diff options
| author | Douwe Maan <douwe@selenight.nl> | 2017-04-24 16:12:14 -0500 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2017-04-25 12:00:07 +0200 |
| commit | f4b30c6d3756758f76991919ffa451f083437b3e (patch) | |
| tree | 22f1f86ed4c3ff99c5b65a65908c6506c8f75c66 | |
| parent | 7d10817c110278cd18ada01ce8b31bda58cc1abe (diff) | |
| download | gitlab-ce-rc/dm-fix-oauth-user-creation-9-1-stable.tar.gz | |
Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabledrc/dm-fix-oauth-user-creation-9-1-stable
Signed-off-by: Rémy Coutable <remy@rymai.me>
| -rw-r--r-- | app/services/users/create_service.rb | 8 | ||||
| -rw-r--r-- | changelogs/unreleased/dm-fix-oauth-user-creation.yml | 4 | ||||
| -rw-r--r-- | lib/gitlab/o_auth/user.rb | 2 | ||||
| -rw-r--r-- | spec/lib/gitlab/ldap/user_spec.rb | 12 | ||||
| -rw-r--r-- | spec/lib/gitlab/o_auth/user_spec.rb | 14 | ||||
| -rw-r--r-- | spec/lib/gitlab/saml/user_spec.rb | 12 |
6 files changed, 47 insertions, 5 deletions
diff --git a/app/services/users/create_service.rb b/app/services/users/create_service.rb index 93ca7b1141a..ee28bd7178a 100644 --- a/app/services/users/create_service.rb +++ b/app/services/users/create_service.rb @@ -6,8 +6,8 @@ module Users @params = params.dup end - def build - raise Gitlab::Access::AccessDeniedError unless can_create_user? + def build(skip_authorization: false) + raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_create_user? user = User.new(build_user_params) @@ -32,8 +32,8 @@ module Users user end - def execute - user = build + def execute(skip_authorization: false) + user = build(skip_authorization: skip_authorization) if user.save log_info("User \"#{user.name}\" (#{user.email}) was created") diff --git a/changelogs/unreleased/dm-fix-oauth-user-creation.yml b/changelogs/unreleased/dm-fix-oauth-user-creation.yml new file mode 100644 index 00000000000..161b114394a --- /dev/null +++ b/changelogs/unreleased/dm-fix-oauth-user-creation.yml @@ -0,0 +1,4 @@ +--- +title: Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled +merge_request: +author: diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb index f98481c6d3a..cdcb21d194c 100644 --- a/lib/gitlab/o_auth/user.rb +++ b/lib/gitlab/o_auth/user.rb @@ -148,7 +148,7 @@ module Gitlab def build_new_user user_params = user_attributes.merge(extern_uid: auth_hash.uid, provider: auth_hash.provider, skip_confirmation: true) - Users::CreateService.new(nil, user_params).build + Users::CreateService.new(nil, user_params).build(skip_authorization: true) end def user_attributes diff --git a/spec/lib/gitlab/ldap/user_spec.rb b/spec/lib/gitlab/ldap/user_spec.rb index 346cf0d117c..65a304d1468 100644 --- a/spec/lib/gitlab/ldap/user_spec.rb +++ b/spec/lib/gitlab/ldap/user_spec.rb @@ -108,6 +108,18 @@ describe Gitlab::LDAP::User, lib: true do it "creates a new user if not found" do expect{ ldap_user.save }.to change{ User.count }.by(1) end + + context 'when signup is disabled' do + before do + stub_application_setting signup_enabled: false + end + + it 'creates the user' do + ldap_user.save + + expect(gl_user).to be_persisted + end + end end describe 'updating email' do diff --git a/spec/lib/gitlab/o_auth/user_spec.rb b/spec/lib/gitlab/o_auth/user_spec.rb index 8f09266c3b3..6d3ac62d9e9 100644 --- a/spec/lib/gitlab/o_auth/user_spec.rb +++ b/spec/lib/gitlab/o_auth/user_spec.rb @@ -40,6 +40,20 @@ describe Gitlab::OAuth::User, lib: true do let(:provider) { 'twitter' } describe 'signup' do + context 'when signup is disabled' do + before do + stub_application_setting signup_enabled: false + end + + it 'creates the user' do + stub_omniauth_config(allow_single_sign_on: ['twitter']) + + oauth_user.save + + expect(gl_user).to be_persisted + end + end + it 'marks user as having password_automatically_set' do stub_omniauth_config(allow_single_sign_on: ['twitter'], external_providers: ['twitter']) diff --git a/spec/lib/gitlab/saml/user_spec.rb b/spec/lib/gitlab/saml/user_spec.rb index 4f6ef3c10fc..b3b76a6d629 100644 --- a/spec/lib/gitlab/saml/user_spec.rb +++ b/spec/lib/gitlab/saml/user_spec.rb @@ -211,6 +211,18 @@ describe Gitlab::Saml::User, lib: true do end end end + + context 'when signup is disabled' do + before do + stub_application_setting signup_enabled: false + end + + it 'creates the user' do + saml_user.save + + expect(gl_user).to be_persisted + end + end end describe 'blocking' do |