From ec4df3a82fb056fbf0bc8dd4bd13fffea5b3e5b0 Mon Sep 17 00:00:00 2001
From: Alexander Trost <galexrt@googlemail.com>
Date: Wed, 2 Jan 2019 12:32:39 +0100
Subject: [PATCH] Added OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME

Signed-off-by: Alexander Trost <galexrt@googlemail.com>
---
 README.md                                 |  1 +
 assets/runtime/config/gitlabhq/gitlab.yml |  3 ++-
 assets/runtime/env-defaults               |  1 +
 assets/runtime/functions                  | 17 ++++++++++-------
 contrib/docker-swarm/docker-compose.yml   |  1 +
 docker-compose.yml                        |  1 +
 docs/s3_compatible_storage.md             |  2 +-
 7 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index ed326b9a..aafae2fa 100644
--- a/README.md
+++ b/README.md
@@ -1050,6 +1050,7 @@ Below is the complete list of available options that can be used to customize yo
 | `OAUTH_SAML_GROUPS_ATTRIBUTE` | Map groups attribute in a SAMLResponse to external groups. No defaults. |
 | `OAUTH_SAML_EXTERNAL_GROUPS` | List of external groups in a SAMLResponse. Value is comma separated list of single quoted groups. Example: `'group1','group2'`. No defaults. |
 | `OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL` | Map 'email' attribute name in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. |
+| `OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME` | Map 'username' attribute in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. |
 | `OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME` | Map 'name' attribute in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. |
 | `OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME` | Map 'first_name' attribute in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. |
 | `OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME` | Map 'last_name' attribute in a SAMLResponse to entries in the OmniAuth info hash, No defaults. See [GitLab documentation](http://doc.gitlab.com/ce/integration/saml.html#attribute_statements) for more details. |
diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml
index 863105cb..5fd56812 100644
--- a/assets/runtime/config/gitlabhq/gitlab.yml
+++ b/assets/runtime/config/gitlabhq/gitlab.yml
@@ -158,7 +158,7 @@ production: &base
     object_store:
       enabled: {{GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED}}
       remote_directory: {{GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY}} # The bucket name
-      direct_upload: {{GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD}} # Set to true to enable direct upload of Artifacts without the need of local shared storage. 
+      direct_upload: {{GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD}} # Set to true to enable direct upload of Artifacts without the need of local shared storage.
       background_upload: {{GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true)
       proxy_download: {{GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
       connection:
@@ -516,6 +516,7 @@ production: &base
                   attribute_statements: {
                     first_name: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME}}'],
                     last_name: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME}}'],
+                    username: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME}}'],
                     name: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME}}'],
                     email: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL}}'] },
                   name_identifier_format: '{{OAUTH_SAML_NAME_IDENTIFIER_FORMAT}}' } }
diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults
index 17a0fbc8..cf574b17 100644
--- a/assets/runtime/env-defaults
+++ b/assets/runtime/env-defaults
@@ -382,6 +382,7 @@ OAUTH_SAML_GROUPS_ATTRIBUTE=${OAUTH_SAML_GROUPS_ATTRIBUTE:-}
 OAUTH_SAML_EXTERNAL_GROUPS=${OAUTH_SAML_EXTERNAL_GROUPS:-}
 OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL:-}
 OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME:-}
+OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME:-}
 OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME:-}
 OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME:-}
 
diff --git a/assets/runtime/functions b/assets/runtime/functions
index 316c3e63..6ce2312d 100644
--- a/assets/runtime/functions
+++ b/assets/runtime/functions
@@ -598,6 +598,9 @@ gitlab_configure_oauth_saml_attribute_statements() {
       OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME \
       OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME
     # Remove undefined optional attributes
+    exec_as_git sed -i "/email: \\[''\\],/d" ${GITLAB_CONFIG}
+    exec_as_git sed -i "/name: \\[''\\],/d" ${GITLAB_CONFIG}
+    exec_as_git sed -i "/username: \\[''\\],/d" ${GITLAB_CONFIG}
     exec_as_git sed -i "/first_name: \\[''\\],/d" ${GITLAB_CONFIG}
     exec_as_git sed -i "/last_name: \\[''\\],/d" ${GITLAB_CONFIG}
   else
@@ -791,7 +794,7 @@ gitlab_configure_backups_schedule() {
         esac
         if [[ -n ${GITLAB_BACKUP_DIR_GROUP} ]]; then
             echo "$min $hour $day_of_month $month $day_of_week /bin/bash -l -c 'cd ${GITLAB_INSTALL_DIR} && bundle exec rake gitlab:backup:create SKIP=${GITLAB_BACKUP_SKIP} DIRECTORY=${GITLAB_BACKUP_DIR_GROUP} RAILS_ENV=${RAILS_ENV}'" >> /tmp/cron.${GITLAB_USER}
-        else 
+        else
             echo "$min $hour $day_of_month $month $day_of_week /bin/bash -l -c 'cd ${GITLAB_INSTALL_DIR} && bundle exec rake gitlab:backup:create SKIP=${GITLAB_BACKUP_SKIP} RAILS_ENV=${RAILS_ENV}'" >> /tmp/cron.${GITLAB_USER}
         fi
         crontab -u ${GITLAB_USER} /tmp/cron.${GITLAB_USER}
@@ -972,7 +975,7 @@ gitlab_configure_artifacts() {
       GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST \
       GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT \
       GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE
-  else 
+  else
    exec_as_git sed -i -e "/path: {{GITLAB_ARTIFACTS_DIR}}/{n;N;N;N;N;N;N;N;N;N;N;N;N;N;d;}" ${GITLAB_CONFIG}
   fi
 
@@ -998,7 +1001,7 @@ gitlab_configure_lfs() {
       GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST \
       GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT \
       GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE
-  else 
+  else
     exec_as_git sed -i -e "/path: {{GITLAB_LFS_OBJECTS_DIR}}/{n;N;N;N;N;N;N;N;N;N;N;N;N;N;d;}"  ${GITLAB_CONFIG}
   fi
 
@@ -1024,14 +1027,14 @@ gitlab_configure_uploads() {
       GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST \
       GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT \
       GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE
-  else 
+  else
    exec_as_git sed -i -e "/base_dir: {{GITLAB_UPLOADS_BASE_DIR}}/{n;N;N;N;N;N;N;N;N;N;N;N;N;N;d;}"  ${GITLAB_CONFIG}
   fi
 
   echo "Configuring gitlab::uploads..."
   update_template ${GITLAB_CONFIG} \
     GITLAB_UPLOADS_STORAGE_PATH \
-    GITLAB_UPLOADS_BASE_DIR  
+    GITLAB_UPLOADS_BASE_DIR
 }
 
 gitlab_configure_mattermost() {
@@ -1227,7 +1230,7 @@ nginx_configure_pages(){
           GITLAB_PAGES_DOMAIN \
           GITLAB_LOG_DIR
       fi
-    else 
+    else
       echo "Gitlab pages nginx proxy disabled"
       echo "Assuming custom domain setup with own HTTP(S) load balancer'"
     fi
@@ -1550,7 +1553,7 @@ configure_gitlab() {
     GITLAB_PROJECTS_LIMIT \
     GITLAB_USERNAME_CHANGE \
     GITLAB_DEFAULT_THEME \
-    GITLAB_CREATE_GROUP 
+    GITLAB_CREATE_GROUP
 
   gitlab_configure_database
   gitlab_configure_redis
diff --git a/contrib/docker-swarm/docker-compose.yml b/contrib/docker-swarm/docker-compose.yml
index 0d20c4cb..5779985d 100644
--- a/contrib/docker-swarm/docker-compose.yml
+++ b/contrib/docker-swarm/docker-compose.yml
@@ -138,6 +138,7 @@ services:
     - OAUTH_SAML_EXTERNAL_GROUPS=
     - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
     - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
+    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=
     - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
     - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 06f6d5c6..fe2e3321 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -134,6 +134,7 @@ services:
     - OAUTH_SAML_EXTERNAL_GROUPS=
     - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
     - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
+    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=
     - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
     - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
 
diff --git a/docs/s3_compatible_storage.md b/docs/s3_compatible_storage.md
index adb4126f..d876cc7a 100644
--- a/docs/s3_compatible_storage.md
+++ b/docs/s3_compatible_storage.md
@@ -184,6 +184,7 @@ services:
     - OAUTH_SAML_EXTERNAL_GROUPS=
     - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
     - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
+    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=
     - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
     - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
     - OAUTH_CROWD_SERVER_URL=
@@ -236,4 +237,3 @@ To avoid user interaction in the restore operation, specify the timestamp of the
 docker run --name gitlab -it --rm [OPTIONS] \
     sameersbn/gitlab:8.16.4 app:rake gitlab:backup:restore BACKUP=1417624827
 ```
-