summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Speicher <robert@gitlab.com>2017-02-08 20:47:38 +0000
committerRobert Speicher <robert@gitlab.com>2017-02-08 20:47:38 +0000
commitb28d66c38d95e779157e9f68f68e7ca3b0ba2521 (patch)
tree7bdc9278cf5bbf63dd05f615cff98f0991bafd8c
parentd01cd84e69999677b5cb0d4f03d140f33cfdc0f7 (diff)
parentd9ee55ee38eb75f57ce9d1052ed23965a93f72b7 (diff)
downloadgitlab-ce-b28d66c38d95e779157e9f68f68e7ca3b0ba2521.tar.gz
Merge branch 'bypass-whitelist-for-external-user' into 'master'
Bypass signup domain validation for external users Closes #25279 See merge request !8575
-rw-r--r--app/models/user.rb2
-rw-r--r--changelogs/unreleased/bypass-email-domain-validation-when-created-by-admin.yml4
-rw-r--r--doc/user/admin_area/settings/sign_up_restrictions.md24
-rw-r--r--spec/models/user_spec.rb10
4 files changed, 36 insertions, 4 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index f64d0c17a45..33666b4f35b 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -119,7 +119,7 @@ class User < ActiveRecord::Base
validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
before_validation :generate_password, on: :create
- before_validation :signup_domain_valid?, on: :create
+ before_validation :signup_domain_valid?, on: :create, if: ->(user) { !user.created_by_id }
before_validation :sanitize_attrs
before_validation :set_notification_email, if: ->(user) { user.email_changed? }
before_validation :set_public_email, if: ->(user) { user.public_email_changed? }
diff --git a/changelogs/unreleased/bypass-email-domain-validation-when-created-by-admin.yml b/changelogs/unreleased/bypass-email-domain-validation-when-created-by-admin.yml
new file mode 100644
index 00000000000..f335ae27fda
--- /dev/null
+++ b/changelogs/unreleased/bypass-email-domain-validation-when-created-by-admin.yml
@@ -0,0 +1,4 @@
+---
+title: Bypass email domain validation when a user is created by an admin.
+merge_request: 8575
+author: Reza Mohammadi @remohammadi
diff --git a/doc/user/admin_area/settings/sign_up_restrictions.md b/doc/user/admin_area/settings/sign_up_restrictions.md
index 4b540473a6e..603b826e7f2 100644
--- a/doc/user/admin_area/settings/sign_up_restrictions.md
+++ b/doc/user/admin_area/settings/sign_up_restrictions.md
@@ -1,5 +1,20 @@
# Sign-up restrictions
+You can block email addresses of specific domains, or whitelist only some
+specifc domains via the **Application Settings** in the Admin area.
+
+>**Note**: These restrictions are only applied during sign-up. An admin is
+able to add add a user through the admin panel with a disallowed domain. Also
+note that the users can change their email addresses after signup to
+disallowed domains.
+
+## Whitelist email domains
+
+> [Introduced][ce-598] in GitLab 7.11.0
+
+You can restrict users to only signup using email addresses matching the given
+domains list.
+
## Blacklist email domains
> [Introduced][ce-5259] in GitLab 8.10.
@@ -9,13 +24,16 @@ from creating an account on your GitLab server. This is particularly useful to
prevent spam. Disposable email addresses are usually used by malicious users to
create dummy accounts and spam issues.
+## Settings
+
This feature can be activated via the **Application Settings** in the Admin area,
and you have the option of entering the list manually, or uploading a file with
the list.
-The blacklist accepts wildcards, so you can use `*.test.com` to block every
-`test.com` subdomain, or `*.io` to block all domains ending in `.io`. Domains
-should be separated by a whitespace, semicolon, comma, or a new line.
+Both whitelist and blacklist accept wildcards, so for example, you can use
+`*.company.com` to accept every `company.com` subdomain, or `*.io` to block all
+domains ending in `.io`. Domains should be separated by a whitespace,
+semicolon, comma, or a new line.
![Domain Blacklist](img/domain_blacklist.png)
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index fe88ec63af6..7fd49c73b37 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -141,6 +141,11 @@ describe User, models: true do
user = build(:user, email: "example@test.com")
expect(user).to be_invalid
end
+
+ it 'accepts example@test.com when added by another user' do
+ user = build(:user, email: "example@test.com", created_by_id: 1)
+ expect(user).to be_valid
+ end
end
context 'domain blacklist' do
@@ -159,6 +164,11 @@ describe User, models: true do
user = build(:user, email: 'info@example.com')
expect(user).not_to be_valid
end
+
+ it 'accepts info@example.com when added by another user' do
+ user = build(:user, email: 'info@example.com', created_by_id: 1)
+ expect(user).to be_valid
+ end
end
context 'when a signup domain is blacklisted but a wildcard subdomain is allowed' do