SCIM post endpoint returns 412 and error when it's called for group with allowed domain and user is not saved.

Summary

SCIM post endpoint that is responsible for creating user returns 412 and error when it's called for a group with allowed domain restriction and user is not valid.

Steps to reproduce

  1. create a group with scim_provisioning
  2. add allowed domain restriction
  3. try to create a user without an email.

Example Project

(If possible, please create an example project here on GitLab.com that exhibits the problematic behavior, and link to it here in the bug report)

(If you are using an older version of GitLab, this will also determine whether the bug is fixed in a more recent version)

What is the current bug behavior?

SCIM POST endpoint returns 412 and rails error.

What is the expected correct behavior?

SCIM POST endpoint returns parsed error from user object.

Relevant logs and/or screenshots

https://gitlab.zendesk.com/agent/tickets/130514 (internal only).

Output of checks

(This bug happens on GitLab.com)

Reason for this: When a user is not saved, we want to display an error. error_response method is calling member method, which is trying to add not saved user to group. If we are checking the allowed domain, it results in an error.

Results of GitLab environment info

Expand for output related to GitLab environment info 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:env:info)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes

https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/app/models/allowed_email_domain.rb#L33 https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/ee/gitlab/scim/provisioning_service.rb#L53