# frozen_string_literal: true
module GroupSaml
class SignUpService
attr_reader :group, :new_user, :oauth_data, :session
def initialize(new_user, group, session)
@new_user = new_user
@group = group
@oauth_data = session['oauth_data']
@session = session
end
def execute
ActiveRecord::Base.transaction do
new_user.managing_group = group if group.saml_provider&.enforced_group_managed_accounts?
if new_user.save
identity_linker = Gitlab::Auth::GroupSaml::IdentityLinker.new(new_user, oauth_data, session, group.saml_provider)
identity_linker.link
end
new_user.persisted? && !identity_linker.failed?
end
end
end
end
-
Sebastian Arcila Valenzuela authored
If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 And reuse SAML logic within EE SAMLGroup, this is to avoid duplication between the code used for CE and EE.
6bc404ee