Merge branch 'generalize-profile-updates' into 'master'

Profile updates from providers

See merge request !12968

6 files changed, 70 insertions, 12 deletions

diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index 076076fd1b3..d83824fef06 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -9,8 +9,6 @@ class ProfilesController < Profiles::ApplicationController
   end
 
   def update
-    user_params.except!(:email) if @user.external_email?
-
     respond_to do |format|
       result = Users::UpdateService.new(@user, user_params).execute
 
diff --git a/app/helpers/profiles_helper.rb b/app/helpers/profiles_helper.rb
index 45238f12ac7..5a4fda0724c 100644
--- a/app/helpers/profiles_helper.rb
+++ b/app/helpers/profiles_helper.rb
@@ -1,7 +1,12 @@
 module ProfilesHelper
-  def email_provider_label
-    return unless current_user.external_email?
-
-    current_user.email_provider.present? ? Gitlab::OAuth::Provider.label_for(current_user.email_provider) : "LDAP"
+  def attribute_provider_label(attribute)
+    user_synced_attributes_metadata = current_user.user_synced_attributes_metadata
+    if user_synced_attributes_metadata&.synced?(attribute)
+      if user_synced_attributes_metadata.provider
+        Gitlab::OAuth::Provider.label_for(user_synced_attributes_metadata.provider)
+      else
+        'LDAP'
+      end
+    end
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index c5b5f09722f..105eb62f1fa 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -15,10 +15,12 @@ class User < ActiveRecord::Base
   include IgnorableColumn
   include FeatureGate
   include CreatedAtFilterable
+  include IgnorableColumn
 
   DEFAULT_NOTIFICATION_LEVEL = :participating
 
-  ignore_column :authorized_projects_populated
+  ignore_column :external_email
+  ignore_column :email_provider
 
   add_authentication_token_field :authentication_token
   add_authentication_token_field :incoming_email_token
@@ -85,6 +87,7 @@ class User < ActiveRecord::Base
   has_many :identities, dependent: :destroy, autosave: true # rubocop:disable Cop/ActiveRecordDependent
   has_many :u2f_registrations, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
   has_many :chat_names, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
+  has_one :user_synced_attributes_metadata, autosave: true
 
   # Groups
   has_many :members, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
@@ -161,6 +164,7 @@ class User < ActiveRecord::Base
   after_update :update_emails_with_primary_email, if: :email_changed?
   before_save :ensure_authentication_token, :ensure_incoming_email_token
   before_save :ensure_user_rights_and_limits, if: :external_changed?
+  before_save :skip_reconfirmation!, if: ->(user) { user.email_changed? && user.read_only_attribute?(:email) }
   after_save :ensure_namespace_correct
   after_commit :update_invalid_gpg_signatures, on: :update, if: -> { previous_changes.key?('email') }
   after_initialize :set_projects_limit
@@ -1045,6 +1049,22 @@ class User < ActiveRecord::Base
     self.email == email
   end
 
+  def sync_attribute?(attribute)
+    return true if ldap_user? && attribute == :email
+
+    attributes = Gitlab.config.omniauth.sync_profile_attributes
+
+    if attributes.is_a?(Array)
+      attributes.include?(attribute.to_s)
+    else
+      attributes
+    end
+  end
+
+  def read_only_attribute?(attribute)
+    user_synced_attributes_metadata&.read_only?(attribute)
+  end
+
   protected
 
   # override, from Devise::Validatable
diff --git a/app/models/user_synced_attributes_metadata.rb b/app/models/user_synced_attributes_metadata.rb
new file mode 100644
index 00000000000..9f374304164
--- /dev/null
+++ b/app/models/user_synced_attributes_metadata.rb
@@ -0,0 +1,25 @@
+class UserSyncedAttributesMetadata < ActiveRecord::Base
+  belongs_to :user
+
+  validates :user, presence: true
+
+  SYNCABLE_ATTRIBUTES = %i[name email location].freeze
+
+  def read_only?(attribute)
+    Gitlab.config.omniauth.sync_profile_from_provider && synced?(attribute)
+  end
+
+  def read_only_attributes
+    return [] unless Gitlab.config.omniauth.sync_profile_from_provider
+
+    SYNCABLE_ATTRIBUTES.select { |key| synced?(key) }
+  end
+
+  def synced?(attribute)
+    read_attribute("#{attribute}_synced")
+  end
+
+  def set_attribute_synced(attribute, value)
+    write_attribute("#{attribute}_synced", value)
+  end
+end
diff --git a/app/services/users/update_service.rb b/app/services/users/update_service.rb
index 2f9855273dc..6188b8a4349 100644
--- a/app/services/users/update_service.rb
+++ b/app/services/users/update_service.rb
@@ -34,6 +34,10 @@ module Users
     private
 
     def assign_attributes(&block)
+      if @user.user_synced_attributes_metadata
+        params.except!(*@user.user_synced_attributes_metadata.read_only_attributes)
+      end
+
       @user.assign_attributes(params) if params.any?
     end
   end
diff --git a/app/views/profiles/show.html.haml b/app/views/profiles/show.html.haml
index aa8d5a8bc1a..35ad280b037 100644
--- a/app/views/profiles/show.html.haml
+++ b/app/views/profiles/show.html.haml
@@ -45,12 +45,15 @@
           Some options are unavailable for LDAP accounts
     .col-lg-8
       .row
-        = f.text_field :name,  required: true, wrapper: { class: 'col-md-9' },
-          help: 'Enter your name, so people you know can recognize you.'
+        - if @user.read_only_attribute?(:name)
+          = f.text_field :name, required: true, readonly: true, wrapper: { class: 'col-md-9' },
+          help: "Your name was automatically set based on your #{ attribute_provider_label(:name) } account, so people you know can recognize you."
+        - else
+          = f.text_field :name, required: true, wrapper: { class: 'col-md-9' }, help: "Enter your name, so people you know can recognize you."
         = f.text_field :id, readonly: true, label: 'User ID', wrapper: { class: 'col-md-3' }
 
-      - if @user.external_email?
-        = f.text_field :email, required: true, readonly: true, help: "Your email address was automatically set based on your #{email_provider_label} account."
+      - if @user.read_only_attribute?(:email)
+        = f.text_field :email, required: true, readonly: true, help: "Your email address was automatically set based on your #{ attribute_provider_label(:email) } account."
       - else
         = f.text_field :email, required: true, value: (@user.email unless @user.temp_oauth_email?),
           help: user_email_help_text(@user)
@@ -64,7 +67,10 @@
       = f.text_field :linkedin
       = f.text_field :twitter
       = f.text_field :website_url, label: 'Website'
-      = f.text_field :location
+      - if @user.read_only_attribute?(:location)
+        = f.text_field :location, readonly: true, help: "Your location was automatically set based on your #{ attribute_provider_label(:location) } account."
+      - else
+        = f.text_field :location
       = f.text_field :organization
       = f.text_area :bio, rows: 4, maxlength: 250, help: 'Tell us about yourself in fewer than 250 characters.'
       .prepend-top-default.append-bottom-default