Ensures that OAuth/LDAP/SAML users don't need to be confirmed

Signed-off-by: Rémy Coutable <remy@rymai.me>

Ensures that OAuth/LDAP/SAML users don't need to be confirmed
Signed-off-by: Rémy Coutable <remy@rymai.me>
03940fb1 · Rémy Coutable · 4aec52ea · 03940fb1 · 03940fb1 · 03940fb1
Commit 03940fb1 authored Apr 25, 2017 by Rémy Coutable
5 changed files
--- a/app/services/users/create_service.rb
+++ b/app/services/users/create_service.rb
@@ -9,12 +9,11 @@ module Users
    def build(skip_authorization: false)
      raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_create_user?

-      user = User.new(build_user_params)
+      user = User.new(build_user_params(skip_authorization: skip_authorization))

      if current_user&.admin?
        if params[:reset_password]
          @reset_token = user.generate_reset_token
-          params[:force_random_password] = true
        end

        if params[:force_random_password]
@@ -93,7 +92,7 @@ module Users
      ]
    end

-    def build_user_params
+    def build_user_params(skip_authorization:)
      if current_user&.admin?
        user_params = params.slice(*admin_create_params)
        user_params[:created_by_id] = current_user&.id
@@ -103,7 +102,8 @@ module Users
        end
      else
        user_params = params.slice(*signup_params)
-        user_params[:skip_confirmation] = !current_application_settings.send_user_confirmation_email
+        user_params[:skip_confirmation] = params[:skip_confirmation] if skip_authorization
+        user_params[:skip_confirmation] ||= !current_application_settings.send_user_confirmation_email
      end

      user_params

--- a/changelogs/unreleased/31294-fix-ldap-user-not-confirmed.yml
+++ b/changelogs/unreleased/31294-fix-ldap-user-not-confirmed.yml
+---
+title: Ensures that OAuth/LDAP/SAML users don't need to be confirmed
+merge_request:
+author:
--- a/spec/lib/gitlab/ldap/user_spec.rb
+++ b/spec/lib/gitlab/ldap/user_spec.rb
@@ -120,6 +120,19 @@ describe Gitlab::LDAP::User, lib: true do
        expect(gl_user).to be_persisted
      end
    end
+
+    context 'when user confirmation email is enabled' do
+      before do
+        stub_application_setting send_user_confirmation_email: true
+      end
+
+      it 'creates and confirms the user anyway' do
+        ldap_user.save
+
+        expect(gl_user).to be_persisted
+        expect(gl_user).to be_confirmed
+      end
+    end
  end

  describe 'updating email' do

--- a/spec/lib/gitlab/o_auth/user_spec.rb
+++ b/spec/lib/gitlab/o_auth/user_spec.rb
@@ -54,6 +54,21 @@ describe Gitlab::OAuth::User, lib: true do
        end
      end

+      context 'when user confirmation email is enabled' do
+        before do
+          stub_application_setting send_user_confirmation_email: true
+        end
+
+        it 'creates and confirms the user anyway' do
+          stub_omniauth_config(allow_single_sign_on: ['twitter'])
+
+          oauth_user.save
+
+          expect(gl_user).to be_persisted
+          expect(gl_user).to be_confirmed
+        end
+      end
+
      it 'marks user as having password_automatically_set' do
        stub_omniauth_config(allow_single_sign_on: ['twitter'], external_providers: ['twitter'])


--- a/spec/lib/gitlab/saml/user_spec.rb
+++ b/spec/lib/gitlab/saml/user_spec.rb
@@ -223,6 +223,19 @@ describe Gitlab::Saml::User, lib: true do
          expect(gl_user).to be_persisted
        end
      end
+
+      context 'when user confirmation email is enabled' do
+        before do
+          stub_application_setting send_user_confirmation_email: true
+        end
+
+        it 'creates and confirms the user anyway' do
+          saml_user.save
+
+          expect(gl_user).to be_persisted
+          expect(gl_user).to be_confirmed
+        end
+      end
    end

    describe 'blocking' do