Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled

Signed-off-by: Rémy Coutable <remy@rymai.me>

Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled
f4b30c6d · Douwe Maan · Rémy Coutable · 7d10817c · f4b30c6d · f4b30c6d
Verified Commit f4b30c6d authored 7 years ago by Douwe Maan Committed by Rémy Coutable 7 years ago
--- a/app/services/users/create_service.rb
+++ b/app/services/users/create_service.rb
@@ -6,8 +6,8 @@ module Users
      @params = params.dup
    end
  
-    def build
-      raise Gitlab::Access::AccessDeniedError unless can_create_user?
+    def build(skip_authorization: false)
+      raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_create_user?
  
      user = User.new(build_user_params)
  
@@ -32,8 +32,8 @@ module Users
      user
    end
  
-    def execute
-      user = build
+    def execute(skip_authorization: false)
+      user = build(skip_authorization: skip_authorization)
  
      if user.save
        log_info("User \"#{user.name}\" (#{user.email}) was created")

--- a/changelogs/unreleased/dm-fix-oauth-user-creation.yml
+++ b/changelogs/unreleased/dm-fix-oauth-user-creation.yml
+---
+title: Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled
+merge_request:
+author:
--- a/lib/gitlab/o_auth/user.rb
+++ b/lib/gitlab/o_auth/user.rb
@@ -148,7 +148,7 @@ module Gitlab
  
      def build_new_user
        user_params = user_attributes.merge(extern_uid: auth_hash.uid, provider: auth_hash.provider, skip_confirmation: true)
-        Users::CreateService.new(nil, user_params).build
+        Users::CreateService.new(nil, user_params).build(skip_authorization: true)
      end
  
      def user_attributes

--- a/spec/lib/gitlab/ldap/user_spec.rb
+++ b/spec/lib/gitlab/ldap/user_spec.rb
@@ -108,6 +108,18 @@ describe Gitlab::LDAP::User, lib: true do
    it "creates a new user if not found" do
      expect{ ldap_user.save }.to change{ User.count }.by(1)
    end
+
+    context 'when signup is disabled' do
+      before do
+        stub_application_setting signup_enabled: false
+      end
+
+      it 'creates the user' do
+        ldap_user.save
+
+        expect(gl_user).to be_persisted
+      end
+    end
  end
  
  describe 'updating email' do

--- a/spec/lib/gitlab/o_auth/user_spec.rb
+++ b/spec/lib/gitlab/o_auth/user_spec.rb
@@ -40,6 +40,20 @@ describe Gitlab::OAuth::User, lib: true do
    let(:provider) { 'twitter' }
  
    describe 'signup' do
+      context 'when signup is disabled' do
+        before do
+          stub_application_setting signup_enabled: false
+        end
+
+        it 'creates the user' do
+          stub_omniauth_config(allow_single_sign_on: ['twitter'])
+
+          oauth_user.save
+
+          expect(gl_user).to be_persisted
+        end
+      end
+
      it 'marks user as having password_automatically_set' do
        stub_omniauth_config(allow_single_sign_on: ['twitter'], external_providers: ['twitter'])
  

--- a/spec/lib/gitlab/saml/user_spec.rb
+++ b/spec/lib/gitlab/saml/user_spec.rb
@@ -211,6 +211,18 @@ describe Gitlab::Saml::User, lib: true do
          end
        end
      end
+
+      context 'when signup is disabled' do
+        before do
+          stub_application_setting signup_enabled: false
+        end
+
+        it 'creates the user' do
+          saml_user.save
+
+          expect(gl_user).to be_persisted
+        end
+      end
    end
  
    describe 'blocking' do