Merge branch '31294-fix-oauth-users-do-not-need-to-be-confirmed-master' into 'master'

Ensures that OAuth/LDAP/SAML users don't need to be confirmed Closes #31294 See merge request !10926
author: Sean McGivern <sean@mcgivern.me.uk> 2017-04-26 09:19:30 +0000
committer: Sean McGivern <sean@mcgivern.me.uk> 2017-04-26 09:19:30 +0000
commit: 8c22045ec0a2401d4629d8e59dadc0180c5a137b (patch)
tree: d062346b3509aae411e7023ecba721790dacf5c2
parent: 3c6fad64296738239582ad449bb202cfd99ba7ff (diff)
parent: aa54bb7e5a247e98efa95ad810503579eb3d0cbc (diff)
download: gitlab-ce-8c22045ec0a2401d4629d8e59dadc0180c5a137b.tar.gz
4 files changed, 57 insertions, 9 deletions
diff --git a/app/services/users/build_service.rb b/app/services/users/build_service.rb
index d2a1c161026..363135ef09b 100644
--- a/app/services/users/build_service.rb
+++ b/app/services/users/build_service.rb
@@ -9,15 +9,13 @@ module Users
     def execute(skip_authorization: false)
       raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_create_user?
 
-      user = User.new(build_user_params)
+      user_params = build_user_params(skip_authorization: skip_authorization)
+      user = User.new(user_params)
 
       if current_user&.admin?
-        if params[:reset_password]
-          user.generate_reset_token
-          params[:force_random_password] = true
-        end
+        @reset_token = user.generate_reset_token if params[:reset_password]
 
-        if params[:force_random_password]
+        if user_params[:force_random_password]
           random_password = Devise.friendly_token.first(Devise.password_length.min)
           user.password = user.password_confirmation = random_password
         end
@@ -81,7 +79,7 @@ module Users
       ]
     end
 
-    def build_user_params
+    def build_user_params(skip_authorization:)
       if current_user&.admin?
         user_params = params.slice(*admin_create_params)
         user_params[:created_by_id] = current_user&.id
@@ -90,11 +88,20 @@ module Users
           user_params.merge!(force_random_password: true, password_expires_at: nil)
         end
       else
-        user_params = params.slice(*signup_params)
-        user_params[:skip_confirmation] = !current_application_settings.send_user_confirmation_email
+        allowed_signup_params = signup_params
+        allowed_signup_params << :skip_confirmation if skip_authorization
+
+        user_params = params.slice(*allowed_signup_params)
+        if user_params[:skip_confirmation].nil?
+          user_params[:skip_confirmation] = skip_user_confirmation_email_from_setting
+        end
       end
 
       user_params
     end
+
+    def skip_user_confirmation_email_from_setting
+      !current_application_settings.send_user_confirmation_email
+    end
   end
 end
diff --git a/spec/lib/gitlab/ldap/user_spec.rb b/spec/lib/gitlab/ldap/user_spec.rb
index 65a304d1468..f4aab429931 100644
--- a/spec/lib/gitlab/ldap/user_spec.rb
+++ b/spec/lib/gitlab/ldap/user_spec.rb
@@ -120,6 +120,19 @@ describe Gitlab::LDAP::User, lib: true do
         expect(gl_user).to be_persisted
       end
     end
+
+    context 'when user confirmation email is enabled' do
+      before do
+        stub_application_setting send_user_confirmation_email: true
+      end
+
+      it 'creates and confirms the user anyway' do
+        ldap_user.save
+
+        expect(gl_user).to be_persisted
+        expect(gl_user).to be_confirmed
+      end
+    end
   end
 
   describe 'updating email' do
diff --git a/spec/lib/gitlab/o_auth/user_spec.rb b/spec/lib/gitlab/o_auth/user_spec.rb
index 6d3ac62d9e9..828c953197d 100644
--- a/spec/lib/gitlab/o_auth/user_spec.rb
+++ b/spec/lib/gitlab/o_auth/user_spec.rb
@@ -54,6 +54,21 @@ describe Gitlab::OAuth::User, lib: true do
         end
       end
 
+      context 'when user confirmation email is enabled' do
+        before do
+          stub_application_setting send_user_confirmation_email: true
+        end
+
+        it 'creates and confirms the user anyway' do
+          stub_omniauth_config(allow_single_sign_on: ['twitter'])
+
+          oauth_user.save
+
+          expect(gl_user).to be_persisted
+          expect(gl_user).to be_confirmed
+        end
+      end
+
       it 'marks user as having password_automatically_set' do
         stub_omniauth_config(allow_single_sign_on: ['twitter'], external_providers: ['twitter'])
 
diff --git a/spec/lib/gitlab/saml/user_spec.rb b/spec/lib/gitlab/saml/user_spec.rb
index b3b76a6d629..b106d156b75 100644
--- a/spec/lib/gitlab/saml/user_spec.rb
+++ b/spec/lib/gitlab/saml/user_spec.rb
@@ -223,6 +223,19 @@ describe Gitlab::Saml::User, lib: true do
           expect(gl_user).to be_persisted
         end
       end
+
+      context 'when user confirmation email is enabled' do
+        before do
+          stub_application_setting send_user_confirmation_email: true
+        end
+
+        it 'creates and confirms the user anyway' do
+          saml_user.save
+
+          expect(gl_user).to be_persisted
+          expect(gl_user).to be_confirmed
+        end
+      end
     end
 
     describe 'blocking' do
author	Sean McGivern <sean@mcgivern.me.uk>	2017-04-26 09:19:30 +0000
committer	Sean McGivern <sean@mcgivern.me.uk>	2017-04-26 09:19:30 +0000
commit	8c22045ec0a2401d4629d8e59dadc0180c5a137b (patch)
tree	d062346b3509aae411e7023ecba721790dacf5c2
parent	3c6fad64296738239582ad449bb202cfd99ba7ff (diff)
parent	aa54bb7e5a247e98efa95ad810503579eb3d0cbc (diff)
download	gitlab-ce-8c22045ec0a2401d4629d8e59dadc0180c5a137b.tar.gz