Group SAML adds user to Group

1ddc6102 · James Edwards-Jones · f99d6d75 · 1ddc6102 · 1ddc6102 · 1ddc6102
Commit 1ddc6102 authored Apr 23, 2018 by James Edwards-Jones
4 changed files
--- a/ee/lib/gitlab/auth/group_saml/identity_linker.rb
+++ b/ee/lib/gitlab/auth/group_saml/identity_linker.rb
@@ -10,6 +10,12 @@ module Gitlab
          @saml_provider = saml_provider
        end

+        def link
+          super
+
+          update_group_membership unless failed?
+        end
+
        protected

        def identity
@@ -18,6 +24,10 @@ module Gitlab
                                                      extern_uid: uid.to_s)
                                    .first_or_initialize
        end
+
+        def update_group_membership
+          MembershipUpdater.new(current_user, saml_provider).execute
+        end
      end
    end
  end

--- a/ee/lib/gitlab/auth/group_saml/membership_updater.rb
+++ b/ee/lib/gitlab/auth/group_saml/membership_updater.rb
+module Gitlab
+  module Auth
+    module GroupSaml
+      class MembershipUpdater
+        attr_reader :user, :saml_provider
+
+        delegate :group, to: :saml_provider
+
+        def initialize(user, saml_provider)
+          @user = user
+          @saml_provider = saml_provider
+        end
+
+        def execute
+          return if group.member?(@user)
+
+          group.add_user(@user, default_membership_level)
+        end
+
+        private
+
+        def default_membership_level
+          :guest
+        end
+      end
+    end
+  end
+end
--- a/ee/spec/lib/gitlab/auth/group_saml/identity_linker_spec.rb
+++ b/ee/spec/lib/gitlab/auth/group_saml/identity_linker_spec.rb
@@ -21,6 +21,12 @@ describe Gitlab::Auth::GroupSaml::IdentityLinker do

      expect(subject).not_to be_changed
    end
+
+    it 'adds user to group' do
+      subject.link
+
+      expect(saml_provider.group.member?(user)).to eq(true)
+    end
  end

  context 'identity needs to be created' do
@@ -51,5 +57,11 @@ describe Gitlab::Auth::GroupSaml::IdentityLinker do

      expect(subject).to be_changed
    end
+
+    it 'adds user to group' do
+      subject.link
+
+      expect(saml_provider.group.member?(user)).to eq(true)
+    end
  end
 end
--- a/ee/spec/lib/gitlab/auth/group_saml/membership_updater_spec.rb
+++ b/ee/spec/lib/gitlab/auth/group_saml/membership_updater_spec.rb
+require 'spec_helper'
+
+describe Gitlab::Auth::GroupSaml::MembershipUpdater do
+  let(:user) { create(:user) }
+  let(:saml_provider) { create(:saml_provider) }
+  let(:group) { saml_provider.group }
+
+  it "adds the user to the group" do
+    described_class.new(user, saml_provider).execute
+
+    expect(group.users).to include(user)
+  end
+
+  it "doesn't duplicate group membership" do
+    group.add_guest(user)
+
+    described_class.new(user, saml_provider).execute
+
+    expect(group.members.count).to eq 1
+  end
+
+  it "doesn't overwrite existing membership level" do
+    group.add_master(user)
+
+    described_class.new(user, saml_provider).execute
+
+    expect(group.members.pluck(:access_level)).to eq([Gitlab::Access::MASTER])
+  end
+end