From 536c321236702dd9b759831f8ce5f2bc250d43b0 Mon Sep 17 00:00:00 2001
From: Pat Thoyts <patthoyts@users.sourceforge.net>
Date: Fri, 20 Jul 2012 23:25:26 +0100
Subject: [PATCH] Report missing credentials to the Rails application.

If no username or password is provided a MissingCredentialsError is
raised which causes a Rack caught exception and a 500 Error in gitlab.
Omniauth provides a way to raise such errors to the application by
using the 'fail!' method to pass the exception to the registered
failure handler. For gitlab this is the omniauth_controller code.

This is required to resolve gitlab issue #1077.

Signed-off-by: Pat Thoyts <patthoyts@users.sourceforge.net>
---
 lib/omniauth/strategies/ldap.rb | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/omniauth/strategies/ldap.rb b/lib/omniauth/strategies/ldap.rb
index e0edce9..c28628d 100644
--- a/lib/omniauth/strategies/ldap.rb
+++ b/lib/omniauth/strategies/ldap.rb
@@ -38,13 +38,13 @@ def request_phase
       def callback_phase
         @adaptor = OmniAuth::LDAP::Adaptor.new @options
 
-        # GITLAB security patch
-        # Dont allow blank password for ldap auth
-        if request['username'].nil? || request['username'].empty? || request['password'].nil? || request['password'].empty?
-          raise MissingCredentialsError.new("Missing login credentials") 
-        end
-
         begin
+          # GITLAB security patch
+          # Dont allow blank password for ldap auth
+          if request['username'].nil? || request['username'].empty? || request['password'].nil? || request['password'].empty?
+            raise MissingCredentialsError.new("Missing login credentials")
+          end
+
           @ldap_user_info = @adaptor.bind_as(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @options[:name_proc].call(request['username'])),:size => 1, :password => request['password'])
           return fail!(:invalid_credentials) if !@ldap_user_info