1 files changed, 27 insertions, 4 deletions

diff --git a/lib/gitlab/saml/user.rb b/lib/gitlab/saml/user.rb
index b1e30110ef5..8943022612c 100644
--- a/lib/gitlab/saml/user.rb
+++ b/lib/gitlab/saml/user.rb
@@ -12,13 +12,13 @@ module Gitlab
       end
 
       def gl_user
-        @user ||= find_by_uid_and_provider
-
         if auto_link_ldap_user?
           @user ||= find_or_create_ldap_user
         end
 
-        if auto_link_saml_enabled?
+        @user ||= find_by_uid_and_provider
+
+        if auto_link_saml_user?
           @user ||= find_by_email
         end
 
@@ -26,6 +26,16 @@ module Gitlab
           @user ||= build_new_user
         end
 
+        if external_users_enabled? && @user
+          # Check if there is overlap between the user's groups and the external groups
+          # setting then set user as external or internal.
+          if (auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
+            @user.external = false
+          else
+            @user.external = true
+          end
+        end
+
         @user
       end
 
@@ -37,11 +47,24 @@ module Gitlab
         end
       end
 
+      def changed?
+        return true unless gl_user
+        gl_user.changed? || gl_user.identities.any?(&:changed?)
+      end
+
       protected
 
-      def auto_link_saml_enabled?
+      def auto_link_saml_user?
         Gitlab.config.omniauth.auto_link_saml_user
       end
+
+      def external_users_enabled?
+        !Gitlab::Saml::Config.external_groups.nil?
+      end
+
+      def auth_hash=(auth_hash)
+        @auth_hash = Gitlab::Saml::AuthHash.new(auth_hash)
+      end
     end
   end
 end