summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/services/users/build_service.rb4
-rw-r--r--app/services/users/create_service.rb4
-rw-r--r--changelogs/unreleased/dm-fix-oauth-user-creation.yml4
-rw-r--r--lib/gitlab/o_auth/user.rb2
-rw-r--r--spec/lib/gitlab/ldap/user_spec.rb12
-rw-r--r--spec/lib/gitlab/o_auth/user_spec.rb14
-rw-r--r--spec/lib/gitlab/saml/user_spec.rb12
7 files changed, 47 insertions, 5 deletions
diff --git a/app/services/users/build_service.rb b/app/services/users/build_service.rb
index 9a0a5a12f91..d2a1c161026 100644
--- a/app/services/users/build_service.rb
+++ b/app/services/users/build_service.rb
@@ -6,8 +6,8 @@ module Users
@params = params.dup
end
- def execute
- raise Gitlab::Access::AccessDeniedError unless can_create_user?
+ def execute(skip_authorization: false)
+ raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_create_user?
user = User.new(build_user_params)
diff --git a/app/services/users/create_service.rb b/app/services/users/create_service.rb
index a2105d31f71..e22f7225ae2 100644
--- a/app/services/users/create_service.rb
+++ b/app/services/users/create_service.rb
@@ -6,8 +6,8 @@ module Users
@params = params.dup
end
- def execute
- user = Users::BuildService.new(current_user, params).execute
+ def execute(skip_authorization: false)
+ user = Users::BuildService.new(current_user, params).execute(skip_authorization: skip_authorization)
@reset_token = user.generate_reset_token if user.recently_sent_password_reset?
diff --git a/changelogs/unreleased/dm-fix-oauth-user-creation.yml b/changelogs/unreleased/dm-fix-oauth-user-creation.yml
new file mode 100644
index 00000000000..161b114394a
--- /dev/null
+++ b/changelogs/unreleased/dm-fix-oauth-user-creation.yml
@@ -0,0 +1,4 @@
+---
+title: Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled
+merge_request:
+author:
diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb
index 6e42d8941fb..afd24b4dcc5 100644
--- a/lib/gitlab/o_auth/user.rb
+++ b/lib/gitlab/o_auth/user.rb
@@ -148,7 +148,7 @@ module Gitlab
def build_new_user
user_params = user_attributes.merge(extern_uid: auth_hash.uid, provider: auth_hash.provider, skip_confirmation: true)
- Users::BuildService.new(nil, user_params).execute
+ Users::BuildService.new(nil, user_params).execute(skip_authorization: true)
end
def user_attributes
diff --git a/spec/lib/gitlab/ldap/user_spec.rb b/spec/lib/gitlab/ldap/user_spec.rb
index 346cf0d117c..65a304d1468 100644
--- a/spec/lib/gitlab/ldap/user_spec.rb
+++ b/spec/lib/gitlab/ldap/user_spec.rb
@@ -108,6 +108,18 @@ describe Gitlab::LDAP::User, lib: true do
it "creates a new user if not found" do
expect{ ldap_user.save }.to change{ User.count }.by(1)
end
+
+ context 'when signup is disabled' do
+ before do
+ stub_application_setting signup_enabled: false
+ end
+
+ it 'creates the user' do
+ ldap_user.save
+
+ expect(gl_user).to be_persisted
+ end
+ end
end
describe 'updating email' do
diff --git a/spec/lib/gitlab/o_auth/user_spec.rb b/spec/lib/gitlab/o_auth/user_spec.rb
index 8f09266c3b3..6d3ac62d9e9 100644
--- a/spec/lib/gitlab/o_auth/user_spec.rb
+++ b/spec/lib/gitlab/o_auth/user_spec.rb
@@ -40,6 +40,20 @@ describe Gitlab::OAuth::User, lib: true do
let(:provider) { 'twitter' }
describe 'signup' do
+ context 'when signup is disabled' do
+ before do
+ stub_application_setting signup_enabled: false
+ end
+
+ it 'creates the user' do
+ stub_omniauth_config(allow_single_sign_on: ['twitter'])
+
+ oauth_user.save
+
+ expect(gl_user).to be_persisted
+ end
+ end
+
it 'marks user as having password_automatically_set' do
stub_omniauth_config(allow_single_sign_on: ['twitter'], external_providers: ['twitter'])
diff --git a/spec/lib/gitlab/saml/user_spec.rb b/spec/lib/gitlab/saml/user_spec.rb
index 4f6ef3c10fc..b3b76a6d629 100644
--- a/spec/lib/gitlab/saml/user_spec.rb
+++ b/spec/lib/gitlab/saml/user_spec.rb
@@ -211,6 +211,18 @@ describe Gitlab::Saml::User, lib: true do
end
end
end
+
+ context 'when signup is disabled' do
+ before do
+ stub_application_setting signup_enabled: false
+ end
+
+ it 'creates the user' do
+ saml_user.save
+
+ expect(gl_user).to be_persisted
+ end
+ end
end
describe 'blocking' do