Merge branch 'eduardosanz/improve-signup-error-message' into 'master'

Clarify 'GitLab' term in signup error message

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166904



Merged-by: Eduardo Sanz García <esanz-garcia@gitlab.com>
Approved-by: Javiera Tapia <jtapia@gitlab.com>
Approved-by: Aboobacker MK <akarakath@gitlab.com>
Reviewed-by: Eduardo Sanz García <esanz-garcia@gitlab.com>

app/controllers/omniauth_callbacks_controller.rb

@@ -9,6 +9,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
   include AcceptsPendingInvitations
   include Onboarding::Redirectable
   include InternalRedirect
+  include SafeFormatHelper
 
   ACTIVE_SINCE_KEY = 'active_since'
 
@@ -249,15 +250,20 @@ def sign_in_user_flow(auth_user_class)
   end
 
   def handle_signup_error
+    redirect_path = new_user_session_path
     label = Gitlab::Auth::OAuth::Provider.label_for(oauth['provider'])
-    message = [_("Signing in using your %{label} account without a pre-existing GitLab account is not allowed.") % { label: label }]
+    simple_url = Settings.gitlab.url.sub(%r{^https?://(www\.)?}i, '')
+    message = [_("Signing in using your %{label} account without a pre-existing account in %{simple_url} is not allowed.") % { label: label, simple_url: simple_url }]
 
     if Gitlab::CurrentSettings.allow_signup?
-      message << (_("Create a GitLab account first, and then connect it to your %{label} account.") % { label: label })
+      redirect_path = new_user_registration_path
+      doc_pair = tag_pair(view_context.link_to('', help_page_path('user/profile/index.md', anchor: 'sign-in-services')), :doc_start, :doc_end)
+      message << safe_format(_("Create an account in %{simple_url} first, and then %{doc_start}connect it to your %{label} account%{doc_end}."), doc_pair, label: label, simple_url: simple_url)
     end
 
-    flash[:alert] = message.join(' ')
-    redirect_to new_user_session_path
+    flash[:alert] = message.join(' ').html_safe # rubocop:disable Rails/OutputSafety -- Generated message is safe
+
+    redirect_to redirect_path
   end
 
   def oauth

locale/gitlab.pot

@@ -16113,9 +16113,6 @@ msgstr ""
 msgid "Create New Directory"
 msgstr ""
-msgid "Create a GitLab account first, and then connect it to your %{label} account."
-msgstr ""
-
 msgid "Create a Kubernetes cluster"
 msgstr ""
@@ -16170,6 +16167,9 @@ msgstr ""
 msgid "Create a project"
 msgstr ""
+msgid "Create an account in %{simple_url} first, and then %{doc_start}connect it to your %{label} account%{doc_end}."
+msgstr ""
+
 msgid "Create an incident. Incidents are created for each alert triggered."
 msgstr ""
@@ -51888,7 +51888,7 @@ msgstr ""
 msgid "Signing in using your %{label} account has been disabled for security reasons. Please sign in to your GitLab account using another authentication method and reconnect to your %{label} account."
 msgstr ""
-msgid "Signing in using your %{label} account without a pre-existing GitLab account is not allowed."
+msgid "Signing in using your %{label} account without a pre-existing account in %{simple_url} is not allowed."
 msgstr ""
 msgid "SilentMode|All outbound communications are blocked. %{link_start}Learn more%{link_end}."

spec/controllers/omniauth_callbacks_controller_spec.rb

@@ -476,11 +476,17 @@
 
         context 'for a new user' do
           before do
+            @original_url = Settings.gitlab.url
+            Settings.gitlab.url = 'https://www.example.com:43/gitlab'
             stub_omniauth_setting(enabled: true, auto_link_user: true, allow_single_sign_on: ['atlassian_oauth2'])
 
             user.destroy!
           end
 
+          after do
+            Settings.gitlab.url = @original_url
+          end
+
           it 'denies sign-in if sign-up is enabled, but block_auto_created_users is set' do
             post :atlassian_oauth2
 
@@ -500,7 +506,7 @@
 
             post :atlassian_oauth2
 
-            expect(flash[:alert]).to start_with 'Signing in using your Atlassian account without a pre-existing GitLab account is not allowed.'
+            expect(flash[:alert]).to eq('Signing in using your Atlassian account without a pre-existing account in example.com:43/gitlab is not allowed. Create an account in example.com:43/gitlab first, and then <a href="/help/user/profile/index.md#sign-in-services">connect it to your Atlassian account</a>.')
           end
         end
       end
@@ -666,12 +672,34 @@ def stub_last_request_id(id)
         expect(request.env['warden']).to be_authenticated
       end
 
-      it 'denies login if sign up is not enabled' do
-        stub_omniauth_setting(allow_single_sign_on: false, block_auto_created_users: false)
+      describe 'when registering a new account is allowed' do
+        before do
+          allow(Gitlab::CurrentSettings).to receive(:allow_signup?).and_return(true)
+        end
+
+        it 'denies login if sign up is not enabled' do
+          stub_omniauth_setting(allow_single_sign_on: false, block_auto_created_users: false)
 
-        post :saml, params: { SAMLResponse: mock_saml_response }
+          post :saml, params: { SAMLResponse: mock_saml_response }
 
-        expect(flash[:alert]).to start_with 'Signing in using your saml account without a pre-existing GitLab account is not allowed.'
+          expect(flash[:alert]).to eq('Signing in using your saml account without a pre-existing account in localhost is not allowed. Create an account in localhost first, and then <a href="/help/user/profile/index.md#sign-in-services">connect it to your saml account</a>.')
+          expect(response).to redirect_to(new_user_registration_path)
+        end
+      end
+
+      describe 'when registering a new account is not allowed' do
+        before do
+          allow(Gitlab::CurrentSettings).to receive(:allow_signup?).and_return(false)
+        end
+
+        it 'denies login if sign up is not enabled' do
+          stub_omniauth_setting(allow_single_sign_on: false, block_auto_created_users: false)
+
+          post :saml, params: { SAMLResponse: mock_saml_response }
+
+          expect(flash[:alert]).to eq('Signing in using your saml account without a pre-existing account in localhost is not allowed.')
+          expect(response).to redirect_to(new_user_session_path)
+        end
       end
 
       it 'logs saml_response for debugging' do