Skip to content

Return early if user is nil in ee/lib/ee/gitlab/auth/saml/user.rb

What does this MR do?

This MR seeks to prevent the use case which occurs with SSO when a user does not have the required group(s) and has never logged in so no GitLab profile exists. In this case, the user object is set to "nil" and then throws an NPE exception in the method 'build_user_synced_attributes_metadata' as the method cannot build metadata for nil.

It is unclear if the user object should be set to 'nil' and return called early or if the method 'build_user_synced_attributes_metadata' should check for (user == nil) and return from inside the method.

See #23688 (closed) for more details.

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Serena Fang

Merge request reports

Loading