Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
95759f18
Commit
95759f18
authored
May 27, 2019
by
Pavel Shutsin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Suggest a username for group saml sign up
It will allow easier JIT sign up for new group users
parent
a1848c8b
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
31 additions
and
11 deletions
+31
-11
ee/app/controllers/groups/sso_controller.rb
ee/app/controllers/groups/sso_controller.rb
+16
-9
ee/changelogs/unreleased/9153-jit-provisioning-for-new-users.yml
...gelogs/unreleased/9153-jit-provisioning-for-new-users.yml
+5
-0
ee/spec/controllers/groups/sso_controller_spec.rb
ee/spec/controllers/groups/sso_controller_spec.rb
+10
-2
No files found.
ee/app/controllers/groups/sso_controller.rb
View file @
95759f18
...
...
@@ -49,26 +49,33 @@ class Groups::SsoController < Groups::ApplicationController
private
def
new_user
@new_user
||=
User
.
new
(
new_user_params
.
merge
(
idp_user_data
)
)
@new_user
||=
User
.
new
(
new_user_params
)
end
# Devise compatible name
alias_method
:resource
,
:new_user
helper_method
:resource
def
new_user_params
params
.
fetch
(
:new_user
,
{}).
permit
(
:username
,
:name
)
new_user_params
=
params
.
fetch
(
:new_user
,
{}).
permit
(
:username
,
:name
).
merge
(
email:
oauth_data
.
email
,
name:
oauth_data
.
name
)
new_user_params
[
:username
]
=
generate_unique_username
unless
new_user_params
[
:username
]
new_user_params
end
def
idp_user_data
return
{}
unless
session
[
'oauth_data'
]
&&
session
[
'oauth_group_id'
]
==
unauthenticated_group
.
id
data
=
Gitlab
::
Auth
::
OAuth
::
AuthHash
.
new
(
session
[
'oauth_data'
])
{
email:
data
.
email
,
name:
data
.
name
}
def
generate_unique_username
username
=
::
Namespace
.
clean_path
(
oauth_data
.
username
)
Uniquify
.
new
.
string
(
username
)
{
|
s
|
!
NamespacePathValidator
.
valid_path?
(
s
)
}
end
def
check_oauth_data
route_not_found
unless
unauthenticated_group
.
saml_provider
.
enforced_group_managed_accounts?
&&
idp_user_data
.
present?
route_not_found
unless
unauthenticated_group
.
saml_provider
.
enforced_group_managed_accounts?
&&
oauth_data
.
present?
end
def
oauth_data
@oauth_data
||=
begin
if
session
[
'oauth_data'
]
&&
session
[
'oauth_group_id'
]
==
unauthenticated_group
.
id
Gitlab
::
Auth
::
OAuth
::
AuthHash
.
new
(
session
[
'oauth_data'
])
end
end
end
def
render_sign_up_form
...
...
ee/changelogs/unreleased/9153-jit-provisioning-for-new-users.yml
0 → 100644
View file @
95759f18
---
title
:
JIT users provisioning for group SAML
merge_request
:
13552
author
:
type
:
added
ee/spec/controllers/groups/sso_controller_spec.rb
View file @
95759f18
...
...
@@ -135,12 +135,20 @@ describe Groups::SsoController do
context
'and group managed accounts enforced'
do
context
'and oauth data available'
do
let
(
:oauth_data
)
{
{
"info"
=>
{
"name"
=>
'Test'
,
"email"
=>
'email
@email.com'
}
}
}
let
(
:oauth_data
)
{
{
"info"
=>
{
name:
'Test'
,
email:
'testuser
@email.com'
}
}
}
it
'has status 200'
do
expect
(
subject
).
to
have_gitlab_http_status
(
200
)
end
it
'suggests first available username automatically'
do
create
(
:user
,
username:
'testuser'
)
subject
expect
(
controller
.
helpers
.
resource
.
username
).
to
eq
'testuser1'
end
context
'and belongs to different group'
do
let
(
:oauth_group_id
)
{
group
.
id
+
1
}
...
...
@@ -175,7 +183,7 @@ describe Groups::SsoController do
end
let
(
:new_user_data
)
{
{
username:
"myusername"
}
}
let
(
:oauth_data
)
{
{
"info"
=>
{
"name"
=>
'Test'
,
"email"
=>
'email
@email.com'
}
}
}
let
(
:oauth_data
)
{
{
"info"
=>
{
name:
'Test'
,
email:
'testuser
@email.com'
}
}
}
let!
(
:saml_provider
)
{
create
(
:saml_provider
,
:enforced_group_managed_accounts
,
group:
group
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment