1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
# frozen_string_literal: true
module Users
class BuildService < BaseService
delegate :user_default_internal_regex_enabled?,
:user_default_internal_regex_instance,
to: :'Gitlab::CurrentSettings.current_application_settings'
attr_reader :identity_params
def initialize(current_user, params = {})
@current_user = current_user
@params = params.dup
@identity_params = params.slice(*identity_attributes)
end
def execute(skip_authorization: false)
@skip_authorization = skip_authorization
raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_create_user?
user_params = build_user_params
user = User.new(user_params)
if current_user&.admin?
@reset_token = user.generate_reset_token if params[:reset_password]
if user_params[:force_random_password]
random_password = User.random_password
user.password = user.password_confirmation = random_password
end
end
build_identity(user)
Users::UpdateCanonicalEmailService.new(user: user).execute
user
end
private
attr_reader :skip_authorization
def identity_attributes
[:extern_uid, :provider]
end
def build_identity(user)
return if identity_params.empty?
user.identities.build(identity_params)
end
def can_create_user?
(current_user.nil? && Gitlab::CurrentSettings.allow_signup?) || current_user&.admin?
end
# Allowed params for creating a user (admins only)
def admin_create_params
[
:access_level,
:admin,
:avatar,
:bio,
:can_create_group,
:color_scheme_id,
:email,
:external,
:force_random_password,
:hide_no_password,
:hide_no_ssh_key,
:linkedin,
:name,
:password,
:password_automatically_set,
:password_expires_at,
:projects_limit,
:remember_me,
:skip_confirmation,
:skype,
:theme_id,
:twitter,
:username,
:website_url,
:private_profile,
:organization,
:location,
:public_email,
:user_type,
:note,
:view_diffs_file_by_file
]
end
# Allowed params for user signup
def signup_params
[
:email,
:password_automatically_set,
:name,
:first_name,
:last_name,
:password,
:username,
:user_type
]
end
def build_user_params
if current_user&.admin?
user_params = params.slice(*admin_create_params)
if params[:reset_password]
user_params.merge!(force_random_password: true, password_expires_at: nil)
end
else
allowed_signup_params = signup_params
allowed_signup_params << :skip_confirmation if allow_caller_to_request_skip_confirmation?
user_params = params.slice(*allowed_signup_params)
if assign_skip_confirmation_from_settings?(user_params)
user_params[:skip_confirmation] = skip_user_confirmation_email_from_setting
end
fallback_name = "#{user_params[:first_name]} #{user_params[:last_name]}"
if user_params[:name].blank? && fallback_name.present?
user_params = user_params.merge(name: fallback_name)
end
end
user_params[:created_by_id] = current_user&.id
if user_default_internal_regex_enabled? && !user_params.key?(:external)
user_params[:external] = user_external?
end
user_params.delete(:user_type) unless project_bot?(user_params[:user_type])
user_params
end
def allow_caller_to_request_skip_confirmation?
skip_authorization
end
def assign_skip_confirmation_from_settings?(user_params)
user_params[:skip_confirmation].nil?
end
def skip_user_confirmation_email_from_setting
!Gitlab::CurrentSettings.send_user_confirmation_email
end
def user_external?
user_default_internal_regex_instance.match(params[:email]).nil?
end
def project_bot?(user_type)
user_type&.to_sym == :project_bot
end
end
end
Users::BuildService.prepend_mod_with('Users::BuildService')
|
