diff options
| author | Rémy Coutable <remy@rymai.me> | 2017-04-26 09:54:33 +0200 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2017-04-26 10:08:44 +0200 |
| commit | aa54bb7e5a247e98efa95ad810503579eb3d0cbc (patch) | |
| tree | d062346b3509aae411e7023ecba721790dacf5c2 /app/services | |
| parent | fa01c373594203278a5809c7bae800d97e224f64 (diff) | |
| download | gitlab-ce-aa54bb7e5a247e98efa95ad810503579eb3d0cbc.tar.gz | |
Fix logic in Users::CreateService broken by the fix for OAuth users
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'app/services')
| -rw-r--r-- | app/services/users/build_service.rb | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/app/services/users/build_service.rb b/app/services/users/build_service.rb index 05cdea10e96..363135ef09b 100644 --- a/app/services/users/build_service.rb +++ b/app/services/users/build_service.rb @@ -9,14 +9,13 @@ module Users def execute(skip_authorization: false) raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_create_user? - user = User.new(build_user_params(skip_authorization: skip_authorization)) + user_params = build_user_params(skip_authorization: skip_authorization) + user = User.new(user_params) if current_user&.admin? - if params[:reset_password] - user.generate_reset_token - end + @reset_token = user.generate_reset_token if params[:reset_password] - if params[:force_random_password] + if user_params[:force_random_password] random_password = Devise.friendly_token.first(Devise.password_length.min) user.password = user.password_confirmation = random_password end @@ -89,12 +88,20 @@ module Users user_params.merge!(force_random_password: true, password_expires_at: nil) end else - user_params = params.slice(*signup_params) - user_params[:skip_confirmation] = params[:skip_confirmation] if skip_authorization - user_params[:skip_confirmation] ||= !current_application_settings.send_user_confirmation_email + allowed_signup_params = signup_params + allowed_signup_params << :skip_confirmation if skip_authorization + + user_params = params.slice(*allowed_signup_params) + if user_params[:skip_confirmation].nil? + user_params[:skip_confirmation] = skip_user_confirmation_email_from_setting + end end user_params end + + def skip_user_confirmation_email_from_setting + !current_application_settings.send_user_confirmation_email + end end end |