Merge branch 'eduardosanz/saml-wording' into 'master'

Change in wording related to SAML experience See merge request gitlab-org/gitlab!89557

Merge branch 'eduardosanz/saml-wording' into 'master'
73269ed6 · Marc Shaw · d00b7118 · 663ec6dc · 73269ed6 · 73269ed6
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -513,7 +513,7 @@ Alternatively, the SAML response may be missing the `InResponseTo` attribute in
 The identity provider administrator should ensure that the login is
 initiated by the service provider and not the identity provider.

-### Message: "Login to a GitLab account to link with your SAML identity"
+### Message: "Sign in to GitLab to connect your organization's account"

 A user can see this message when they are trying to [manually link SAML to their existing GitLab.com account](#linking-saml-to-your-existing-gitlabcom-account).


--- a/ee/app/controllers/groups/omniauth_callbacks_controller.rb
+++ b/ee/app/controllers/groups/omniauth_callbacks_controller.rb
@@ -31,7 +31,7 @@ def link_identity(identity_linker)

  override :redirect_identity_linked
  def redirect_identity_linked
-    flash[:notice] = "SAML for #{@unauthenticated_group.name} was added to your connected accounts"
+    flash[:notice] = s_("SAML|Your organization's SSO has been connected to your GitLab account")

    redirect_to after_sign_in_path_for(current_user)
  end
@@ -116,7 +116,7 @@ def fail_login(user)
  end

  def redirect_to_login_or_register
-    notice = "Login to a GitLab account to link with your SAML identity"
+    notice = s_("SAML|Sign in to GitLab to connect your organization's account")

    after_gitlab_sign_in = sso_group_saml_providers_path(@unauthenticated_group)


--- a/ee/app/controllers/groups/sso_controller.rb
+++ b/ee/app/controllers/groups/sso_controller.rb
@@ -23,7 +23,6 @@ def saml
    @group_path = unauthenticated_group.path
    @group_name = unauthenticated_group.full_name
    @group_saml_identity = linked_identity
-    @idp_url = unauthenticated_group.saml_provider.sso_url
    @auto_redirect_to_provider = current_user&.group_sso?(unauthenticated_group)

    render layout: 'devise_empty' if @auto_redirect_to_provider

--- a/ee/app/views/groups/sso/saml.html.haml
+++ b/ee/app/views/groups/sso/saml.html.haml
@@ -11,18 +11,12 @@
    .login-body.gl-px-5.gl-pt-5
      - if @group_saml_identity || !user_signed_in?
        %h4.gl-mt-0= _('Sign in to "%{group_name}"') % { group_name: @group_name }
+        %p= s_('SAML|To access "%{group_name}" you must sign in with your Single Sign-On account, through an external sign-in page.') % { group_name: @group_name }
+        = saml_link _('Sign in'), @group_path, html_class: 'btn btn-confirm btn-md gl-button btn-block qa-saml-sso-signin-button', redirect: @redirect_path
      - else
-        %h4.gl-mt-0= _('Allow "%{group_name}" to sign you in') % { group_name: @group_name }
-
-      %p= _('The "%{group_path}" group allows you to sign in with your Single Sign-On Account') % { group_path: @group_path }
-
-      - if @group_saml_identity || !user_signed_in?
-        %p= _("This will redirect you to an external sign in page.")
-
-        = saml_link _('Sign in with Single Sign-On'), @group_path, html_class: 'btn btn-confirm btn-md gl-button btn-block qa-saml-sso-signin-button', redirect: @redirect_path
-      - else
+        %h4.gl-mt-0= s_('Allow "%{group_name}" to sign you in') % { group_name: @group_name }
+        %p= s_('SAML|The "%{group_path}" group allows you to sign in with your Single Sign-On Account.') % { group_path: @group_path }
        = render Pajamas::AlertComponent.new(variant: :warning, dismissible: false, alert_options: { class: 'gl-mb-5 gl-word-break-word' }) do |c|
          = c.body do
-            = _("Only proceed if you trust %{idp_url} to control your GitLab account sign in.") % { idp_url: @idp_url }
-
+            = s_('SAML|Selecting "Authorize" will transfer ownership of your GitLab account "%{username}" (%{email}) to your organization.') % { username: current_user.username, email: current_user.email }
        = saml_link _('Authorize'), @group_path, html_class: 'btn btn-confirm btn-md gl-button btn-block qa-saml-sso-signin-button'
--- a/ee/spec/controllers/groups/omniauth_callbacks_controller_spec.rb
+++ b/ee/spec/controllers/groups/omniauth_callbacks_controller_spec.rb
@@ -145,7 +145,7 @@ def stub_last_request_id(id)
      it "displays a flash message verifying group sign in" do
        post provider, params: { group_id: group }

-        expect(flash[:notice]).to eq('Login to a GitLab account to link with your SAML identity')
+        expect(flash[:notice]).to eq(s_("SAML|Sign in to GitLab to connect your organization's account"))
      end

      it 'does not add linked identity' do
@@ -213,7 +213,7 @@ def stub_last_request_id(id)
        it "displays a flash indicating the account has been linked" do
          post provider, params: { group_id: group }

-          expect(flash[:notice]).to match(/SAML for .* was added/)
+          expect(flash[:notice]).to eq(s_("SAML|Your organization's SSO has been connected to your GitLab account"))
        end

        it 'logs group audit event for being added to the group' do
@@ -268,7 +268,7 @@ def stub_last_request_id(id)
            post provider, params: { group_id: group }

            expect(response).to redirect_to(new_user_session_path)
-            expect(flash[:notice]).to start_with("Login to a GitLab account to link with your SAML identity")
+            expect(flash[:notice]).to eq(s_("SAML|Sign in to GitLab to connect your organization's account"))
          end
        end


--- a/ee/spec/features/groups/saml_enforcement_spec.rb
+++ b/ee/spec/features/groups/saml_enforcement_spec.rb
@@ -109,7 +109,7 @@
    it 'shows loading screen and link used for auto-redirect' do
      visit group_path(group)

-      click_link 'Sign in with Single Sign-On'
+      click_link 'Sign in'

      days_after_timeout = Gitlab::Auth::GroupSaml::SsoEnforcer::DEFAULT_SESSION_TIMEOUT + 2.days
      travel_to(days_after_timeout.from_now) do
@@ -129,7 +129,7 @@

        expect(current_url).to include("redirect=#{CGI.escape(resource_path)}")

-        click_link 'Sign in with Single Sign-On'
+        click_link 'Sign in'

        # Capybara's have_current_path matcher checks the path and query string
        expect(page).to have_current_path(resource_path)

--- a/ee/spec/features/groups/saml_providers_spec.rb
+++ b/ee/spec/features/groups/saml_providers_spec.rb
@@ -227,7 +227,6 @@ def stub_saml_config

          expect(page).to have_content('SAML SSO')
          expect(page).to have_content("Sign in to \"#{group.full_name}\"")
-          expect(page).to have_content('Sign in with Single Sign-On')
        end
      end

@@ -240,7 +239,6 @@ def stub_saml_config
          visit sso_group_saml_providers_path(group)

          expect(page).to have_content(/Allow .* to sign you in/)
-          expect(page).to have_content(saml_provider.sso_url)
          expect(page).to have_content('Authorize')
        end

@@ -251,7 +249,7 @@ def stub_saml_config

          click_link 'Authorize'

-          expect(page).to have_content(/SAML for .* was added to your connected accounts/)
+          expect(page).to have_content("Your organization's SSO has been connected to your GitLab account")
          expect(user.identities.last.extern_uid).to eq external_uid
        end

@@ -282,7 +280,7 @@ def stub_saml_config
        it 'warns user that their account is locked' do
          visit sso_group_saml_providers_path(group)

-          click_link 'Sign in with Single Sign-On'
+          click_link 'Sign in'

          expect(page).to have_content('Your account is locked.')
        end
@@ -295,7 +293,7 @@ def stub_saml_config
          it 'warns user their account is locked' do
            visit sso_group_saml_providers_path(group)

-            click_link 'Sign in with Single Sign-On'
+            click_link 'Sign in'

            expect(page).to have_content('Your account is locked.')
            expect(page).to have_current_path sso_group_saml_providers_path(group), ignore_query: true

--- a/ee/spec/features/users/login_spec.rb
+++ b/ee/spec/features/users/login_spec.rb
@@ -222,7 +222,7 @@
      it 'shows U2F prompt after SAML' do
        visit sso_group_saml_providers_path(group, token: group.saml_discovery_token)

-        click_link 'Sign in with Single Sign-On'
+        click_link 'Sign in'

        expect(page).to have_content('Trying to communicate with your device')
        expect(page).to have_link('Sign in via 2FA code')
@@ -243,7 +243,7 @@
      it 'shows WebAuthn prompt after SAML' do
        visit sso_group_saml_providers_path(group, token: group.saml_discovery_token)

-        click_link 'Sign in with Single Sign-On'
+        click_link 'Sign in'

        # Mock the webauthn procedure to neither reject or resolve, just do nothing
        # Using the built-in credentials.get functionality would result in an SecurityError

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -33481,6 +33481,21 @@ msgstr ""
 msgid "SAML for %{group_name}"
 msgstr ""
  
+msgid "SAML|Selecting \"Authorize\" will transfer ownership of your GitLab account \"%{username}\" (%{email}) to your organization."
+msgstr ""
+
+msgid "SAML|Sign in to GitLab to connect your organization's account"
+msgstr ""
+
+msgid "SAML|The \"%{group_path}\" group allows you to sign in with your Single Sign-On Account."
+msgstr ""
+
+msgid "SAML|To access \"%{group_name}\" you must sign in with your Single Sign-On account, through an external sign-in page."
+msgstr ""
+
+msgid "SAML|Your organization's SSO has been connected to your GitLab account"
+msgstr ""
+
 msgid "SAST Configuration"
 msgstr ""
  
@@ -38180,9 +38195,6 @@ msgstr ""
 msgid "That's it, well done!"
 msgstr ""
  
-msgid "The \"%{group_path}\" group allows you to sign in with your Single Sign-On Account"
-msgstr ""
-
 msgid "The %{link_start}true-up model%{link_end} allows having more users, and additional users will incur a retroactive charge on renewal."
 msgstr ""
  
@@ -39653,9 +39665,6 @@ msgstr ""
 msgid "This will invalidate your registered applications and U2F devices."
 msgstr ""
  
-msgid "This will redirect you to an external sign in page."
-msgstr ""
-
 msgid "This will remove the fork relationship between this project and %{fork_source}."
 msgstr ""
  
--- a/qa/qa/specs/features/ee/browser_ui/1_manage/group/group_saml_enforced_sso_new_account_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/1_manage/group/group_saml_enforced_sso_new_account_spec.rb
@@ -72,7 +72,7 @@ module QA

          Flow::Saml.login_to_idp_if_required(idp_user.username, idp_user.password)

-          expect(page).to have_text("Login to a GitLab account to link with your SAML identity")
+          expect(page).to have_text("Sign in to GitLab to connect your organization's account")

          Flow::Saml.logout_from_idp(saml_idp_service)


--- a/qa/qa/specs/features/ee/browser_ui/1_manage/group/group_saml_non_enforced_sso_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/1_manage/group/group_saml_non_enforced_sso_spec.rb
@@ -39,7 +39,7 @@ module QA
            EE::Page::Group::SamlSSOSignIn.perform(&:click_sign_in)
            Flow::Saml.login_to_idp_if_required('user3', 'user3pass')

-            expect(page).to have_content("SAML for #{@group.path} was added to your connected accounts")
+            expect(page).to have_content("Your organization's SSO has been connected to your GitLab account")

            member_details = @group.list_members.find { |item| item['username'] == user.username }

@@ -58,7 +58,7 @@ module QA

          Flow::Saml.login_to_idp_if_required('user1', 'user1pass')

-          expect(page).to have_content("SAML for #{@group.path} was added to your connected accounts")
+          expect(page).to have_content("Your organization's SSO has been connected to your GitLab account")

          page.visit managed_group_url