Merge branch 'dm-fix-oauth-user-creation' into 'master'

Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled Closes #31294 See merge request !10896
2017-04-25 15:56:48 +00:00 · 2017-04-25 15:56:48 +00:00 · b93cc690b0
commit b93cc690b0
parent 95bf03063d d7e2ac7293
7 changed files with 47 additions and 5 deletions
--- a/app/services/users/build_service.rb
+++ b/app/services/users/build_service.rb
@ -6,8 +6,8 @@ module Users
      @params = params.dup
    end

-    def execute
-      raise Gitlab::Access::AccessDeniedError unless can_create_user?
+    def execute(skip_authorization: false)
+      raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_create_user?

      user = User.new(build_user_params)

--- a/app/services/users/create_service.rb
+++ b/app/services/users/create_service.rb
@ -6,8 +6,8 @@ module Users
      @params = params.dup
    end

-    def execute
-      user = Users::BuildService.new(current_user, params).execute
+    def execute(skip_authorization: false)
+      user = Users::BuildService.new(current_user, params).execute(skip_authorization: skip_authorization)

      @reset_token = user.generate_reset_token if user.recently_sent_password_reset?

--- a/changelogs/unreleased/dm-fix-oauth-user-creation.yml
+++ b/changelogs/unreleased/dm-fix-oauth-user-creation.yml
@ -0,0 +1,4 @@
+---
+title: Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled
+merge_request:
+author:
--- a/lib/gitlab/o_auth/user.rb
+++ b/lib/gitlab/o_auth/user.rb
@ -148,7 +148,7 @@ module Gitlab

      def build_new_user
        user_params = user_attributes.merge(extern_uid: auth_hash.uid, provider: auth_hash.provider, skip_confirmation: true)
-        Users::BuildService.new(nil, user_params).execute
+        Users::BuildService.new(nil, user_params).execute(skip_authorization: true)
      end

      def user_attributes
--- a/spec/lib/gitlab/ldap/user_spec.rb
+++ b/spec/lib/gitlab/ldap/user_spec.rb
@ -108,6 +108,18 @@ describe Gitlab::LDAP::User, lib: true do
    it "creates a new user if not found" do
      expect{ ldap_user.save }.to change{ User.count }.by(1)
    end
+
+    context 'when signup is disabled' do
+      before do
+        stub_application_setting signup_enabled: false
+      end
+
+      it 'creates the user' do
+        ldap_user.save
+
+        expect(gl_user).to be_persisted
+      end
+    end
  end

  describe 'updating email' do
--- a/spec/lib/gitlab/o_auth/user_spec.rb
+++ b/spec/lib/gitlab/o_auth/user_spec.rb
@ -40,6 +40,20 @@ describe Gitlab::OAuth::User, lib: true do
    let(:provider) { 'twitter' }

    describe 'signup' do
+      context 'when signup is disabled' do
+        before do
+          stub_application_setting signup_enabled: false
+        end
+
+        it 'creates the user' do
+          stub_omniauth_config(allow_single_sign_on: ['twitter'])
+
+          oauth_user.save
+
+          expect(gl_user).to be_persisted
+        end
+      end
+
      it 'marks user as having password_automatically_set' do
        stub_omniauth_config(allow_single_sign_on: ['twitter'], external_providers: ['twitter'])

--- a/spec/lib/gitlab/saml/user_spec.rb
+++ b/spec/lib/gitlab/saml/user_spec.rb
@ -211,6 +211,18 @@ describe Gitlab::Saml::User, lib: true do
          end
        end
      end
+
+      context 'when signup is disabled' do
+        before do
+          stub_application_setting signup_enabled: false
+        end
+
+        it 'creates the user' do
+          saml_user.save
+
+          expect(gl_user).to be_persisted
+        end
+      end
    end

    describe 'blocking' do