Commit 5c2f4073 authored by James Fargher's avatar James Fargher

Merge branch 'if-233137-scim_provisioning_avoid_identity_creation_without_membership' into 'master'

SCIM provisioning to avoid creating SCIM identity without membership

See merge request gitlab-org/gitlab!39259
parents 6aaddc4a 730e5853
---
title: SCIM provisioning to avoid creating SCIM identity without membership
merge_request: 39259
author:
type: fixed
...@@ -39,7 +39,7 @@ module EE ...@@ -39,7 +39,7 @@ module EE
end end
def create_identity_and_member def create_identity_and_member
return success_response if identity.save && member.errors.empty? return success_response if member.valid? && identity.save
error_response(objects: [identity, member]) error_response(objects: [identity, member])
end end
......
...@@ -6,7 +6,12 @@ RSpec.describe ::EE::Gitlab::Scim::ProvisioningService do ...@@ -6,7 +6,12 @@ RSpec.describe ::EE::Gitlab::Scim::ProvisioningService do
describe '#execute' do describe '#execute' do
let(:group) { create(:group) } let(:group) { create(:group) }
let(:service) { described_class.new(group, service_params) } let(:service) { described_class.new(group, service_params) }
let!(:saml_provider) { create(:saml_provider, group: group, default_membership_role: Gitlab::Access::DEVELOPER) } let(:enforced_sso) { false }
let!(:saml_provider) do
create(:saml_provider, group: group,
enforced_sso: enforced_sso,
default_membership_role: Gitlab::Access::DEVELOPER)
end
before do before do
stub_licensed_features(group_saml: true) stub_licensed_features(group_saml: true)
...@@ -195,6 +200,22 @@ RSpec.describe ::EE::Gitlab::Scim::ProvisioningService do ...@@ -195,6 +200,22 @@ RSpec.describe ::EE::Gitlab::Scim::ProvisioningService do
it 'creates the group member' do it 'creates the group member' do
expect { service.execute }.to change { GroupMember.count }.by(1) expect { service.execute }.to change { GroupMember.count }.by(1)
end end
context 'with enforced SSO' do
let(:enforced_sso) { true }
it 'does not create the group member' do
expect { service.execute }.not_to change { GroupMember.count }
end
it 'does not create the SAML identity' do
expect { service.execute }.not_to change { Identity.count }
end
it 'does not create the SCIM identity' do
expect { service.execute }.not_to change { ScimIdentity.count }
end
end
end end
context 'when user is an existing group member' do context 'when user is an existing group member' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment