Commit 730e5853 authored by Imre Farkas's avatar Imre Farkas

SCIM provisioning to avoid creating SCIM identity without membership

parent f6e53638
---
title: SCIM provisioning to avoid creating SCIM identity without membership
merge_request: 39259
author:
type: fixed
......@@ -39,7 +39,7 @@ module EE
end
def create_identity_and_member
return success_response if identity.save && member.errors.empty?
return success_response if member.valid? && identity.save
error_response(objects: [identity, member])
end
......
......@@ -6,7 +6,12 @@ RSpec.describe ::EE::Gitlab::Scim::ProvisioningService do
describe '#execute' do
let(:group) { create(:group) }
let(:service) { described_class.new(group, service_params) }
let!(:saml_provider) { create(:saml_provider, group: group, default_membership_role: Gitlab::Access::DEVELOPER) }
let(:enforced_sso) { false }
let!(:saml_provider) do
create(:saml_provider, group: group,
enforced_sso: enforced_sso,
default_membership_role: Gitlab::Access::DEVELOPER)
end
before do
stub_licensed_features(group_saml: true)
......@@ -195,6 +200,22 @@ RSpec.describe ::EE::Gitlab::Scim::ProvisioningService do
it 'creates the group member' do
expect { service.execute }.to change { GroupMember.count }.by(1)
end
context 'with enforced SSO' do
let(:enforced_sso) { true }
it 'does not create the group member' do
expect { service.execute }.not_to change { GroupMember.count }
end
it 'does not create the SAML identity' do
expect { service.execute }.not_to change { Identity.count }
end
it 'does not create the SCIM identity' do
expect { service.execute }.not_to change { ScimIdentity.count }
end
end
end
context 'when user is an existing group member' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment