Merge branch 'smriti-417282/scim_provisioning_service_email_skip_confirmation' into 'master'

Email confirmation setting to be considered

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/130447



Merged-by: Heinrich Lee Yu <heinrich@gitlab.com>
Approved-by: Heinrich Lee Yu <heinrich@gitlab.com>
Reviewed-by: Drew Blessing <drew@gitlab.com>
Co-authored-by: smriti <sgarg@gitlab.com>

ee/lib/ee/gitlab/scim/base_provisioning_service.rb

@@ -41,6 +41,14 @@ def valid_username
         def missing_params
           @missing_params ||= ([:extern_uid, :email, :username] - @parsed_hash.keys)
         end
+
+        def user_params
+          @parsed_hash.tap do |hash|
+            hash[:username] = valid_username
+            hash[:password] = hash[:password_confirmation] = random_password
+            hash[:password_automatically_set] = PASSWORD_AUTOMATICALLY_SET
+          end
+        end
       end
     end
   end

ee/lib/ee/gitlab/scim/group/provisioning_service.rb

@@ -40,7 +40,7 @@ def user
           strong_memoize_attr :user
 
           def build_user
-            ::Users::AuthorizedBuildService.new(nil, user_params).execute
+            ::Users::AuthorizedBuildService.new(nil, group_user_params).execute
           end
 
           def build_scim_identity
@@ -63,15 +63,11 @@ def default_membership_role
             @group.saml_provider.default_membership_role
           end
 
-          def user_params
-            @parsed_hash.tap do |hash|
-              hash[:skip_confirmation] = SKIP_EMAIL_CONFIRMATION
+          def group_user_params
+            user_params.tap do |hash|
               hash[:saml_provider_id] = @group.saml_provider.id
               hash[:group_id] = @group&.id
               hash[:provider] = ::Users::BuildService::GROUP_SCIM_PROVIDER
-              hash[:username] = valid_username
-              hash[:password] = hash[:password_confirmation] = random_password
-              hash[:password_automatically_set] = PASSWORD_AUTOMATICALLY_SET
             end
           end
 

ee/lib/ee/gitlab/scim/provisioning_service.rb

@@ -44,15 +44,6 @@ def build_scim_identity
           )
         end
 
-        def user_params
-          @parsed_hash.tap do |hash|
-            hash[:skip_confirmation] = SKIP_EMAIL_CONFIRMATION
-            hash[:username] = valid_username
-            hash[:password] = hash[:password_confirmation] = random_password
-            hash[:password_automatically_set] = PASSWORD_AUTOMATICALLY_SET
-          end
-        end
-
         def existing_identity?
           identity&.persisted?
         end

ee/spec/lib/ee/gitlab/scim/group/provisioning_service_spec.rb

@@ -54,6 +54,12 @@
     end
 
     context 'when valid params' do
+      before do
+        # By default SAAS version setting is hard as per docs
+        # https://docs.gitlab.com/ee/user/gitlab_com/#email-confirmation
+        stub_application_setting_enum('email_confirmation_setting', 'hard')
+      end
+
       def user
         User.find_by(email: service_params[:email])
       end

ee/spec/lib/ee/gitlab/scim/provisioning_service_spec.rb

@@ -60,11 +60,27 @@ def user
         expect(user).to be_a(User)
       end
 
-      it 'user record requires confirmation' do
-        service.execute
+      context 'when email confirmation setting is set' do
+        using RSpec::Parameterized::TableSyntax
+
+        where(:email_confirmation_setting, :confirmed) do
+          'soft' | false
+          'hard' | false
+          'off' | true
+        end
 
-        expect(user).to be_present
-        expect(user).not_to be_confirmed
+        with_them do
+          before do
+            stub_application_setting_enum('email_confirmation_setting', email_confirmation_setting)
+          end
+
+          it "sets user confirmation according to setting" do
+            service.execute
+
+            expect(user).to be_present
+            expect(user.reload.confirmed?).to be(confirmed)
+          end
+        end
       end
 
       context 'when the current minimum password length is different from the default minimum password length' do