Inlude the password_automatically_check param as permitted config in the user create_service

This param is passed to service in two places, one is in the build_user for non ldap oauth users. And the other is in the initial production admin user seed data.

Without this change, when setting up GitLab in a production environment, you were not being given the option of setting the root password on initial setup in the UI.

app/services/users/create_service.rb

@@ -62,6 +62,7 @@ module Users
         :email,
         :external,
         :force_random_password,
+        :password_automatically_set,
         :hide_no_password,
         :hide_no_ssh_key,
         :key_id,
@@ -85,6 +86,7 @@ module Users
       [
         :email,
         :email_confirmation,
+        :password_automatically_set,
         :name,
         :password,
         :username

spec/lib/gitlab/o_auth/user_spec.rb

@@ -40,6 +40,15 @@ describe Gitlab::OAuth::User, lib: true do
     let(:provider) { 'twitter' }
 
     describe 'signup' do
+      it 'marks user as having password_automatically_set' do
+        stub_omniauth_config(allow_single_sign_on: ['twitter'], external_providers: ['twitter'])
+
+        oauth_user.save
+
+        expect(gl_user).to be_persisted
+        expect(gl_user).to be_password_automatically_set
+      end
+
       shared_examples 'to verify compliance with allow_single_sign_on' do
         context 'provider is marked as external' do
           it 'marks user as external' do

spec/services/users/create_service_spec.rb

@@ -122,6 +122,32 @@ describe Users::CreateService, services: true do
         end
       end
 
+      context 'when password_automatically_set parameter is true' do
+        let(:params) do
+          {
+            name: 'John Doe',
+            username: 'jduser',
+            email: 'jd@example.com',
+            password: 'mydummypass',
+            password_automatically_set: true
+          }
+        end
+
+        it 'persists the given attributes' do
+          user = service.execute
+          user.reload
+
+          expect(user).to have_attributes(
+            name: params[:name],
+            username: params[:username],
+            email: params[:email],
+            password: params[:password],
+            created_by_id: admin_user.id,
+            password_automatically_set: params[:password_automatically_set]
+          )
+        end
+      end
+
       context 'when skip_confirmation parameter is true' do
         let(:params) do
           { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: 'mydummypass', skip_confirmation: true }