Merge remote-tracking branch 'upstream/master' into test-pg-mysql

* upstream/master: (127 commits)
  Fixed up issue boards JS specs
  Implement new service for creating user
  Add Changelog entry for pipeline retry fix
  Do not retry jobs multiple times when retrying a pipeline
  Update sentry-raven 2.0.2 -> 2.4.0
  Update webmock 1.21.0 -> 1.24.6
  Update spring 1.7.2 -> 2.0.1
  Update simplecov 0.12.0 -> 0.14.1
  Update pry-rails 0.3.4 -> 0.3.5
  Update pry-byebug 3.4.1 -> 3.4.2
  Update flay 2.6.1 -> 2.8.1
  Optimize labels finder query
  Remove Tags filter from Projects Explore dropdown
  Update capybara-screenshot 1.0.11 -> 1.0.14
  Update bullet 5.2.0 -> 5.5.1
  Update brakeman 3.4.1 -> 3.6.1
  Remove web-console gem
  Update better_errors 1.0.1 -> 2.1.1
  Display flash message to unauthenticated user when creating new issue
  Activate group name toggle based on horizontal space
  ...

1 files changed, 110 insertions, 0 deletions

diff --git a/app/services/users/create_service.rb b/app/services/users/create_service.rb
new file mode 100644
index 00000000000..f4f0b80f30a
--- /dev/null
+++ b/app/services/users/create_service.rb
@@ -0,0 +1,110 @@
+module Users
+  # Service for creating a new user.
+  class CreateService < BaseService
+    def initialize(current_user, params = {})
+      @current_user = current_user
+      @params = params.dup
+    end
+
+    def build
+      raise Gitlab::Access::AccessDeniedError unless can_create_user?
+
+      user = User.new(build_user_params)
+
+      if current_user&.is_admin?
+        if params[:reset_password]
+          @reset_token = user.generate_reset_token
+          params[:force_random_password] = true
+        end
+
+        if params[:force_random_password]
+          random_password = Devise.friendly_token.first(Devise.password_length.min)
+          user.password = user.password_confirmation = random_password
+        end
+      end
+
+      identity_attrs = params.slice(:extern_uid, :provider)
+
+      if identity_attrs.any?
+        user.identities.build(identity_attrs)
+      end
+
+      user
+    end
+
+    def execute
+      user = build
+
+      if user.save
+        log_info("User \"#{user.name}\" (#{user.email}) was created")
+        notification_service.new_user(user, @reset_token) if @reset_token
+        system_hook_service.execute_hooks_for(user, :create)
+      end
+
+      user
+    end
+
+    private
+
+    def can_create_user?
+      (current_user.nil? && current_application_settings.signup_enabled?) || current_user&.is_admin?
+    end
+
+    # Allowed params for creating a user (admins only)
+    def admin_create_params
+      [
+        :access_level,
+        :admin,
+        :avatar,
+        :bio,
+        :can_create_group,
+        :color_scheme_id,
+        :email,
+        :external,
+        :force_random_password,
+        :hide_no_password,
+        :hide_no_ssh_key,
+        :key_id,
+        :linkedin,
+        :name,
+        :password,
+        :password_expires_at,
+        :projects_limit,
+        :remember_me,
+        :skip_confirmation,
+        :skype,
+        :theme_id,
+        :twitter,
+        :username,
+        :website_url
+      ]
+    end
+
+    # Allowed params for user signup
+    def signup_params
+      [
+        :email,
+        :email_confirmation,
+        :name,
+        :password,
+        :username
+      ]
+    end
+
+    def build_user_params
+      if current_user&.is_admin?
+        user_params = params.slice(*admin_create_params)
+        user_params[:created_by_id] = current_user.id
+
+        if params[:reset_password]
+          user_params.merge!(force_random_password: true, password_expires_at: nil)
+        end
+      else
+        user_params = params.slice(*signup_params)
+        user_params[:skip_confirmation] = !current_application_settings.send_user_confirmation_email
+      end
+
+      user_params
+    end
+  end
+end