Skip to content

Mark users blocked pending approval when block_auto_created_users is set

What does this MR do?

This MR changes the user status after LDAP and OAuth single sign on account creations are blocked via block_auto_created_users so signups can be worked via the pending approvals list.

This MR does not introduce support for blocking LDAP/OAuth accounts via require_admin_approval_after_user_signup.

Truth table for the instance setting with respect to block_auto_created_users:

require_admin_approval_after_user_signup block_auto_created_users (LDAP/OAuth) Result
false false active
true false active
false true blocked_pending_approval
true true blocked_pending_approval

Screenshots (strongly suggested)

Sample OAuth flow

oauth

image

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #285124 (closed)

Edited by Vincent Fazio

Merge request reports

Loading