Add regressiontest to verify allow_single_sign_on setting

verification for #1677

Since testing omniauth_callback_controller.rb is very difficult, the logic
is moved to the models

1 files changed, 14 insertions, 3 deletions

diff --git a/lib/gitlab/oauth/user.rb b/lib/gitlab/oauth/user.rb
index 133445d3d05..18ec63a62a2 100644
--- a/lib/gitlab/oauth/user.rb
+++ b/lib/gitlab/oauth/user.rb
@@ -13,7 +13,7 @@ module Gitlab
       end
 
       def persisted?
-        gl_user.persisted?
+        gl_user.try(:persisted?)
       end
 
       def new?
@@ -21,10 +21,12 @@ module Gitlab
       end
 
       def valid?
-        gl_user.valid?
+        gl_user.try(:valid?)
       end
 
       def save
+        unauthorized_to_create unless gl_user
+
         gl_user.save!
         log.info "(OAuth) saving user #{auth_hash.email} from login with extern_uid => #{auth_hash.uid}"
         gl_user.block if needs_blocking?
@@ -36,7 +38,12 @@ module Gitlab
       end
 
       def gl_user
-        @user ||= find_by_uid_and_provider || build_new_user
+        @user ||= find_by_uid_and_provider
+
+        if Gitlab.config.omniauth.allow_single_sign_on
+          @user ||= build_new_user
+        end
+        @user
       end
 
       protected
@@ -77,6 +84,10 @@ module Gitlab
       def model
         ::User
       end
+
+      def raise_unauthorized_to_create
+        raise StandardError.new("Unauthorized to create user, signup disabled for #{auth_hash.provider}")
+      end
     end
   end
 end