5 files changed, 107 insertions, 94 deletions

diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb
index fbdaa455651..7828c5806b0 100644
--- a/app/services/projects/create_service.rb
+++ b/app/services/projects/create_service.rb
@@ -58,6 +58,9 @@ module Projects
         fail(error: @project.errors.full_messages.join(', '))
       end
       @project
+    rescue ActiveRecord::RecordInvalid => e
+      message = "Unable to save #{e.record.type}: #{e.record.errors.full_messages.join(", ")} "
+      fail(error: message)
     rescue => e
       fail(error: e.message)
     end
diff --git a/app/services/projects/import_service.rb b/app/services/projects/import_service.rb
index 4c72d5e117d..eea17e24903 100644
--- a/app/services/projects/import_service.rb
+++ b/app/services/projects/import_service.rb
@@ -59,7 +59,6 @@ module Projects
       project.repository.add_remote(project.import_type, project.import_url)
       project.repository.set_remote_as_mirror(project.import_type)
       project.repository.fetch_remote(project.import_type, forced: true)
-      project.repository.remove_remote(project.import_type)
     end
 
     def import_data
diff --git a/app/services/users/build_service.rb b/app/services/users/build_service.rb
new file mode 100644
index 00000000000..9a0a5a12f91
--- /dev/null
+++ b/app/services/users/build_service.rb
@@ -0,0 +1,100 @@
+module Users
+  # Service for building a new user.
+  class BuildService < BaseService
+    def initialize(current_user, params = {})
+      @current_user = current_user
+      @params = params.dup
+    end
+
+    def execute
+      raise Gitlab::Access::AccessDeniedError unless can_create_user?
+
+      user = User.new(build_user_params)
+
+      if current_user&.admin?
+        if params[:reset_password]
+          user.generate_reset_token
+          params[:force_random_password] = true
+        end
+
+        if params[:force_random_password]
+          random_password = Devise.friendly_token.first(Devise.password_length.min)
+          user.password = user.password_confirmation = random_password
+        end
+      end
+
+      identity_attrs = params.slice(:extern_uid, :provider)
+
+      if identity_attrs.any?
+        user.identities.build(identity_attrs)
+      end
+
+      user
+    end
+
+    private
+
+    def can_create_user?
+      (current_user.nil? && current_application_settings.signup_enabled?) || current_user&.admin?
+    end
+
+    # Allowed params for creating a user (admins only)
+    def admin_create_params
+      [
+        :access_level,
+        :admin,
+        :avatar,
+        :bio,
+        :can_create_group,
+        :color_scheme_id,
+        :email,
+        :external,
+        :force_random_password,
+        :hide_no_password,
+        :hide_no_ssh_key,
+        :key_id,
+        :linkedin,
+        :name,
+        :password,
+        :password_automatically_set,
+        :password_expires_at,
+        :projects_limit,
+        :remember_me,
+        :skip_confirmation,
+        :skype,
+        :theme_id,
+        :twitter,
+        :username,
+        :website_url
+      ]
+    end
+
+    # Allowed params for user signup
+    def signup_params
+      [
+        :email,
+        :email_confirmation,
+        :password_automatically_set,
+        :name,
+        :password,
+        :username
+      ]
+    end
+
+    def build_user_params
+      if current_user&.admin?
+        user_params = params.slice(*admin_create_params)
+        user_params[:created_by_id] = current_user&.id
+
+        if params[:reset_password]
+          user_params.merge!(force_random_password: true, password_expires_at: nil)
+        end
+      else
+        user_params = params.slice(*signup_params)
+        user_params[:skip_confirmation] = !current_application_settings.send_user_confirmation_email
+      end
+
+      user_params
+    end
+  end
+end
diff --git a/app/services/users/create_service.rb b/app/services/users/create_service.rb
index 93ca7b1141a..a2105d31f71 100644
--- a/app/services/users/create_service.rb
+++ b/app/services/users/create_service.rb
@@ -6,34 +6,10 @@ module Users
       @params = params.dup
     end
 
-    def build
-      raise Gitlab::Access::AccessDeniedError unless can_create_user?
-
-      user = User.new(build_user_params)
-
-      if current_user&.admin?
-        if params[:reset_password]
-          @reset_token = user.generate_reset_token
-          params[:force_random_password] = true
-        end
-
-        if params[:force_random_password]
-          random_password = Devise.friendly_token.first(Devise.password_length.min)
-          user.password = user.password_confirmation = random_password
-        end
-      end
-
-      identity_attrs = params.slice(:extern_uid, :provider)
-
-      if identity_attrs.any?
-        user.identities.build(identity_attrs)
-      end
-
-      user
-    end
-
     def execute
-      user = build
+      user = Users::BuildService.new(current_user, params).execute
+
+      @reset_token = user.generate_reset_token if user.recently_sent_password_reset?
 
       if user.save
         log_info("User \"#{user.name}\" (#{user.email}) was created")
@@ -43,70 +19,5 @@ module Users
 
       user
     end
-
-    private
-
-    def can_create_user?
-      (current_user.nil? && current_application_settings.signup_enabled?) || current_user&.admin?
-    end
-
-    # Allowed params for creating a user (admins only)
-    def admin_create_params
-      [
-        :access_level,
-        :admin,
-        :avatar,
-        :bio,
-        :can_create_group,
-        :color_scheme_id,
-        :email,
-        :external,
-        :force_random_password,
-        :password_automatically_set,
-        :hide_no_password,
-        :hide_no_ssh_key,
-        :key_id,
-        :linkedin,
-        :name,
-        :password,
-        :password_expires_at,
-        :projects_limit,
-        :remember_me,
-        :skip_confirmation,
-        :skype,
-        :theme_id,
-        :twitter,
-        :username,
-        :website_url
-      ]
-    end
-
-    # Allowed params for user signup
-    def signup_params
-      [
-        :email,
-        :email_confirmation,
-        :password_automatically_set,
-        :name,
-        :password,
-        :username
-      ]
-    end
-
-    def build_user_params
-      if current_user&.admin?
-        user_params = params.slice(*admin_create_params)
-        user_params[:created_by_id] = current_user&.id
-
-        if params[:reset_password]
-          user_params.merge!(force_random_password: true, password_expires_at: nil)
-        end
-      else
-        user_params = params.slice(*signup_params)
-        user_params[:skip_confirmation] = !current_application_settings.send_user_confirmation_email
-      end
-
-      user_params
-    end
   end
 end
diff --git a/app/services/users/destroy_service.rb b/app/services/users/destroy_service.rb
index ba58b174cc0..9eb6a600f6b 100644
--- a/app/services/users/destroy_service.rb
+++ b/app/services/users/destroy_service.rb
@@ -26,7 +26,7 @@ module Users
         ::Projects::DestroyService.new(project, current_user, skip_repo: true).execute
       end
 
-      MigrateToGhostUserService.new(user).execute
+      MigrateToGhostUserService.new(user).execute unless options[:hard_delete]
 
       # Destroy the namespace after destroying the user since certain methods may depend on the namespace existing
       namespace = user.namespace