Skip to content

Extend `blocked_pending_approval` status for OmniAuth, SAML and LDAP users

What does this MR do and why?

For #285124 (closed) & https://gitlab.com/gitlab-org/gitlab/-/issues/281691

This MR puts new users created via LDAP/Omniauth in a blocked_pending_approval state, if the application setting require_admin_approval_after_user_signup is set to TRUE. This setting comes from the Users Pending Approval feature, and it is a setting that is TRUE by default.

This application setting is already used to place the user in a blocked_pending_approval state when the user is signing up via the normal registration flow (introduced in !44398 (merged)), and we are now extending this to Omniauth/LDAP user creation.

Some context

Recently, with !63650 (merged), we have already been putting new registrations via Omniauth/LDAP in the blocked_pending_approval state if the Omniauth/LDAP configuration had block_auto_created_users setting set to true.

So, because of the changes in !63650 (merged), this MR turned out to be quite easy to implement code-wise, as we already had the pieces in place which set the user to the desired state of blocked_pending_approval when certain conditions were met.

If we turn the state of the user to a truth table, based on the 2 settings, it would be

require_admin_approval_after_user_signup block_auto_created_users (LDAP/OAuth) State of the newly created user via LDAP/Omniauth
false false active
true false blocked_pending_approval
false true blocked_pending_approval
true true blocked_pending_approval

Here, the 2nd row of the truth table is what this MR implements. The rest of the rows are unchanged from the changes in !63650 (merged).

Documentation

Regarding documentation, I do not think this change requires a new documentation update since the docs at https://docs.gitlab.com/ee/user/admin_area/moderate_users.html#users-pending-approval already covers the case in this MR too.

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Manoj M J

Merge request reports

Loading