Remove :enforced_sso_requires_session feature flag

This feature has been enabled on GitLab.com for 7 months. See: https://gitlab.com/gitlab-org/gitlab/-/issues/11757

Remove :enforced_sso_requires_session feature flag
This feature has been enabled on GitLab.com for 7 months. See: https://gitlab.com/gitlab-org/gitlab/-/issues/11757
9d449b1c · James Edwards-Jones · 5ff7043e · 9d449b1c · 9d449b1c · 9d449b1c
Commit 9d449b1c authored May 12, 2020 by James Edwards-Jones
9 changed files
--- a/ee/app/views/groups/saml_providers/_form.html.haml
+++ b/ee/app/views/groups/saml_providers/_form.html.haml
@@ -10,7 +10,7 @@
      %label.toggle-wrapper.mb-0.js-group-saml-enforced-sso-toggle-area
        = render "shared/buttons/project_feature_toggle", is_checked: saml_provider.enforced_sso, disabled: !saml_provider.enabled?, label: s_("GroupSAML|Enforced SSO"), class_list: "js-project-feature-toggle js-group-saml-enforced-sso-toggle project-feature-toggle d-inline", data: { qa_selector: 'enforced_sso_toggle_button' } do
          = f.hidden_field :enforced_sso, { class: 'js-group-saml-enforced-sso-input js-project-feature-toggle-input'}
-        %span.form-text.d-inline.font-weight-normal.align-text-bottom.ml-3= Feature.enabled?(:enforced_sso_requires_session, group) ? s_('GroupSAML|Enforce SSO-only authentication for this group.') : s_('GroupSAML|Enforce SSO-only membership for this group.')
+        %span.form-text.d-inline.font-weight-normal.align-text-bottom.ml-3= s_('GroupSAML|Enforce SSO-only authentication for this group.')
      .form-text.text-muted.js-helper-text{ style: "display: #{'none' if saml_provider.enabled?} #{'block' unless saml_provider.enabled?}" }
        %span
          = s_('GroupSAML|To be able to enable enforced SSO, you first need to enable SAML authentication.')

--- a/ee/lib/gitlab/auth/group_saml/sso_enforcer.rb
+++ b/ee/lib/gitlab/auth/group_saml/sso_enforcer.rb
@@ -25,13 +25,12 @@ module Gitlab
        end

        def access_restricted?
-          saml_enforced? && !active_session? && ::Feature.enabled?(:enforced_sso_requires_session, group)
+          saml_enforced? && !active_session?
        end

        def self.group_access_restricted?(group)
          return false unless group
          return false unless group.root_ancestor
-          return false unless ::Feature.enabled?(:enforced_sso_requires_session, group.root_ancestor)

          saml_provider = group.root_ancestor.saml_provider


--- a/ee/spec/lib/gitlab/auth/group_saml/sso_enforcer_spec.rb
+++ b/ee/spec/lib/gitlab/auth/group_saml/sso_enforcer_spec.rb
@@ -45,7 +45,7 @@ describe Gitlab::Auth::GroupSaml::SsoEnforcer do

    describe 'enforced sso expiry' do
      before do
-        stub_feature_flags(enforced_sso_requires_session: saml_provider.group)
+        stub_feature_flags(enforced_sso_expiry: saml_provider.group)
      end

      it 'returns true if a sign in is recently recorded' do
@@ -103,10 +103,6 @@ describe Gitlab::Auth::GroupSaml::SsoEnforcer do
    let(:root_group) { create(:group, saml_provider: create(:saml_provider, enabled: true, enforced_sso: true)) }

    context 'is restricted' do
-      before do
-        stub_feature_flags(enforced_sso_requires_session: root_group)
-      end
-
      it 'for a group' do
        expect(described_class).to be_group_access_restricted(root_group)
      end
@@ -124,17 +120,10 @@ describe Gitlab::Auth::GroupSaml::SsoEnforcer do
      end
    end

-    context 'is not restricted' do
-      it 'for the group without configured saml_provider' do
-        group = create(:group)
-        stub_feature_flags(enforced_sso_requires_session: group)
-
-        expect(described_class).not_to be_group_access_restricted(group)
-      end
-
-      it 'for the group without the feature flag' do
-        stub_feature_flags(enforced_sso_requires_session: false)
+    context 'for a group without a saml_provider configured' do
+      let(:root_group) { create(:group) }

+      it 'is not restricted' do
        expect(described_class).not_to be_group_access_restricted(root_group)
      end
    end

--- a/ee/spec/requests/api/graphql/group_query_spec.rb
+++ b/ee/spec/requests/api/graphql/group_query_spec.rb
@@ -17,7 +17,6 @@ describe 'getting group information' do

      before do
        stub_licensed_features(group_saml: true)
-        stub_feature_flags(enforced_sso_requires_session: true)
        saml_provider = create(:saml_provider, enforced_sso: true, group: group)
        create(:group_saml_identity, saml_provider: saml_provider, user: user)
        group.add_guest(user)

--- a/ee/spec/requests/api/projects_spec.rb
+++ b/ee/spec/requests/api/projects_spec.rb
@@ -814,7 +814,6 @@ describe API::Projects do
      end

      before do
-        stub_feature_flags(enforced_sso_requires_session: false)
        stub_licensed_features(group_saml: true)
      end


--- a/ee/spec/requests/jwt_controller_spec.rb
+++ b/ee/spec/requests/jwt_controller_spec.rb
@@ -21,10 +21,6 @@ describe JwtController do
      let!(:saml_provider) { create(:saml_provider, enforced_sso: true, group: group) }
      let!(:identity) { create(:group_saml_identity, saml_provider: saml_provider, user: user) }

-      before do
-        stub_feature_flags(enforced_sso_requires_session: true)
-      end
-
      it 'allows access' do
        get '/jwt/auth', params: parameters, headers: headers


--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -10621,9 +10621,6 @@ msgstr ""
 msgid "GroupSAML|Enforce SSO-only authentication for this group."
 msgstr ""

-msgid "GroupSAML|Enforce SSO-only membership for this group."
-msgstr ""
-
 msgid "GroupSAML|Enforce users to have dedicated group managed accounts for this group."
 msgstr ""


--- a/qa/qa/specs/features/ee/browser_ui/1_manage/group/group_saml_enforced_sso_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/1_manage/group/group_saml_enforced_sso_spec.rb
@@ -51,7 +51,7 @@ module QA

      after do
        page.visit Runtime::Scenario.gitlab_address
-        %w[enforced_sso_requires_session group_administration_nav_item].each do |flag|
+        %w[group_administration_nav_item].each do |flag|
          Runtime::Feature.remove(flag)
        end


--- a/qa/qa/specs/features/ee/browser_ui/1_manage/group/group_saml_group_managed_accounts_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/1_manage/group/group_saml_group_managed_accounts_spec.rb
@@ -85,7 +85,7 @@ module QA
      after(:all) do
        page.visit Runtime::Scenario.gitlab_address

-        %w[enforced_sso_requires_session group_managed_accounts sign_up_on_sso group_scim group_administration_nav_item].each do |flag|
+        %w[group_managed_accounts sign_up_on_sso group_scim group_administration_nav_item].each do |flag|
          Runtime::Feature.remove(flag)
        end

@@ -119,7 +119,7 @@ module QA
    end

    def setup_and_enable_group_managed_accounts
-      %w[enforced_sso_requires_session group_managed_accounts sign_up_on_sso group_scim group_administration_nav_item].each do |flag|
+      %w[group_managed_accounts sign_up_on_sso group_scim group_administration_nav_item].each do |flag|
        Runtime::Feature.enable_and_verify(flag)
      end