Merge branch 'jej/unflag-group-saml-metadata' into 'master'

Remove feature flag for GroupSaml metadata Closes #9657 See merge request gitlab-org/gitlab-ee!12659

Merge branch 'jej/unflag-group-saml-metadata' into 'master'
Remove feature flag for GroupSaml metadata Closes #9657 See merge request gitlab-org/gitlab-ee!12659
260cd2af · Douwe Maan · 37dff7a9 · bc6fe170 · 260cd2af · 260cd2af
Commit 260cd2af authored May 24, 2019 by Douwe Maan
7 changed files
--- a/app/helpers/accounts_helper.rb
+++ b/app/helpers/accounts_helper.rb
@@ -5,5 +5,3 @@ module AccountsHelper
    current_user.incoming_email_token && Gitlab::IncomingEmail.supports_issue_creation?
  end
 end
-
-AccountsHelper.prepend(EE::AccountsHelper)
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -15,7 +15,7 @@ SAML SSO for groups is used only as a convenient way to add users and does not s
 ## Configuring your Identity Provider

 1. Navigate to the group and click **Settings > SAML SSO**.
-1. Configure your SAML server using the **Assertion consumer service URL** and **Issuer**. See [your identity provider's documentation](#providers) for more details.
+1. Configure your SAML server using the **Assertion consumer service URL** and **Issuer**. Alternatively GitLab provides [metadata XML configuration](#metadata-configuration). See [your identity provider's documentation](#providers) for more details.
 1. Configure the SAML response to include a NameID that uniquely identifies each user.
 1. Configure required assertions using the [table below](#assertions).
 1. Once the identity provider is set up, move on to [configuring GitLab](#configuring-gitlab).
@@ -50,6 +50,14 @@ GitLab.com uses the SAML NameID to identify users. The NameID element:
 | First Name | `first_name`, `firstname`, `firstName` |  |
 | Last Name | `last_name`, `lastname`, `lastName` |  |

+## Metadata configuration
+
+GitLab provides metadata XML that can be used to configure your Identity Provider.
+
+1. Navigate to the group and click **Settings > SAML SSO**.
+1. Copy the provided **GitLab metadata URL**
+1. Follow your Identity Provider's documentation and paste the metadata URL when it is requested.
+
 ## Configuring GitLab

 Once you've set up your identity provider to work with GitLab, you'll need to configure GitLab to use it for authentication:

--- a/ee/app/helpers/ee/accounts_helper.rb
+++ b/ee/app/helpers/ee/accounts_helper.rb
-# frozen_string_literal: true
-
-module EE
-  module AccountsHelper
-    def group_saml_metadata_enabled?(group)
-      ::Feature.enabled?(:group_saml_metadata_available, group)
-    end
-  end
-end
--- a/ee/app/views/groups/saml_providers/_info.html.haml
+++ b/ee/app/views/groups/saml_providers/_info.html.haml
@@ -21,12 +21,11 @@
  .well-segment.borderless
    = render 'info_row', field: :issuer, label_text: _('Identifier')
    .form-text.text-muted= _('Also called "Issuer" or "Relying party trust identifier"')
-  - if group_saml_metadata_enabled?(@group)
-    .well-segment.borderless
-      %label= _("GitLab metadata URL")
-      - metadata_url = user_group_saml_omniauth_metadata_url(@group)
-      %div= link_to metadata_url, metadata_url
-      .form-text.text-muted= _("Used to help configure your identity provider")
+  .well-segment.borderless
+    %label= _("GitLab metadata URL")
+    - metadata_url = user_group_saml_omniauth_metadata_url(@group)
+    %div= link_to metadata_url, metadata_url
+    .form-text.text-muted= _("Used to help configure your identity provider")
  - if @saml_provider.persisted?
    .well-segment.borderless
      %label= _("GitLab single sign on URL")

--- a/ee/lib/omni_auth/strategies/group_saml.rb
+++ b/ee/lib/omni_auth/strategies/group_saml.rb
@@ -61,11 +61,7 @@ module OmniAuth
      private

      def metadata_phase?
-        on_subpath?(:metadata) && metadata_enabled?
-      end
-
-      def metadata_enabled?
-        Feature.enabled?(:group_saml_metadata_available, group_lookup.group)
+        on_subpath?(:metadata)
      end

      def store_authn_request_id(authn_request)

--- a/ee/spec/features/groups/saml_providers_spec.rb
+++ b/ee/spec/features/groups/saml_providers_spec.rb
@@ -51,14 +51,6 @@ describe 'SAML provider settings' do
      expect(response_headers['Content-Type']).to have_content("application/xml")
    end

-    it 'does not show metadata link when feature disabled' do
-      stub_feature_flags(group_saml_metadata_available: false)
-
-      visit group_saml_providers_path(group)
-
-      expect(page).not_to have_content('metadata')
-    end
-
    it 'allows creation of new provider' do
      visit group_saml_providers_path(group)


--- a/ee/spec/lib/omni_auth/strategies/group_saml_spec.rb
+++ b/ee/spec/lib/omni_auth/strategies/group_saml_spec.rb
@@ -142,23 +142,6 @@ describe OmniAuth::Strategies::GroupSaml, type: :strategy do
      end.to raise_error(ActionController::RoutingError)
    end

-    it 'returns 404 when feature disabled' do
-      stub_feature_flags(group_saml_metadata_available: false)
-
-      post '/users/auth/group_saml/metadata', group_path: 'my-group', token: group.saml_discovery_token
-
-      expect(last_response.status).to eq 404
-    end
-
-    it 'suceeds when feature enabled for an individual group' do
-      stub_feature_flags(group_saml_metadata_available: false)
-      allow(Feature).to receive(:enabled?).with(:group_saml_metadata_available, group) { true }
-
-      post '/users/auth/group_saml/metadata', group_path: 'my-group', token: group.saml_discovery_token
-
-      expect(last_response.status).to eq 200
-    end
-
    it 'returns metadata when a valid token is provided' do
      post '/users/auth/group_saml/metadata', group_path: 'my-group', token: group.saml_discovery_token