Merge branch '276018-provisoned-accounts-welcome-email' into 'master'

Resolve "Provisoned Accounts - Welcome Email" See merge request gitlab-org/gitlab!51271

Merge branch '276018-provisoned-accounts-welcome-email' into 'master'
Resolve "Provisoned Accounts - Welcome Email" See merge request gitlab-org/gitlab!51271
ab6ee10c · Imre Farkas · 7fdd781b · 7e37b6ef · ab6ee10c · ab6ee10c
Commit ab6ee10c authored Jan 13, 2021 by Imre Farkas
16 changed files
--- a/app/mailers/emails/members.rb
+++ b/app/mailers/emails/members.rb
@@ -147,3 +147,5 @@ module Emails
    end
  end
 end
+
+Emails::Members.prepend_if_ee('EE::Emails::Members')
--- a/app/mailers/previews/devise_mailer_preview.rb
+++ b/app/mailers/previews/devise_mailer_preview.rb
@@ -31,6 +31,6 @@ class DeviseMailerPreview < ActionMailer::Preview
  private

  def unsaved_user
-    User.new(name: 'Jane Doe', email: 'jdoe@example.com')
+    User.new(name: 'Jane Doe', email: 'jdoe@example.com', created_at: 1.minute.ago)
  end
 end
--- a/app/models/members/group_member.rb
+++ b/app/models/members/group_member.rb
@@ -62,7 +62,9 @@ class GroupMember < Member
  end

  def post_create_hook
-    run_after_commit_or_now { notification_service.new_group_member(self) }
+    if send_welcome_email?
+      run_after_commit_or_now { notification_service.new_group_member(self) }
+    end

    super
  end
@@ -87,6 +89,10 @@ class GroupMember < Member

    super
  end
+
+  def send_welcome_email?
+    true
+  end
 end

 GroupMember.prepend_if_ee('EE::GroupMember')
--- a/app/views/notify/provisioned_member_access_granted_email.erb
+++ b/app/views/notify/provisioned_member_access_granted_email.erb
+<% source_link = member_source.web_url %>
+
+<%= _('An Enterprise User GitLab account has been created for you by your organization:') %>
+<%= _('Username: %{username}') % { username: @user.username } %>
+<%= _('Email: %{email}') % { email: @user.email } %>
+<%= _('GitLab group: %{source_link}').html_safe % { source_link: source_link } %>
+
+
+<%= _('By authenticating with an account tied to an Enterprise e-mail address, it is understood that this account is an Enterprise User. ') %>
+<%= _('To ensure no loss of personal content, an Individual User should create a separate account under their own personal email address, not tied to the Enterprise email domain or name-space.') %>
+<%- unless @user.confirmed? %>
+  <%= _('To get started, click the link below to confirm your account.') %>
+  <%= confirmation_url(@user, confirmation_token: @user.confirmation_token) %>
+<%- end %>
--- a/app/views/notify/provisioned_member_access_granted_email.haml
+++ b/app/views/notify/provisioned_member_access_granted_email.haml
+- source_link = link_to(member_source.human_name, member_source.web_url, target: '_blank', rel: 'noopener noreferrer', class: :highlight)
+- confirmation_link = confirmation_url(@user, confirmation_token: @user.confirmation_token)
+
+%tr
+  %td.text-content
+    %p
+      = _('An Enterprise User GitLab account has been created for you by your organization:')
+    %p
+      = _('Username: %{username}') % { username: @user.username }
+      %br
+      = _('Email: %{email}') % { email: @user.email }
+      %br
+      = _('GitLab group: %{source_link}').html_safe % { source_link: source_link }
+
+%tr
+  %td.text-content
+    %p
+      = _('By authenticating with an account tied to an Enterprise e-mail address, it is understood that this account is an Enterprise User. ')
+      = _('To ensure no loss of personal content, an Individual User should create a separate account under their own personal email address, not tied to the Enterprise email domain or name-space.')
+    - unless @user.confirmed?
+      %p
+        = _('To get started, click the link below to confirm your account.')
+      %p
+        = link_to 'Confirm your account', confirmation_link
--- a/changelogs/unreleased/276018-provisoned-accounts-welcome-email.yml
+++ b/changelogs/unreleased/276018-provisoned-accounts-welcome-email.yml
+---
+title: Add one welcome email for account provisioned by group
+merge_request: 51271
+author:
+type: other
--- a/ee/app/mailers/ee/emails/members.rb
+++ b/ee/app/mailers/ee/emails/members.rb
+# frozen_string_literal: true
+
+module EE
+  module Emails
+    module Members
+      def provisioned_member_access_granted_email(member_id)
+        @member_id = member_id
+
+        return unless member_exists?
+
+        @user = member.user
+
+        member_email_with_layout(
+          to: member.user.email,
+          subject: subject("Welcome to GitLab"))
+      end
+    end
+  end
+end
--- a/ee/app/mailers/ee/preview/notify_preview.rb
+++ b/ee/app/mailers/ee/preview/notify_preview.rb
@@ -50,6 +50,10 @@ module EE
            { truncated: false, rows_expected: 3, rows_written: 3 }
          ).message
        end
+
+        def new_group_member_with_confirmation_email
+          ::Notify.provisioned_member_access_granted_email(member.id).message
+        end
      end

      private

--- a/ee/app/models/ee/group_member.rb
+++ b/ee/app/models/ee/group_member.rb
@@ -113,6 +113,12 @@ module EE
    def post_create_hook
      super

+      if provisioned_by_this_group?
+        run_after_commit_or_now do
+          notification_service.new_group_member_with_confirmation(self)
+        end
+      end
+
      execute_hooks_for(:create)
    end

@@ -140,5 +146,14 @@ module EE
        self.source.execute_hooks(data, :member_hooks)
      end
    end
+
+    override :send_welcome_email?
+    def send_welcome_email?
+      !provisioned_by_this_group?
+    end
+
+    def provisioned_by_this_group?
+      user.user_detail.provisioned_by_group_id == source_id
+    end
  end
 end
--- a/ee/app/services/ee/notification_service.rb
+++ b/ee/app/services/ee/notification_service.rb
@@ -62,6 +62,10 @@ module EE
      changed_iteration_resource_email(issue, new_iteration, current_user)
    end

+    def new_group_member_with_confirmation(group_member)
+      mailer.provisioned_member_access_granted_email(group_member.id).deliver_later
+    end
+
    private

    def add_mr_approvers_email(merge_request, approvers, current_user)

--- a/ee/lib/gitlab/auth/group_saml/user.rb
+++ b/ee/lib/gitlab/auth/group_saml/user.rb
@@ -51,6 +51,7 @@ module Gitlab
        def build_new_user(skip_confirmation: false)
          super.tap do |user|
            user.provisioned_by_group_id = saml_provider.group_id
+            user.skip_confirmation_notification!

            # rubocop:disable GitlabSecurity/PublicSend
            AuthHash::ALLOWED_USER_ATTRIBUTES.each do |attribute|

--- a/ee/spec/lib/gitlab/auth/group_saml/user_spec.rb
+++ b/ee/spec/lib/gitlab/auth/group_saml/user_spec.rb
@@ -99,6 +99,11 @@ RSpec.describe Gitlab::Auth::GroupSaml::User do
            expect(find_and_update.projects_limit).to eq(20)
          end
        end
+
+        it 'does not send user confirmation email' do
+          expect { find_and_update }
+            .not_to have_enqueued_mail(DeviseMailer, :confirmation_instructions)
+        end
      end

      context 'when a conflicting user already exists' do

--- a/ee/spec/mailers/notify_spec.rb
+++ b/ee/spec/mailers/notify_spec.rb
@@ -44,7 +44,7 @@ RSpec.describe Notify do
    end
  end

-  let_it_be(:user) { create(:user) }
+  let_it_be(:user, reload: true) { create(:user) }
  let_it_be(:current_user) { create(:user, email: "current@email.com") }
  let_it_be(:assignee) { create(:user, email: 'assignee@example.com', name: 'John Doe') }
  let_it_be(:assignee2) { create(:user, email: 'assignee2@example.com', name: 'Jane Doe') }
@@ -369,4 +369,32 @@ RSpec.describe Notify do
      is_expected.to have_body_text(unsubscribe_link)
    end
  end
+
+  describe 'new user was created via saml' do
+    let(:group_member) { create(:group_member, user: create(:user, :unconfirmed)) }
+    let(:group) { group_member.source }
+    let(:recipient) { group_member.user }
+
+    subject { described_class.provisioned_member_access_granted_email(group_member.id) }
+
+    it_behaves_like 'an email sent from GitLab'
+    it_behaves_like 'it should not have Gmail Actions links'
+    it_behaves_like 'a user cannot unsubscribe through footer link'
+    it_behaves_like 'appearance header and footer enabled'
+    it_behaves_like 'appearance header and footer not enabled'
+
+    it 'delivers mail to user email' do
+      expect(subject).to deliver_to(recipient.email)
+    end
+
+    it 'contains all the useful information' do
+      is_expected.to have_subject 'Welcome to GitLab'
+      is_expected.to have_body_text group.name
+      is_expected.to have_body_text group.web_url
+      is_expected.to have_body_text recipient.username
+      is_expected.to have_body_text recipient.email
+      is_expected.to have_body_text 'To get started, click the link below to confirm your account'
+      is_expected.to have_body_text recipient.confirmation_token
+    end
+  end
 end
--- a/ee/spec/models/group_member_spec.rb
+++ b/ee/spec/models/group_member_spec.rb
@@ -345,6 +345,37 @@ RSpec.describe GroupMember do
    end
  end

+  context 'group member welcome email', :sidekiq_inline do
+    let_it_be(:group) { create(:group_with_plan, plan: :gold_plan) }
+    let(:user) { create(:user) }
+
+    context 'when user is provisioned by group' do
+      before do
+        user.user_detail.update!(provisioned_by_group_id: group.id)
+      end
+
+      it 'schedules the welcome email with confirmation' do
+        expect_next_instance_of(NotificationService) do |notification|
+          expect(notification).to receive(:new_group_member_with_confirmation)
+          expect(notification).not_to receive(:new_group_member)
+        end
+
+        group.add_developer(user)
+      end
+    end
+
+    context 'when user is not provisioned by group' do
+      it 'schedules plain welcome to the group email' do
+        expect_next_instance_of(NotificationService) do |notification|
+          expect(notification).to receive(:new_group_member)
+          expect(notification).not_to receive(:new_group_member_with_confirmation)
+        end
+
+        group.add_developer(user)
+      end
+    end
+  end
+
  def webhook_data(group_member, event)
    {
      headers: { 'Content-Type' => 'application/json', 'User-Agent' => "GitLab/#{Gitlab::VERSION}", 'X-Gitlab-Event' => 'Member Hook' },

--- a/ee/spec/services/ee/notification_service_spec.rb
+++ b/ee/spec/services/ee/notification_service_spec.rb
@@ -839,4 +839,27 @@ RSpec.describe EE::NotificationService, :mailer do
      issuable.subscriptions.create(user: @watcher_and_subscriber, project: project, subscribed: true)
    end
  end
+
+  context 'Members' do
+    describe '#new_group_member_with_confirmation' do
+      let(:added_user) { create(:user) }
+      let(:group) { create(:group) }
+
+      around do |example|
+        perform_enqueued_jobs do
+          example.run
+        end
+      end
+
+      before do
+        reset_delivered_emails!
+        added_user.user_detail.update!(provisioned_by_group_id: group.id)
+      end
+
+      it 'sends a notification' do
+        group.add_guest(added_user)
+        should_only_email(added_user)
+      end
+    end
+  end
 end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -2997,6 +2997,9 @@ msgstr ""
 msgid "An %{link_start}alert%{link_end} with the same fingerprint is already open. To change the status of this alert, resolve the linked alert."
 msgstr ""

+msgid "An Enterprise User GitLab account has been created for you by your organization:"
+msgstr ""
+
 msgid "An administrator changed the password for your GitLab account on %{link_to}."
 msgstr ""

@@ -4900,6 +4903,9 @@ msgstr ""
 msgid "By %{user_name}"
 msgstr ""

+msgid "By authenticating with an account tied to an Enterprise e-mail address, it is understood that this account is an Enterprise User. "
+msgstr ""
+
 msgid "By clicking Register, I agree that I have read and accepted the %{company_name} %{linkStart}Terms of Use and Privacy Policy%{linkEnd}"
 msgstr ""

@@ -13247,6 +13253,9 @@ msgstr ""
 msgid "GitLab for Slack"
 msgstr ""

+msgid "GitLab group: %{source_link}"
+msgstr ""
+
 msgid "GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate"
 msgstr ""

@@ -29511,6 +29520,9 @@ msgstr ""
 msgid "To define internal users, first enable new users set to external"
 msgstr ""

+msgid "To ensure no loss of personal content, an Individual User should create a separate account under their own personal email address, not tied to the Enterprise email domain or name-space."
+msgstr ""
+
 msgid "To further protect your account, consider configuring a %{mfa_link_start}two-factor authentication%{mfa_link_end} method."
 msgstr ""

@@ -29520,6 +29532,9 @@ msgstr ""
 msgid "To get started you enter your FogBugz URL and login information below. In the next steps, you'll be able to map users and select the projects you want to import."
 msgstr ""

+msgid "To get started, click the link below to confirm your account."
+msgstr ""
+
 msgid "To get started, link this page to your Jaeger server, or find out how to %{link_start_tag}install Jaeger%{link_end_tag}"
 msgstr ""