From 518ec6b2660c55beba2833ce71b93774ed0a6c2a Mon Sep 17 00:00:00 2001
From: Patricio Cano <suprnova32@gmail.com>
Date: Tue, 5 Apr 2016 19:20:18 -0500
Subject: [PATCH] Changed config syntax and  improved how chaanges in group
 memberships are handled when external groups is set up

---
 lib/gitlab/saml/config.rb |  4 ++--
 lib/gitlab/saml/user.rb   | 39 ++++++++++++---------------------------
 2 files changed, 14 insertions(+), 29 deletions(-)

diff --git a/lib/gitlab/saml/config.rb b/lib/gitlab/saml/config.rb
index dade4c0fa6a..2b3cf840f61 100644
--- a/lib/gitlab/saml/config.rb
+++ b/lib/gitlab/saml/config.rb
@@ -9,11 +9,11 @@ module Gitlab
         end
 
         def groups
-          options['groups_attribute']
+          options[:groups_attribute]
         end
 
         def external_groups
-          options['external_groups']
+          options[:external_groups]
         end
       end
 
diff --git a/lib/gitlab/saml/user.rb b/lib/gitlab/saml/user.rb
index 14eda337d9a..6ab165cf518 100644
--- a/lib/gitlab/saml/user.rb
+++ b/lib/gitlab/saml/user.rb
@@ -7,11 +7,6 @@ module Gitlab
   module Saml
     class User < Gitlab::OAuth::User
 
-      def initialize(auth_hash)
-        super
-        update_user_attributes
-      end
-
       def save
         super('SAML')
       end
@@ -31,6 +26,18 @@ module Gitlab
           @user ||= build_new_user
         end
 
+        if external_users_enabled?
+          # Check if there is overlap between the user's groups and the external groups
+          # setting and set user as external or internal.
+          if (auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
+            # Avoid an unnecessary change of values and the subsequent save
+            @user.external = false if @user.external
+          else
+            # Avoid an unnecessary change of values and the subsequent save
+            @user.external = true unless @user.external
+          end
+        end
+
         @user
       end
 
@@ -48,16 +55,6 @@ module Gitlab
 
       protected
 
-      def build_new_user
-        user = super
-        if external_users_enabled?
-          unless (auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
-            user.external = true
-          end
-        end
-        user
-      end
-
       def auto_link_saml_user?
         Gitlab.config.omniauth.auto_link_saml_user
       end
@@ -69,18 +66,6 @@ module Gitlab
       def auth_hash=(auth_hash)
         @auth_hash = Gitlab::Saml::AuthHash.new(auth_hash)
       end
-
-      def update_user_attributes
-        if persisted?
-          if external_users_enabled?
-            if (auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
-              gl_user.external = false
-            else
-              gl_user.external = true
-            end
-          end
-        end
-      end
     end
   end
 end