Commit eb0fbb28 authored by Serena Fang's avatar Serena Fang Committed by James Lopez

Fix allowlist bug that prevented project access token creation

parent a53ff11f
...@@ -38,6 +38,8 @@ module EE ...@@ -38,6 +38,8 @@ module EE
def group_domain_limitations def group_domain_limitations
if user if user
return if user.project_bot?
validate_users_email validate_users_email
validate_email_verified validate_email_verified
else else
......
...@@ -14,7 +14,9 @@ module EE ...@@ -14,7 +14,9 @@ module EE
override :add_user override :add_user
def add_user(user, access_level, current_user: nil, expires_at: nil) def add_user(user, access_level, current_user: nil, expires_at: nil)
return false if group_member_lock if group_member_lock && !user.project_bot?
return false
end
super super
end end
......
...@@ -43,6 +43,18 @@ RSpec.describe GroupMember do ...@@ -43,6 +43,18 @@ RSpec.describe GroupMember do
expect(group_member.errors[:user]).to include("email 'unverified@gitlab.com' is not a verified email.") expect(group_member.errors[:user]).to include("email 'unverified@gitlab.com' is not a verified email.")
end end
context 'with project bot users' do
let_it_be(:project_bot) { create(:user, :project_bot, email: "bot@example.com") }
it 'bot user email does not match' do
expect(group.allowed_email_domains.include?(project_bot.email)).to be_falsey
end
it 'allows the project bot user' do
expect(build(:group_member, group: group, user: project_bot)).to be_valid
end
end
context 'with group SAML users' do context 'with group SAML users' do
let(:saml_provider) { create(:saml_provider, group: group) } let(:saml_provider) { create(:saml_provider, group: group) }
......
...@@ -35,7 +35,17 @@ RSpec.describe ProjectTeam do ...@@ -35,7 +35,17 @@ RSpec.describe ProjectTeam do
it 'does not add the given user to the team' do it 'does not add the given user to the team' do
project.team.add_user(user, :reporter) project.team.add_user(user, :reporter)
expect(project.team.reporter?(user)).to be(false) expect(project.members.map(&:user)).not_to include(user)
end
context 'project bot user' do
let_it_be(:project_bot) { create(:user, :project_bot) }
it 'adds the project bot user to the team' do
project.team.add_user(project_bot, :maintainer)
expect(project.members.map(&:user)).to include(project_bot)
end
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment