Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled

d7e2ac72 · Douwe Maan · Stan Hu · 080aac05 · d7e2ac72 · d7e2ac72
Commit d7e2ac72 authored Apr 24, 2017 by Douwe Maan Committed by Stan Hu Apr 24, 2017
7 changed files
--- a/app/services/users/build_service.rb
+++ b/app/services/users/build_service.rb
@@ -6,8 +6,8 @@ module Users
      @params = params.dup
    end
-    def execute
+    def execute(skip_authorization: false)
-      raise Gitlab::Access::AccessDeniedError unless can_create_user?
+      raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_create_user?
      user = User.new(build_user_params)

--- a/app/services/users/create_service.rb
+++ b/app/services/users/create_service.rb
@@ -6,8 +6,8 @@ module Users
      @params = params.dup
    end
-    def execute
+    def execute(skip_authorization: false)
-      user = Users::BuildService.new(current_user, params).execute
+      user = Users::BuildService.new(current_user, params).execute(skip_authorization: skip_authorization)
      @reset_token = user.generate_reset_token if user.recently_sent_password_reset?

--- a/changelogs/unreleased/dm-fix-oauth-user-creation.yml
+++ b/changelogs/unreleased/dm-fix-oauth-user-creation.yml
+---
+title: Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled
+merge_request:
+author:
--- a/lib/gitlab/o_auth/user.rb
+++ b/lib/gitlab/o_auth/user.rb
@@ -148,7 +148,7 @@ module Gitlab
      def build_new_user
        user_params = user_attributes.merge(extern_uid: auth_hash.uid, provider: auth_hash.provider, skip_confirmation: true)
-        Users::BuildService.new(nil, user_params).execute
+        Users::BuildService.new(nil, user_params).execute(skip_authorization: true)
      end
      def user_attributes

--- a/spec/lib/gitlab/ldap/user_spec.rb
+++ b/spec/lib/gitlab/ldap/user_spec.rb
@@ -108,6 +108,18 @@ describe Gitlab::LDAP::User, lib: true do
    it "creates a new user if not found" do
      expect{ ldap_user.save }.to change{ User.count }.by(1)
    end
+    context 'when signup is disabled' do
+      before do
+        stub_application_setting signup_enabled: false
+      end
+      it 'creates the user' do
+        ldap_user.save
+        expect(gl_user).to be_persisted
+      end
+    end
  end
  describe 'updating email' do

--- a/spec/lib/gitlab/o_auth/user_spec.rb
+++ b/spec/lib/gitlab/o_auth/user_spec.rb
@@ -40,6 +40,20 @@ describe Gitlab::OAuth::User, lib: true do
    let(:provider) { 'twitter' }
    describe 'signup' do
+      context 'when signup is disabled' do
+        before do
+          stub_application_setting signup_enabled: false
+        end
+        it 'creates the user' do
+          stub_omniauth_config(allow_single_sign_on: ['twitter'])
+          oauth_user.save
+          expect(gl_user).to be_persisted
+        end
+      end
      it 'marks user as having password_automatically_set' do
        stub_omniauth_config(allow_single_sign_on: ['twitter'], external_providers: ['twitter'])

--- a/spec/lib/gitlab/saml/user_spec.rb
+++ b/spec/lib/gitlab/saml/user_spec.rb
@@ -211,6 +211,18 @@ describe Gitlab::Saml::User, lib: true do
          end
        end
      end
+      context 'when signup is disabled' do
+        before do
+          stub_application_setting signup_enabled: false
+        end
+        it 'creates the user' do
+          saml_user.save
+          expect(gl_user).to be_persisted
+        end
+      end
    end
    describe 'blocking' do