Reword NameID format to be recommended

ce6f84c0 · Cynthia Ng · Etienne Baqué · 0b03e040 · ce6f84c0 · ce6f84c0
Commit ce6f84c0 authored Sep 08, 2021 by Cynthia Ng Committed by Etienne Baqué Sep 08, 2021
3 changed files
--- a/ee/lib/gitlab/auth/group_saml/response_check.rb
+++ b/ee/lib/gitlab/auth/group_saml/response_check.rb
@@ -40,7 +40,7 @@ module Gitlab
        def name_id_matches_identity!
          return unless name_id_changed?

-          message = s_('GroupSAML|must match stored NameID of "%{extern_uid}" as we use this to identify users. If the NameID changes users will be unable to sign in.') % { extern_uid: identity&.extern_uid }
+          message = s_('GroupSAML|must match stored NameID of "%{extern_uid}" to identify user and allow sign in') % { extern_uid: identity&.extern_uid }
          errors.add(:name_id, message)
        end

@@ -48,13 +48,13 @@ module Gitlab
          return if name_id_format.ends_with?(':persistent')
          return if name_id_format.ends_with?(':emailAddress') && name_id_is_email?

-          errors.add(:name_id_format, s_('GroupSAML|should be "persistent"'))
+          errors.add(:name_id_format, s_('GroupSAML|"persistent" recommended'))
        end

        def name_id_randomly_generated!
          return unless name_id_is_new? && unreliable_name_id?

-          errors.add(:name_id, s_('GroupSAML|should be a random persistent ID, emails are discouraged'))
+          errors.add(:name_id, s_('GroupSAML|recommend persistent ID instead of email'))
        end

        def unreliable_name_id?

--- a/ee/spec/lib/gitlab/auth/group_saml/response_check_spec.rb
+++ b/ee/spec/lib/gitlab/auth/group_saml/response_check_spec.rb
@@ -30,7 +30,7 @@ RSpec.describe Gitlab::Auth::GroupSaml::ResponseCheck do

      it 'warns that NameID has changed and will break sign in' do
        expect(subject.errors[:name_id].join).to include('must match stored NameID')
-        expect(subject.errors[:name_id].join).to include('unable to sign in')
+        expect(subject.errors[:name_id].join).to include('allow sign in')
      end
    end


--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -16009,6 +16009,9 @@ msgstr ""
 msgid "GroupRoadmap|Within 3 years"
 msgstr ""

+msgid "GroupSAML|\"persistent\" recommended"
+msgstr ""
+
 msgid "GroupSAML|%{strongOpen}Warning%{strongClose} - Enabling %{linkStart}SSO enforcement%{linkEnd} can reduce security risks."
 msgstr ""

@@ -16156,13 +16159,10 @@ msgstr ""
 msgid "GroupSAML|as %{access_level}"
 msgstr ""

-msgid "GroupSAML|must match stored NameID of \"%{extern_uid}\" as we use this to identify users. If the NameID changes users will be unable to sign in."
-msgstr ""
-
-msgid "GroupSAML|should be \"persistent\""
+msgid "GroupSAML|must match stored NameID of \"%{extern_uid}\" to identify user and allow sign in"
 msgstr ""

-msgid "GroupSAML|should be a random persistent ID, emails are discouraged"
+msgid "GroupSAML|recommend persistent ID instead of email"
 msgstr ""

 msgid "GroupSelect|No matching results"