Commit 9d449b1c authored by James Edwards-Jones's avatar James Edwards-Jones

Remove :enforced_sso_requires_session feature flag

This feature has been enabled on GitLab.com for 7 months.

See: https://gitlab.com/gitlab-org/gitlab/-/issues/11757
parent 5ff7043e
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
%label.toggle-wrapper.mb-0.js-group-saml-enforced-sso-toggle-area %label.toggle-wrapper.mb-0.js-group-saml-enforced-sso-toggle-area
= render "shared/buttons/project_feature_toggle", is_checked: saml_provider.enforced_sso, disabled: !saml_provider.enabled?, label: s_("GroupSAML|Enforced SSO"), class_list: "js-project-feature-toggle js-group-saml-enforced-sso-toggle project-feature-toggle d-inline", data: { qa_selector: 'enforced_sso_toggle_button' } do = render "shared/buttons/project_feature_toggle", is_checked: saml_provider.enforced_sso, disabled: !saml_provider.enabled?, label: s_("GroupSAML|Enforced SSO"), class_list: "js-project-feature-toggle js-group-saml-enforced-sso-toggle project-feature-toggle d-inline", data: { qa_selector: 'enforced_sso_toggle_button' } do
= f.hidden_field :enforced_sso, { class: 'js-group-saml-enforced-sso-input js-project-feature-toggle-input'} = f.hidden_field :enforced_sso, { class: 'js-group-saml-enforced-sso-input js-project-feature-toggle-input'}
%span.form-text.d-inline.font-weight-normal.align-text-bottom.ml-3= Feature.enabled?(:enforced_sso_requires_session, group) ? s_('GroupSAML|Enforce SSO-only authentication for this group.') : s_('GroupSAML|Enforce SSO-only membership for this group.') %span.form-text.d-inline.font-weight-normal.align-text-bottom.ml-3= s_('GroupSAML|Enforce SSO-only authentication for this group.')
.form-text.text-muted.js-helper-text{ style: "display: #{'none' if saml_provider.enabled?} #{'block' unless saml_provider.enabled?}" } .form-text.text-muted.js-helper-text{ style: "display: #{'none' if saml_provider.enabled?} #{'block' unless saml_provider.enabled?}" }
%span %span
= s_('GroupSAML|To be able to enable enforced SSO, you first need to enable SAML authentication.') = s_('GroupSAML|To be able to enable enforced SSO, you first need to enable SAML authentication.')
......
...@@ -25,13 +25,12 @@ module Gitlab ...@@ -25,13 +25,12 @@ module Gitlab
end end
def access_restricted? def access_restricted?
saml_enforced? && !active_session? && ::Feature.enabled?(:enforced_sso_requires_session, group) saml_enforced? && !active_session?
end end
def self.group_access_restricted?(group) def self.group_access_restricted?(group)
return false unless group return false unless group
return false unless group.root_ancestor return false unless group.root_ancestor
return false unless ::Feature.enabled?(:enforced_sso_requires_session, group.root_ancestor)
saml_provider = group.root_ancestor.saml_provider saml_provider = group.root_ancestor.saml_provider
......
...@@ -45,7 +45,7 @@ describe Gitlab::Auth::GroupSaml::SsoEnforcer do ...@@ -45,7 +45,7 @@ describe Gitlab::Auth::GroupSaml::SsoEnforcer do
describe 'enforced sso expiry' do describe 'enforced sso expiry' do
before do before do
stub_feature_flags(enforced_sso_requires_session: saml_provider.group) stub_feature_flags(enforced_sso_expiry: saml_provider.group)
end end
it 'returns true if a sign in is recently recorded' do it 'returns true if a sign in is recently recorded' do
...@@ -103,10 +103,6 @@ describe Gitlab::Auth::GroupSaml::SsoEnforcer do ...@@ -103,10 +103,6 @@ describe Gitlab::Auth::GroupSaml::SsoEnforcer do
let(:root_group) { create(:group, saml_provider: create(:saml_provider, enabled: true, enforced_sso: true)) } let(:root_group) { create(:group, saml_provider: create(:saml_provider, enabled: true, enforced_sso: true)) }
context 'is restricted' do context 'is restricted' do
before do
stub_feature_flags(enforced_sso_requires_session: root_group)
end
it 'for a group' do it 'for a group' do
expect(described_class).to be_group_access_restricted(root_group) expect(described_class).to be_group_access_restricted(root_group)
end end
...@@ -124,17 +120,10 @@ describe Gitlab::Auth::GroupSaml::SsoEnforcer do ...@@ -124,17 +120,10 @@ describe Gitlab::Auth::GroupSaml::SsoEnforcer do
end end
end end
context 'is not restricted' do context 'for a group without a saml_provider configured' do
it 'for the group without configured saml_provider' do let(:root_group) { create(:group) }
group = create(:group)
stub_feature_flags(enforced_sso_requires_session: group)
expect(described_class).not_to be_group_access_restricted(group)
end
it 'for the group without the feature flag' do
stub_feature_flags(enforced_sso_requires_session: false)
it 'is not restricted' do
expect(described_class).not_to be_group_access_restricted(root_group) expect(described_class).not_to be_group_access_restricted(root_group)
end end
end end
......
...@@ -17,7 +17,6 @@ describe 'getting group information' do ...@@ -17,7 +17,6 @@ describe 'getting group information' do
before do before do
stub_licensed_features(group_saml: true) stub_licensed_features(group_saml: true)
stub_feature_flags(enforced_sso_requires_session: true)
saml_provider = create(:saml_provider, enforced_sso: true, group: group) saml_provider = create(:saml_provider, enforced_sso: true, group: group)
create(:group_saml_identity, saml_provider: saml_provider, user: user) create(:group_saml_identity, saml_provider: saml_provider, user: user)
group.add_guest(user) group.add_guest(user)
......
...@@ -814,7 +814,6 @@ describe API::Projects do ...@@ -814,7 +814,6 @@ describe API::Projects do
end end
before do before do
stub_feature_flags(enforced_sso_requires_session: false)
stub_licensed_features(group_saml: true) stub_licensed_features(group_saml: true)
end end
......
...@@ -21,10 +21,6 @@ describe JwtController do ...@@ -21,10 +21,6 @@ describe JwtController do
let!(:saml_provider) { create(:saml_provider, enforced_sso: true, group: group) } let!(:saml_provider) { create(:saml_provider, enforced_sso: true, group: group) }
let!(:identity) { create(:group_saml_identity, saml_provider: saml_provider, user: user) } let!(:identity) { create(:group_saml_identity, saml_provider: saml_provider, user: user) }
before do
stub_feature_flags(enforced_sso_requires_session: true)
end
it 'allows access' do it 'allows access' do
get '/jwt/auth', params: parameters, headers: headers get '/jwt/auth', params: parameters, headers: headers
......
...@@ -10621,9 +10621,6 @@ msgstr "" ...@@ -10621,9 +10621,6 @@ msgstr ""
msgid "GroupSAML|Enforce SSO-only authentication for this group." msgid "GroupSAML|Enforce SSO-only authentication for this group."
msgstr "" msgstr ""
msgid "GroupSAML|Enforce SSO-only membership for this group."
msgstr ""
msgid "GroupSAML|Enforce users to have dedicated group managed accounts for this group." msgid "GroupSAML|Enforce users to have dedicated group managed accounts for this group."
msgstr "" msgstr ""
......
...@@ -51,7 +51,7 @@ module QA ...@@ -51,7 +51,7 @@ module QA
after do after do
page.visit Runtime::Scenario.gitlab_address page.visit Runtime::Scenario.gitlab_address
%w[enforced_sso_requires_session group_administration_nav_item].each do |flag| %w[group_administration_nav_item].each do |flag|
Runtime::Feature.remove(flag) Runtime::Feature.remove(flag)
end end
......
...@@ -85,7 +85,7 @@ module QA ...@@ -85,7 +85,7 @@ module QA
after(:all) do after(:all) do
page.visit Runtime::Scenario.gitlab_address page.visit Runtime::Scenario.gitlab_address
%w[enforced_sso_requires_session group_managed_accounts sign_up_on_sso group_scim group_administration_nav_item].each do |flag| %w[group_managed_accounts sign_up_on_sso group_scim group_administration_nav_item].each do |flag|
Runtime::Feature.remove(flag) Runtime::Feature.remove(flag)
end end
...@@ -119,7 +119,7 @@ module QA ...@@ -119,7 +119,7 @@ module QA
end end
def setup_and_enable_group_managed_accounts def setup_and_enable_group_managed_accounts
%w[enforced_sso_requires_session group_managed_accounts sign_up_on_sso group_scim group_administration_nav_item].each do |flag| %w[group_managed_accounts sign_up_on_sso group_scim group_administration_nav_item].each do |flag|
Runtime::Feature.enable_and_verify(flag) Runtime::Feature.enable_and_verify(flag)
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment