1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
# frozen_string_literal: true
module Users
class BuildService < BaseService
delegate :user_default_internal_regex_enabled?,
:user_default_internal_regex_instance,
to: :'Gitlab::CurrentSettings.current_application_settings'
attr_reader :identity_params
def initialize(current_user, params = {})
@current_user = current_user
@params = params.dup
@identity_params = params.slice(*identity_attributes)
end
def execute(skip_authorization: false)
raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_create_user?
user_params = build_user_params(skip_authorization: skip_authorization)
user = User.new(user_params)
if current_user&.admin?
@reset_token = user.generate_reset_token if params[:reset_password]
if user_params[:force_random_password]
random_password = User.random_password
user.password = user.password_confirmation = random_password
end
end
build_identity(user)
Users::UpdateCanonicalEmailService.new(user: user).execute
user
end
private
def identity_attributes
[:extern_uid, :provider]
end
def build_identity(user)
return if identity_params.empty?
user.identities.build(identity_params)
end
def can_create_user?
(current_user.nil? && Gitlab::CurrentSettings.allow_signup?) || current_user&.admin?
end
# Allowed params for creating a user (admins only)
def admin_create_params
[
:access_level,
:admin,
:avatar,
:bio,
:can_create_group,
:color_scheme_id,
:email,
:external,
:force_random_password,
:hide_no_password,
:hide_no_ssh_key,
:linkedin,
:name,
:password,
:password_automatically_set,
:password_expires_at,
:projects_limit,
:remember_me,
:skip_confirmation,
:skype,
:theme_id,
:twitter,
:username,
:website_url,
:private_profile,
:organization,
:location,
:public_email,
:user_type,
:note
]
end
# Allowed params for user signup
def signup_params
[
:email,
:password_automatically_set,
:name,
:first_name,
:last_name,
:password,
:username,
:user_type
]
end
def build_user_params(skip_authorization:)
if current_user&.admin?
user_params = params.slice(*admin_create_params)
if params[:reset_password]
user_params.merge!(force_random_password: true, password_expires_at: nil)
end
else
allowed_signup_params = signup_params
allowed_signup_params << :skip_confirmation if skip_authorization
user_params = params.slice(*allowed_signup_params)
if user_params[:skip_confirmation].nil?
user_params[:skip_confirmation] = skip_user_confirmation_email_from_setting
end
fallback_name = "#{user_params[:first_name]} #{user_params[:last_name]}"
if user_params[:name].blank? && fallback_name.present?
user_params = user_params.merge(name: fallback_name)
end
end
user_params[:created_by_id] = current_user&.id
if user_default_internal_regex_enabled? && !user_params.key?(:external)
user_params[:external] = user_external?
end
user_params.delete(:user_type) unless project_bot?(user_params[:user_type])
user_params
end
def skip_user_confirmation_email_from_setting
!Gitlab::CurrentSettings.send_user_confirmation_email
end
def user_external?
user_default_internal_regex_instance.match(params[:email]).nil?
end
def project_bot?(user_type)
user_type&.to_sym == :project_bot
end
end
end
Users::BuildService.prepend_if_ee('EE::Users::BuildService')
|