Group SAML links user Identity

app/controllers/omniauth_callbacks_controller.rb

@@ -93,7 +93,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
 
       if identity_linker.changed?
         redirect_identity_linked
-      elsif identity_linker.error_message.present?
+      elsif identity_linker.failed?
         redirect_identity_link_failed(identity_linker.error_message)
       else
         redirect_identity_exists

ee/lib/gitlab/auth/group_saml/identity_linker.rb

+module Gitlab
+  module Auth
+    module GroupSaml
+      class IdentityLinker < Gitlab::Auth::Saml::IdentityLinker
+        attr_reader :saml_provider
+
+        def initialize(current_user, oauth, saml_provider)
+          super(current_user, oauth)
+
+          @saml_provider = saml_provider
+        end
+
+        protected
+
+        def identity
+          @identity ||= current_user.identities.where(provider: :group_saml,
+                                                      saml_provider: saml_provider,
+                                                      extern_uid: uid.to_s)
+                                    .first_or_initialize
+        end
+      end
+    end
+  end
+end

ee/spec/lib/gitlab/auth/group_saml/identity_linker_spec.rb

+require 'spec_helper'
+
+describe Gitlab::Auth::GroupSaml::IdentityLinker do
+  let(:user) { create(:user) }
+  let(:provider) { 'group_saml' }
+  let(:uid) { user.email }
+  let(:oauth) { { 'provider' => provider, 'uid' => uid } }
+  let(:saml_provider) { create(:saml_provider) }
+
+  subject { described_class.new(user, oauth, saml_provider) }
+
+  context 'linked identity exists' do
+    let!(:identity) { user.identities.create!(provider: provider, extern_uid: uid, saml_provider: saml_provider) }
+
+    it "doesn't create new identity" do
+      expect { subject.link }.not_to change { Identity.count }
+    end
+
+    it "sets #changed? to false" do
+      subject.link
+
+      expect(subject).not_to be_changed
+    end
+  end
+
+  context 'identity needs to be created' do
+    it 'creates linked identity' do
+      expect { subject.link }.to change { user.identities.count }
+    end
+
+    it 'sets identity provider' do
+      subject.link
+
+      expect(user.identities.last.provider).to eq provider
+    end
+
+    it 'sets saml provider' do
+      subject.link
+
+      expect(user.identities.last.saml_provider).to eq saml_provider
+    end
+
+    it 'sets identity extern_uid' do
+      subject.link
+
+      expect(user.identities.last.extern_uid).to eq uid
+    end
+
+    it 'sets #changed? to true' do
+      subject.link
+
+      expect(subject).to be_changed
+    end
+  end
+end

lib/gitlab/auth/omniauth_identity_linker_base.rb

@@ -17,6 +17,10 @@ module Gitlab
         @changed
       end
 
+      def failed?
+        error_message.present?
+      end
+
       def error_message
         identity.validate