Skip to content

Skip email restriction validations for placeholder and importer users

Luke Duncalfe requested to merge 483639-allow-placeholder-and-import-users-to-signup-despite-restrictions into master

What does this MR do and why?

The sign-up email restriction validations can block placeholder and import users to be created on systems that have sign-up restrictions.

However, placeholder users and import users are necessary for the system to create during imports.

These users are created with the GitLab hostname as their email domains.

The sign-up restrictions do not need to apply to these users because they're not accounts that can be signed in by users due to being internal user types.

Other services will set a created_by_id for the user record which avoids the validation, but placeholder and import users are created by the system and so there is no created_by_id we can set.

#483639 (closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Restart Sidekiq after switching to this branch: gdk restart rails-background-jobs.

  1. On your localhost, go /admin/application_settings/general and expand Sign-up restrictions.
  2. In Allowed domains for sign-ups enter domain.com.
  3. Select Save changes

Conduct a new Direct Transfer import:

  1. Enable both the importer_user_mapping and bulk_import_importer_user_mapping flags.
  2. Start a new Direct Transfer import.
  3. In the UI, click "Migration details" to see the progress of the import, or else visit /import/bulk_imports/<BulkImport.last.id>/history.
  4. The import should progress without any errors. You should not see a "Show errors" link in the "View details" sections of the history page.
  5. There will have been placeholder users successfully created for the import. On a rails console: 
    group = Group.find_by_full_name(<path-of-group-imported-into>).root_ancestor
Import::SourceUser.where(namespace: group).any? # => true

On master the import will have many errors and placeholder users will not be created:

master branch history page:

image

master branch "Show errors" page:

image

master branch the group should have no placeholder users created during the import:

group = Group.find_by_full_name(<path-of-group-imported-into>).root_ancestor
Import::SourceUser.where(namespace: group).any? # => false

Clean up your admin:

  1. In the admin's Sign-up restrictions remove domain.com from the Allowed domains for sign-ups and select Save changes

Related to #483639 (closed)

Edited by Luke Duncalfe

Merge request reports