Settings: Internal user regex does not work with user accounts created by oauth

Summary

The installation in use has New users set to external but new users that fit the internal users regex are created as external users. Oauth is used for authentication by shibboleth.

Steps to reproduce

  1. Do the following things as admin
    1. Set "New users set to external -> Newly registered users will by default be external" in Settings/Account and limit.
    2. Set "Internal users" to "@example\.com"
  2. Use a private browser tab
    1. Login via shibboleth oauth with a user that has a mail address user@example.com
  3. Check as admin
    1. User got created as external user

Example Project

Not applicable.

What is the current bug behavior?

Newly created users authenticated by oauth shibboleth become external users although their mail address matches the internal users regex.

What is the expected correct behavior?

Newly created users authenticated by oauth shibboleth become internal users because their mail address matches the internal users regex.

Relevant logs and/or screenshots

The only log entry I found is

September 24, 2018 14:23: User "Example, Peter" (peter@example.com) was created
September 24, 2018 14:23: (OAuth) saving user peter@example.com from login with extern_uid => peter@example.com

There is no info if the user is created internally or externally.

Output of checks

This bug happens on a selfhosted GitLab Community Edition.

Results of GitLab environment info

Expand for output related to GitLab environment info 
System information
System:		Ubuntu 16.04
Current User:	git
Using RVM:	no
Ruby Version:	2.4.4p296
Gem Version:	2.7.6
Bundler Version:1.16.2
Rake Version:	12.3.1
Redis Version:	3.2.11
Git Version:	2.18.0
Sidekiq Version:5.1.3
Go Version:	unknown

GitLab information
Version:	11.3.0
Revision:	17bd59a
Directory:	/opt/gitlab/embedded/service/gitlab-rails
DB Adapter:	postgresql
URL:		https://gitlab.example.private
HTTP Clone URL:	https://gitlab.example.private/some-group/some-project.git
SSH Clone URL:	git@gitlab.example.private:some-group/some-project.git
Using LDAP:	no
Using Omniauth:	yes
Omniauth Providers: shibboleth


GitLab Shell
Version:	8.3.3
Repository storage paths:
- default: 	/var/opt/gitlab/git-data/repositories
Hooks:		/opt/gitlab/embedded/service/gitlab-shell/hooks
Git:		/opt/gitlab/embedded/bin/git

Results of GitLab application Check

Expand for output related to the GitLab application check 
Checking GitLab Shell ...

GitLab Shell version >= 8.3.3 ? ... OK (8.3.3)
Repo base directory exists?
default... yes
Repo storage directories are symlinks?
default... no
Repo paths owned by git:root, or git:git?
default... yes
Repo paths access is drwxrws---?
default... yes
hooks directories in repos are links: ...
2/1 ... ok
6/2 ... ok
8/3 ... repository is empty
13/4 ... ok
7/5 ... repository is empty
7/6 ... ok
16/7 ... ok
16/8 ... ok
12/9 ... ok
12/10 ... ok
12/11 ... ok
16/12 ... ok
25/13 ... ok
7/14 ... ok
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Check GitLab API access: OK
Redis available via internal API: OK


Access to /var/opt/gitlab/.ssh/authorized_keys: OK
gitlab-shell self-check successful


Checking GitLab Shell ... Finished


Checking Sidekiq ...


Running? ... yes
Number of Sidekiq processes ... 1


Checking Sidekiq ... Finished


Reply by email is disabled in config/gitlab.yml
Checking LDAP ...


LDAP is disabled in config/gitlab.yml


Checking LDAP ... Finished


Checking GitLab ...


Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
Projects have namespace: ...
2/1 ... yes
6/2 ... yes
8/3 ... yes
13/4 ... yes
7/5 ... yes
7/6 ... yes
16/7 ... yes
16/8 ... yes
12/9 ... yes
12/10 ... yes
12/11 ... yes
16/12 ... yes
25/13 ... yes
7/14 ... yes
Redis version >= 2.8.0? ... yes
Ruby version >= 2.3.5 ? ... yes (2.4.4)
Git version >= 2.9.5 ? ... yes (2.18.0)
Git user has default SSH configuration? ... yes
Active users: ... 24


Checking GitLab ... Finished

Possible fixes

My guess: Apply check for internal users for accounts created by omniauth and set internal or external accordingly.

Edited by Mark Fletcher