).to receive(:omniauth).with(
:saml2,
{
idp_sso_service_url: 'https://saml2.example.com',
strategy_class: OmniAuth::Strategies::SAML,
attribute_statements: ::Gitlab::Auth::Saml::Config.default_attribute_statements
}
)
initializer.execute(Gitlab.config.omniauth.providers)
end
it 'merges arguments with user configuration preference for custom SAML provider' do
stub_omniauth_config(
providers: [
{
name: 'custom_saml',
args: {
strategy_class: 'OmniAuth::Strategies::SAML',
idp_sso_service_url: 'https://saml2.example.com',
attribute_statements: { email: ['custom_attr'] }
}
}
]
)
expect(devise_config).to receive(:omniauth).with(
:custom_saml,
{
idp_sso_service_url: 'https://saml2.example.com',
strategy_class: OmniAuth::Strategies::SAML,
attribute_statements: ::Gitlab::Auth::Saml::Config.default_attribute_statements
.merge({ email: ['custom_attr'] })
}
)
initializer.execute(Gitlab.config.omniauth.providers)
end
end
it 'configures defaults for google_oauth2' do
google_config = {
'name' => 'google_oauth2',