Merge branch 'user-auth-bmiller-return-early-if-user-is-nil' into 'master'

Return early if user is nil in ee/lib/ee/gitlab/auth/saml/user.rb

See merge request gitlab-org/gitlab!50216

changelogs/unreleased/user-auth-bmiller-return-early-if-user-is-nil.yml

+---
+title: Fix a crash when logging in using SAML for the first time when sign-ups are disabled
+merge_request: 50216
+author:
+type: other

lib/gitlab/auth/o_auth/user.rb

@@ -239,8 +239,9 @@ module Gitlab
         end
 
         def update_profile
-          clear_user_synced_attributes_metadata
+          return unless gl_user
 
+          clear_user_synced_attributes_metadata
           return unless sync_profile_from_provider? || creating_linked_ldap_user?
 
           metadata = gl_user.build_user_synced_attributes_metadata

spec/lib/gitlab/auth/o_auth/user_spec.rb

@@ -995,6 +995,23 @@ RSpec.describe Gitlab::Auth::OAuth::User do
     end
   end
 
+  context 'when gl_user is nil' do
+    # We can't use `allow_next_instance_of` here because the stubbed method is called inside `initialize`.
+    # When the class calls `gl_user` during `initialize`, the `nil` value is overwritten and we do not see expected results from the spec.
+    # So we use `allow_any_instance_of` to preserve the `nil` value to test the behavior when `gl_user` is nil.
+
+    # rubocop:disable RSpec/AnyInstanceOf
+    before do
+      allow_any_instance_of(described_class).to receive(:gl_user) { nil }
+      allow_any_instance_of(described_class).to receive(:sync_profile_from_provider?) { true } # to make the code flow proceed until gl_user.build_user_synced_attributes_metadata is called
+    end
+    # rubocop:enable RSpec/AnyInstanceOf
+
+    it 'does not raise NoMethodError' do
+      expect { oauth_user }.not_to raise_error
+    end
+  end
+
   describe '._uid_and_provider' do
     let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }