Commit bc534a99 authored by Imre Farkas's avatar Imre Farkas

Merge branch '257881-user-admin-approval-toggle-to-enable' into 'master'

Add setting in the UI for governing admin approval for new signups

See merge request gitlab-org/gitlab!43827
parents 627c5447 464cc0a3
...@@ -167,7 +167,7 @@ module ApplicationSettingsHelper ...@@ -167,7 +167,7 @@ module ApplicationSettingsHelper
end end
def visible_attributes def visible_attributes
[ attributes = [
:abuse_notification_email, :abuse_notification_email,
:after_sign_out_path, :after_sign_out_path,
:after_sign_up_text, :after_sign_up_text,
...@@ -331,6 +331,9 @@ module ApplicationSettingsHelper ...@@ -331,6 +331,9 @@ module ApplicationSettingsHelper
:wiki_page_max_content_bytes, :wiki_page_max_content_bytes,
:container_registry_delete_tags_service_timeout :container_registry_delete_tags_service_timeout
] ]
attributes << :require_admin_approval_after_user_signup if Feature.enabled?(:admin_approval_for_new_user_signups)
attributes
end end
def external_authorization_service_attributes def external_authorization_service_attributes
......
...@@ -9,6 +9,14 @@ ...@@ -9,6 +9,14 @@
Sign-up enabled Sign-up enabled
.form-text.text-muted .form-text.text-muted
= _("When enabled, any user visiting %{host} will be able to create an account.") % { host: "#{new_user_session_url(host: Gitlab.config.gitlab.host)}" } = _("When enabled, any user visiting %{host} will be able to create an account.") % { host: "#{new_user_session_url(host: Gitlab.config.gitlab.host)}" }
- if Feature.enabled?(:admin_approval_for_new_user_signups)
.form-group
.form-check
= f.check_box :require_admin_approval_after_user_signup, class: 'form-check-input'
= f.label :require_admin_approval_after_user_signup, class: 'form-check-label' do
= _('Require admin approval for new sign-ups')
.form-text.text-muted
= _("When enabled, any user visiting %{host} and creating an account will have to be explicitly approved by the admin before they can login. This setting is effective only if sign-ups are enabled.") % { host: "#{new_user_session_url(host: Gitlab.config.gitlab.host)}" }
.form-group .form-group
.form-check .form-check
= f.check_box :send_user_confirmation_email, class: 'form-check-input' = f.check_box :send_user_confirmation_email, class: 'form-check-input'
......
---
name: admin_approval_for_new_user_signups
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/43827
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/258980
type: development
group: group::access
default_enabled: false
...@@ -21821,6 +21821,9 @@ msgstr "" ...@@ -21821,6 +21821,9 @@ msgstr ""
msgid "Requests to these domain(s)/address(es) on the local network will be allowed when local requests from hooks and services are not allowed. IP ranges such as 1:0:0:0:0:0:0:0/124 or 127.0.0.0/28 are supported. Domain wildcards are not supported currently. Use comma, semicolon, or newline to separate multiple entries. The allowlist can hold a maximum of 1000 entries. Domains should use IDNA encoding. Ex: example.com, 192.168.1.1, 127.0.0.0/28, xn--itlab-j1a.com." msgid "Requests to these domain(s)/address(es) on the local network will be allowed when local requests from hooks and services are not allowed. IP ranges such as 1:0:0:0:0:0:0:0/124 or 127.0.0.0/28 are supported. Domain wildcards are not supported currently. Use comma, semicolon, or newline to separate multiple entries. The allowlist can hold a maximum of 1000 entries. Domains should use IDNA encoding. Ex: example.com, 192.168.1.1, 127.0.0.0/28, xn--itlab-j1a.com."
msgstr "" msgstr ""
msgid "Require admin approval for new sign-ups"
msgstr ""
msgid "Require all users in this group to setup Two-factor authentication" msgid "Require all users in this group to setup Two-factor authentication"
msgstr "" msgstr ""
...@@ -28944,6 +28947,9 @@ msgstr "" ...@@ -28944,6 +28947,9 @@ msgstr ""
msgid "When a runner is locked, it cannot be assigned to other projects" msgid "When a runner is locked, it cannot be assigned to other projects"
msgstr "" msgstr ""
msgid "When enabled, any user visiting %{host} and creating an account will have to be explicitly approved by the admin before they can login. This setting is effective only if sign-ups are enabled."
msgstr ""
msgid "When enabled, any user visiting %{host} will be able to create an account." msgid "When enabled, any user visiting %{host} will be able to create an account."
msgstr "" msgstr ""
......
...@@ -87,6 +87,38 @@ RSpec.describe Admin::ApplicationSettingsController do ...@@ -87,6 +87,38 @@ RSpec.describe Admin::ApplicationSettingsController do
sign_in(admin) sign_in(admin)
end end
context 'require_admin_approval_after_user_signup setting' do
subject do
put :update, params: { application_setting: { require_admin_approval_after_user_signup: true } }
end
context 'when feature is enabled' do
before do
stub_feature_flags(admin_approval_for_new_user_signups: true)
end
it 'updates the require_admin_approval_after_user_signup setting' do
subject
expect(response).to redirect_to(general_admin_application_settings_path)
expect(ApplicationSetting.current.require_admin_approval_after_user_signup).to eq(true)
end
end
context 'when feature is disabled' do
before do
stub_feature_flags(admin_approval_for_new_user_signups: false)
end
it 'does not update the require_admin_approval_after_user_signup setting' do
subject
expect(response).to redirect_to(general_admin_application_settings_path)
expect(ApplicationSetting.current.require_admin_approval_after_user_signup).not_to eq(true)
end
end
end
it 'updates the password_authentication_enabled_for_git setting' do it 'updates the password_authentication_enabled_for_git setting' do
put :update, params: { application_setting: { password_authentication_enabled_for_git: "0" } } put :update, params: { application_setting: { password_authentication_enabled_for_git: "0" } }
......
...@@ -130,6 +130,38 @@ RSpec.describe 'Admin updates settings', :clean_gitlab_redis_shared_state, :do_n ...@@ -130,6 +130,38 @@ RSpec.describe 'Admin updates settings', :clean_gitlab_redis_shared_state, :do_n
expect(user_internal_regex['placeholder']).to eq 'Regex pattern' expect(user_internal_regex['placeholder']).to eq 'Regex pattern'
end end
context 'Change Sign-up restrictions' do
context 'Require Admin approval for new signup setting' do
context 'when feature is enabled' do
before do
stub_feature_flags(admin_approval_for_new_user_signups: true)
end
it 'changes the setting' do
page.within('.as-signup') do
check 'Require admin approval for new sign-ups'
click_button 'Save changes'
end
expect(current_settings.require_admin_approval_after_user_signup).to be_truthy
expect(page).to have_content "Application settings saved successfully"
end
end
context 'when feature is disabled' do
before do
stub_feature_flags(admin_approval_for_new_user_signups: false)
end
it 'does not show the the setting' do
page.within('.as-signup') do
expect(page).not_to have_selector('.application_setting_require_admin_approval_after_user_signup')
end
end
end
end
end
it 'Change Sign-in restrictions' do it 'Change Sign-in restrictions' do
page.within('.as-signin') do page.within('.as-signin') do
fill_in 'Home page URL', with: 'https://about.gitlab.com/' fill_in 'Home page URL', with: 'https://about.gitlab.com/'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment