Ensures that OAuth/LDAP/SAML users don't need to be confirmed (!10925) · Merge requests · GitLab.org / GitLab FOSS · GitLab

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

username-removed-128633 requested to merge 31294-fix-oauth-users-do-not-need-to-be-confirmed into 9-1-stable Apr 25, 2017

What does this MR do?

This ensures user created via OAuth/LDAP/SAML don't need to confirm their email.

In some cases, OAuth generated users get an auto-generated email (https://gitlab.com/gitlab-org/gitlab-ce/blob/cc52dfab92116ca91fda37e07ad9cef21a62ce69/lib/gitlab/o_auth/auth_hash.rb#L57), and the Users::CreateService wasn't taking in account the skip_confirmation param if the current_user wasn't an admin (it would set it to !current_application_settings.send_user_confirmation_email in that case.

This MR fixes that by whitelisting :skip_confirmation when skip_authorization is true.

Why was this MR needed?

This caused bad LDAP regressions in 9.1.

Does this MR meet the acceptance criteria?

Changelog entry added, if necessary
Tests
- Added for this feature/bug
- All builds are passing
Conform by the merge request performance guides
Conform by the style guides
Branch has no merge conflicts with master (if it does - rebase it please)
Squashed related commits together

What are the relevant issue numbers?

Closes #31294 (closed)

/cc @stanhu @felipe_artur @godfat