Add saml_provider_id query param to Users API

Allows the `saml_provider_id` query param to be sent to the API endpoint GET `/api/users` to return only users created by the provided SAML provider id. Changelog: added MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66167 EE: true

Add saml_provider_id query param to Users API
Allows the `saml_provider_id` query param to be sent to the API endpoint GET `/api/users` to return only users created by the provided SAML provider id. Changelog: added MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66167 EE: true
0e78d906 · Jackie Fraser · ad1dbf5b · 0e78d906 · 0e78d906 · 0e78d906
Commit 0e78d906 authored Jul 14, 2021 by Jackie Fraser
5 changed files
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -109,6 +109,7 @@ GET /users
 | `two_factor`       | string  | no       | Filter users by Two-factor authentication. Filter values are `enabled` or `disabled`. By default it returns all users |
 | `without_projects` | boolean | no       | Filter users without projects. Default is `false`, which means that all users are returned, with and without projects. |
 | `admins`           | boolean | no       | Return only admin users. Default is `false`                                 |
+| `saml_provider_id` **(PREMIUM)** | number | no     | Return only users created by the specified SAML provider ID. If not included, it returns all users. |

 ```json
 [

--- a/ee/app/finders/ee/users_finder.rb
+++ b/ee/app/finders/ee/users_finder.rb
@@ -17,7 +17,7 @@ module EE
    end

    def by_saml_provider_id(users)
-      saml_provider_id = params[:by_saml_provider_id]
+      saml_provider_id = params[:saml_provider_id]
      return users unless saml_provider_id

      users.limit_to_saml_provider(saml_provider_id)

--- a/ee/lib/ee/api/helpers/users_helpers.rb
+++ b/ee/lib/ee/api/helpers/users_helpers.rb
@@ -16,6 +16,7 @@ module EE

          params :optional_index_params_ee do
            optional :skip_ldap, type: Grape::API::Boolean, default: false, desc: 'Skip LDAP users'
+            optional :saml_provider_id, type: Integer, desc: 'Return only users from the specified SAML provider Id'
          end
        end
      end

--- a/ee/spec/finders/users_finder_spec.rb
+++ b/ee/spec/finders/users_finder_spec.rb
@@ -40,7 +40,7 @@ RSpec.describe UsersFinder do
        end

        it 'returns only saml users from the provided saml_provider_id' do
-          users = described_class.new(normal_user, by_saml_provider_id: saml_provider.id).execute
+          users = described_class.new(normal_user, saml_provider_id: saml_provider.id).execute

          expect(users).to contain_exactly(saml_user)
        end

--- a/ee/spec/requests/api/users_spec.rb
+++ b/ee/spec/requests/api/users_spec.rb
@@ -182,6 +182,26 @@ RSpec.describe API::Users do
    end
  end

+  describe 'GET /api/users?saml_provider_id' do
+    context 'querying users by saml provider id' do
+      let(:group) { create(:group) }
+      let(:saml_provider) { create(:saml_provider, group: group, enabled: true, enforced_sso: true) }
+
+      it 'returns only users for the saml_provider_id' do
+        saml_user = create(:user)
+        create(:identity, provider: 'group_saml1', saml_provider_id: saml_provider.id, user: saml_user)
+        non_saml_user = create(:user)
+
+        get api("/users", user), params: { saml_provider_id: saml_provider.id }
+
+        expect(response).to match_response_schema('public_api/v4/user/basics')
+        expect(response).to include_pagination_headers
+        expect(json_response.map { |u| u['id'] }).to include(saml_user.id)
+        expect(json_response.map { |u| u['id'] }).not_to include(non_saml_user.id)
+      end
+    end
+  end
+
  describe 'GET /user/:id' do
    context 'when authenticated' do
      context 'as an admin' do