diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-21 07:08:36 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-21 07:08:36 +0000 |
commit | 48aff82709769b098321c738f3444b9bdaa694c6 (patch) | |
tree | e00c7c43e2d9b603a5a6af576b1685e400410dee /app/services/users | |
parent | 879f5329ee916a948223f8f43d77fba4da6cd028 (diff) | |
download | gitlab-ce-48aff82709769b098321c738f3444b9bdaa694c6.tar.gz |
Add latest changes from gitlab-org/gitlab@13-5-stable-eev13.5.0-rc42
Diffstat (limited to 'app/services/users')
-rw-r--r-- | app/services/users/approve_service.rb | 37 | ||||
-rw-r--r-- | app/services/users/block_service.rb | 2 | ||||
-rw-r--r-- | app/services/users/build_service.rb | 3 | ||||
-rw-r--r-- | app/services/users/destroy_service.rb | 2 | ||||
-rw-r--r-- | app/services/users/validate_otp_service.rb | 25 |
5 files changed, 67 insertions, 2 deletions
diff --git a/app/services/users/approve_service.rb b/app/services/users/approve_service.rb new file mode 100644 index 00000000000..228cfbd6947 --- /dev/null +++ b/app/services/users/approve_service.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +module Users + class ApproveService < BaseService + def initialize(current_user) + @current_user = current_user + end + + def execute(user) + return error(_('You are not allowed to approve a user')) unless allowed? + return error(_('The user you are trying to approve is not pending an approval')) unless approval_required?(user) + + if user.activate + # Resends confirmation email if the user isn't confirmed yet. + # Please see Devise's implementation of `resend_confirmation_instructions` for detail. + user.resend_confirmation_instructions + user.accept_pending_invitations! if user.active_for_authentication? + + success + else + error(user.errors.full_messages.uniq.join('. ')) + end + end + + private + + attr_reader :current_user + + def allowed? + can?(current_user, :approve_user) + end + + def approval_required?(user) + user.blocked_pending_approval? + end + end +end diff --git a/app/services/users/block_service.rb b/app/services/users/block_service.rb index 041db731875..8513664ee85 100644 --- a/app/services/users/block_service.rb +++ b/app/services/users/block_service.rb @@ -7,6 +7,8 @@ module Users end def execute(user) + return error('An internal user cannot be blocked', 403) if user.internal? + if user.block after_block_hook(user) success diff --git a/app/services/users/build_service.rb b/app/services/users/build_service.rb index 2fc46f033dd..e3f02bf85f0 100644 --- a/app/services/users/build_service.rb +++ b/app/services/users/build_service.rb @@ -104,7 +104,6 @@ module Users def build_user_params(skip_authorization:) if current_user&.admin? user_params = params.slice(*admin_create_params) - user_params[:created_by_id] = current_user&.id if params[:reset_password] user_params.merge!(force_random_password: true, password_expires_at: nil) @@ -125,6 +124,8 @@ module Users end end + user_params[:created_by_id] = current_user&.id + if user_default_internal_regex_enabled? && !user_params.key?(:external) user_params[:external] = user_external? end diff --git a/app/services/users/destroy_service.rb b/app/services/users/destroy_service.rb index 436d4fb3985..613d2e4ad82 100644 --- a/app/services/users/destroy_service.rb +++ b/app/services/users/destroy_service.rb @@ -26,7 +26,7 @@ module Users def execute(user, options = {}) delete_solo_owned_groups = options.fetch(:delete_solo_owned_groups, options[:hard_delete]) - unless Ability.allowed?(current_user, :destroy_user, user) + unless Ability.allowed?(current_user, :destroy_user, user) || options[:skip_authorization] raise Gitlab::Access::AccessDeniedError, "#{current_user} tried to destroy user #{user}!" end diff --git a/app/services/users/validate_otp_service.rb b/app/services/users/validate_otp_service.rb new file mode 100644 index 00000000000..a9ce7959aea --- /dev/null +++ b/app/services/users/validate_otp_service.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +module Users + class ValidateOtpService < BaseService + def initialize(current_user) + @current_user = current_user + @strategy = if Feature.enabled?(:forti_authenticator, current_user) + ::Gitlab::Auth::Otp::Strategies::FortiAuthenticator.new(current_user) + else + ::Gitlab::Auth::Otp::Strategies::Devise.new(current_user) + end + end + + def execute(otp_code) + strategy.validate(otp_code) + rescue StandardError => ex + Gitlab::ErrorTracking.log_exception(ex) + error(message: ex.message) + end + + private + + attr_reader :strategy + end +end |