Rename method based on cr comment

ee/app/controllers/concerns/ee/membership_actions.rb

@@ -8,7 +8,7 @@ module EE
     def leave
       super
 
-      if current_user.authorized_by_provisioning_group? && membershipable == current_user.provisioned_by_group
+      if current_user.authorized_by_provisioning_group?(membershipable)
         sign_out current_user
       end
     end

ee/app/controllers/groups/sso_controller.rb

@@ -33,7 +33,7 @@ class Groups::SsoController < Groups::ApplicationController
 
     GroupSaml::Identity::DestroyService.new(linked_identity).execute
 
-    if current_user.authorized_by_provisioning_group? && unauthenticated_group == current_user.provisioned_by_group
+    if current_user.authorized_by_provisioning_group?(unauthenticated_group)
       sign_out current_user
     else
       redirect_to profile_account_path

ee/app/models/ee/user.rb

@@ -298,10 +298,6 @@ module EE
       managing_group.present?
     end
 
-    def authorized_by_provisioning_group?
-      ::Feature.enabled?(:block_password_auth_for_saml_users, type: :ops) && user_detail.provisioned_by_group?
-    end
-
     def managed_by?(user)
       self.group_managed_account? && self.managing_group.owned_by?(user)
     end
@@ -318,7 +314,7 @@ module EE
     override :allow_password_authentication_for_web?
     def allow_password_authentication_for_web?(*)
       return false if group_managed_account?
-      return false if authorized_by_provisioning_group?
+      return false if user_authorized_by_provisioning_group?
 
       super
     end
@@ -326,11 +322,19 @@ module EE
     override :allow_password_authentication_for_git?
     def allow_password_authentication_for_git?(*)
       return false if group_managed_account?
-      return false if authorized_by_provisioning_group?
+      return false if user_authorized_by_provisioning_group?
 
       super
     end
 
+    def user_authorized_by_provisioning_group?
+      ::Feature.enabled?(:block_password_auth_for_saml_users, type: :ops) && user_detail.provisioned_by_group?
+    end
+
+    def authorized_by_provisioning_group?(group)
+      ::Feature.enabled?(:block_password_auth_for_saml_users, type: :ops) && provisioned_by_group == group
+    end
+
     def gitlab_employee?
       strong_memoize(:gitlab_employee) do
         ::Gitlab.com? && ::Feature.enabled?(:gitlab_employee_badge) && gitlab_team_member?

ee/lib/gitlab/auth/group_saml/user.rb

@@ -52,9 +52,9 @@ module Gitlab
         def find_by_email
           user = super
 
-          return user if user&.authorized_by_provisioning_group? && user&.provisioned_by_group_id == saml_provider.group_id
+          return user if user&.authorized_by_provisioning_group?(saml_provider.group)
 
-          false
+          nil
         end
 
         override :build_new_user