Group managed accounts need no password

Those accounts are meant to be managed by group IDP and used with SSO only

Group managed accounts need no password
Those accounts are meant to be managed by group IDP and used with SSO only
22f792f7 · Pavel Shutsin · c6de49fb · 22f792f7 · 22f792f7
Commit 22f792f7 authored Mar 14, 2019 by Pavel Shutsin
Hide whitespace changes
Inline Side-by-side

Showing with 65 additions and 3 deletions

ee/app/models/ee/user.rb ee/app/models/ee/user.rb +23 -0

ee/spec/models/ee/user_spec.rb ee/spec/models/ee/user_spec.rb +42 -3

No files found.
--- a/ee/app/models/ee/user.rb
+++ b/ee/app/models/ee/user.rb
@@ -246,6 +246,29 @@ module EE
      update_column :admin_email_unsubscribed_at, Time.now
    end

+    override :allow_password_authentication_for_web?
+    def allow_password_authentication_for_web?(*)
+      return false if group_managed_account?
+
+      super
+    end
+
+    override :allow_password_authentication_for_git?
+    def allow_password_authentication_for_git?(*)
+      return false if group_managed_account?
+
+      super
+    end
+
+    protected
+
+    override :password_required?
+    def password_required?(*)
+      return false if group_managed_account?
+
+      super
+    end
+
    private

    def namespace_union(select = :id)

--- a/ee/spec/models/ee/user_spec.rb
+++ b/ee/spec/models/ee/user_spec.rb
@@ -380,16 +380,55 @@ describe EE::User do
  end

  describe '#group_managed_account?' do
+    subject { user.group_managed_account? }
+
    context 'when user has managing group linked' do
      before do
-        subject.managing_group = Group.new
+        user.managing_group = Group.new
      end

-      it { is_expected.to be_group_managed_account }
+      it { is_expected.to eq true }
    end

    context 'when user has no linked managing group' do
-      it { is_expected.not_to be_group_managed_account }
+      it { is_expected.to eq false }
+    end
+  end
+
+  describe '#password_required?' do
+    context 'when user has managing group linked' do
+      before do
+        user.managing_group = Group.new
+      end
+
+      it 'does not require password to be present' do
+        expect(user).not_to  validate_presence_of(:password)
+        expect(user).not_to  validate_presence_of(:password_confirmation)
+      end
+    end
+  end
+
+  describe '#allow_password_authentication_for_web?' do
+    context 'when user has managing group linked' do
+      before do
+        user.managing_group = Group.new
+      end
+
+      it 'is false' do
+        expect(user.allow_password_authentication_for_web?).to eq false
+      end
+    end
+  end
+
+  describe '#allow_password_authentication_for_git?' do
+    context 'when user has managing group linked' do
+      before do
+        user.managing_group = Group.new
+      end
+
+      it 'is false' do
+        expect(user.allow_password_authentication_for_git?).to eq false
+      end
    end
  end
 end