Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled

Signed-off-by: Rémy Coutable <remy@rymai.me>

Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled
Signed-off-by: Rémy Coutable <remy@rymai.me>
f4b30c6d · Douwe Maan · Rémy Coutable · 7d10817c · f4b30c6d · f4b30c6d
Commit f4b30c6d authored Apr 24, 2017 by Douwe Maan Committed by Rémy Coutable Apr 25, 2017
6 changed files
--- a/app/services/users/create_service.rb
+++ b/app/services/users/create_service.rb
@@ -6,8 +6,8 @@ module Users
      @params = params.dup
    end
-    def build
+    def build(skip_authorization: false)
-      raise Gitlab::Access::AccessDeniedError unless can_create_user?
+      raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_create_user?
      user = User.new(build_user_params)
@@ -32,8 +32,8 @@ module Users
      user
    end
-    def execute
+    def execute(skip_authorization: false)
-      user = build
+      user = build(skip_authorization: skip_authorization)
      if user.save
        log_info("User \"#{user.name}\" (#{user.email}) was created")

--- a/changelogs/unreleased/dm-fix-oauth-user-creation.yml
+++ b/changelogs/unreleased/dm-fix-oauth-user-creation.yml
+---
+title: Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled
+merge_request:
+author:
--- a/lib/gitlab/o_auth/user.rb
+++ b/lib/gitlab/o_auth/user.rb
@@ -148,7 +148,7 @@ module Gitlab
      def build_new_user
        user_params = user_attributes.merge(extern_uid: auth_hash.uid, provider: auth_hash.provider, skip_confirmation: true)
-        Users::CreateService.new(nil, user_params).build
+        Users::CreateService.new(nil, user_params).build(skip_authorization: true)
      end
      def user_attributes

--- a/spec/lib/gitlab/ldap/user_spec.rb
+++ b/spec/lib/gitlab/ldap/user_spec.rb
@@ -108,6 +108,18 @@ describe Gitlab::LDAP::User, lib: true do
    it "creates a new user if not found" do
      expect{ ldap_user.save }.to change{ User.count }.by(1)
    end
+    context 'when signup is disabled' do
+      before do
+        stub_application_setting signup_enabled: false
+      end
+      it 'creates the user' do
+        ldap_user.save
+        expect(gl_user).to be_persisted
+      end
+    end
  end
  describe 'updating email' do

--- a/spec/lib/gitlab/o_auth/user_spec.rb
+++ b/spec/lib/gitlab/o_auth/user_spec.rb
@@ -40,6 +40,20 @@ describe Gitlab::OAuth::User, lib: true do
    let(:provider) { 'twitter' }
    describe 'signup' do
+      context 'when signup is disabled' do
+        before do
+          stub_application_setting signup_enabled: false
+        end
+        it 'creates the user' do
+          stub_omniauth_config(allow_single_sign_on: ['twitter'])
+          oauth_user.save
+          expect(gl_user).to be_persisted
+        end
+      end
      it 'marks user as having password_automatically_set' do
        stub_omniauth_config(allow_single_sign_on: ['twitter'], external_providers: ['twitter'])

--- a/spec/lib/gitlab/saml/user_spec.rb
+++ b/spec/lib/gitlab/saml/user_spec.rb
@@ -211,6 +211,18 @@ describe Gitlab::Saml::User, lib: true do
          end
        end
      end
+      context 'when signup is disabled' do
+        before do
+          stub_application_setting signup_enabled: false
+        end
+        it 'creates the user' do
+          saml_user.save
+          expect(gl_user).to be_persisted
+        end
+      end
    end
    describe 'blocking' do