summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSean McGivern <sean@mcgivern.me.uk>2017-04-26 10:00:52 +0000
committerSean McGivern <sean@mcgivern.me.uk>2017-04-26 10:00:52 +0000
commitad571dc4047238e8981317c06e9cf34f96a1240a (patch)
tree99f3acfe1bf82b389ccc2dcd03bfcbf8e71aba6a
parent8400d7181638c26e51bea4e2815feaec262080fc (diff)
parent3e10797d66671172a19ab74583f72f085b713fa1 (diff)
downloadgitlab-ce-ad571dc4047238e8981317c06e9cf34f96a1240a.tar.gz
Merge branch '31294-fix-oauth-users-do-not-need-to-be-confirmed' into '9-1-stable'
Ensures that OAuth/LDAP/SAML users don't need to be confirmed See merge request !10925
-rw-r--r--app/services/users/create_service.rb25
-rw-r--r--changelogs/unreleased/31294-fix-ldap-user-not-confirmed.yml4
-rw-r--r--spec/lib/gitlab/ldap/user_spec.rb13
-rw-r--r--spec/lib/gitlab/o_auth/user_spec.rb15
-rw-r--r--spec/lib/gitlab/saml/user_spec.rb13
5 files changed, 61 insertions, 9 deletions
diff --git a/app/services/users/create_service.rb b/app/services/users/create_service.rb
index ee28bd7178a..064c3df4601 100644
--- a/app/services/users/create_service.rb
+++ b/app/services/users/create_service.rb
@@ -9,15 +9,13 @@ module Users
def build(skip_authorization: false)
raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_create_user?
- user = User.new(build_user_params)
+ user_params = build_user_params(skip_authorization: skip_authorization)
+ user = User.new(user_params)
if current_user&.admin?
- if params[:reset_password]
- @reset_token = user.generate_reset_token
- params[:force_random_password] = true
- end
+ @reset_token = user.generate_reset_token if params[:reset_password]
- if params[:force_random_password]
+ if user_params[:force_random_password]
random_password = Devise.friendly_token.first(Devise.password_length.min)
user.password = user.password_confirmation = random_password
end
@@ -93,7 +91,7 @@ module Users
]
end
- def build_user_params
+ def build_user_params(skip_authorization:)
if current_user&.admin?
user_params = params.slice(*admin_create_params)
user_params[:created_by_id] = current_user&.id
@@ -102,11 +100,20 @@ module Users
user_params.merge!(force_random_password: true, password_expires_at: nil)
end
else
- user_params = params.slice(*signup_params)
- user_params[:skip_confirmation] = !current_application_settings.send_user_confirmation_email
+ allowed_signup_params = signup_params
+ allowed_signup_params << :skip_confirmation if skip_authorization
+
+ user_params = params.slice(*allowed_signup_params)
+ if user_params[:skip_confirmation].nil?
+ user_params[:skip_confirmation] = skip_user_confirmation_email_from_setting
+ end
end
user_params
end
+
+ def skip_user_confirmation_email_from_setting
+ !current_application_settings.send_user_confirmation_email
+ end
end
end
diff --git a/changelogs/unreleased/31294-fix-ldap-user-not-confirmed.yml b/changelogs/unreleased/31294-fix-ldap-user-not-confirmed.yml
new file mode 100644
index 00000000000..6d18a4191fa
--- /dev/null
+++ b/changelogs/unreleased/31294-fix-ldap-user-not-confirmed.yml
@@ -0,0 +1,4 @@
+---
+title: Ensures that OAuth/LDAP/SAML users don't need to be confirmed
+merge_request:
+author:
diff --git a/spec/lib/gitlab/ldap/user_spec.rb b/spec/lib/gitlab/ldap/user_spec.rb
index 65a304d1468..f4aab429931 100644
--- a/spec/lib/gitlab/ldap/user_spec.rb
+++ b/spec/lib/gitlab/ldap/user_spec.rb
@@ -120,6 +120,19 @@ describe Gitlab::LDAP::User, lib: true do
expect(gl_user).to be_persisted
end
end
+
+ context 'when user confirmation email is enabled' do
+ before do
+ stub_application_setting send_user_confirmation_email: true
+ end
+
+ it 'creates and confirms the user anyway' do
+ ldap_user.save
+
+ expect(gl_user).to be_persisted
+ expect(gl_user).to be_confirmed
+ end
+ end
end
describe 'updating email' do
diff --git a/spec/lib/gitlab/o_auth/user_spec.rb b/spec/lib/gitlab/o_auth/user_spec.rb
index 6d3ac62d9e9..828c953197d 100644
--- a/spec/lib/gitlab/o_auth/user_spec.rb
+++ b/spec/lib/gitlab/o_auth/user_spec.rb
@@ -54,6 +54,21 @@ describe Gitlab::OAuth::User, lib: true do
end
end
+ context 'when user confirmation email is enabled' do
+ before do
+ stub_application_setting send_user_confirmation_email: true
+ end
+
+ it 'creates and confirms the user anyway' do
+ stub_omniauth_config(allow_single_sign_on: ['twitter'])
+
+ oauth_user.save
+
+ expect(gl_user).to be_persisted
+ expect(gl_user).to be_confirmed
+ end
+ end
+
it 'marks user as having password_automatically_set' do
stub_omniauth_config(allow_single_sign_on: ['twitter'], external_providers: ['twitter'])
diff --git a/spec/lib/gitlab/saml/user_spec.rb b/spec/lib/gitlab/saml/user_spec.rb
index b3b76a6d629..b106d156b75 100644
--- a/spec/lib/gitlab/saml/user_spec.rb
+++ b/spec/lib/gitlab/saml/user_spec.rb
@@ -223,6 +223,19 @@ describe Gitlab::Saml::User, lib: true do
expect(gl_user).to be_persisted
end
end
+
+ context 'when user confirmation email is enabled' do
+ before do
+ stub_application_setting send_user_confirmation_email: true
+ end
+
+ it 'creates and confirms the user anyway' do
+ saml_user.save
+
+ expect(gl_user).to be_persisted
+ expect(gl_user).to be_confirmed
+ end
+ end
end
describe 'blocking' do