When LDAP doesn't supply email address the user is no longer allowed to set it in the UI
Summary
For customers who use LDAP, when LDAP doesn't supply email address for a user, the user is no longer allowed to set it in the UI. Based on customer feedback this used to work up until 12.7.6, and no longer worked when they upgraded to 12.8.0 and 112.8.1. Not working means that they used to be able to edit the email address in the UI and that is no longer the case.
This functionality (editing email addresses for LDAP users that are not initially set-up with an email) was introduced with gitlab-foss#3054 (closed) and no longer seems to work, which means that:
- For an admin, when they are looking at a newly added user here is what they are seeing:
However trying to edit that temp-email-for-oauth-trawnyma@gitlab.localhost email address appears to working but saving silently fails (no error is given, but upon returning to the same page the email address is back to its original value temp-email-for-oauth-trawnyma@gitlab.localhost).
- For a regular user when trying to edit the email-field is empty and read only (this field was editable in previous versions and was filled with temp-email-address, like
temp-email-for-oauth-trawnyma@gitlab.localhost):
Steps to reproduce
Upgrade from Gitlab 12.7.x or earlier integrated with LDAP to support user authentication to Gitlab 12.8.x
What is the current bug behavior?
After an upgrade to 12.8.x (in the context of LDAP integration, where LDAP does not provide an email for the users that are added) the email address is no longer editable in the Gitlab UI.
What is the expected correct behavior?
After an upgrade to 12.8.x (in the context of LDAP integration, where LDAP does not provide an email for the users that are added) the email address should be editable in the Gitlab UI as implemented in gitlab-foss#3054 (closed). Because there is a valid workaround (implemented in rails console...see below), I am tempted to think that this may be just a UI level issue.
Workaround
This is a workaround that was validated by the customer:
# get the latest user
user = User.last
#at this point we're seeing that there no email value indicated
pp user.email
# setting the email value for that user to what we want it to be
user.email = 'some@email.com'
# make sure to skip reoconfirmation
user.skip_reconfirmation!
# save the user for the changes to become effective
user.saveThe user now has a email address set.
A more efficient way of doing it would be (for multiple users in one go):
# Each entry will have to include the old username and the new email
emails = {
'ORIGINAL_USERNAME1' => 'NEW_EMAIL_ADDRESS1',
'ORIGINAL_USERNAME2' => 'NEW_EMAIL_ADDRESS2',
...
}
emails.each do |username, email|
user = User.find_by_username(username)
user.email = email
user.skip_reconfirmation!
user.save!
end
# Run the UserSync to update the above users' data
LdapSyncWorker.new.performPossible fixes
UI should allow for the email address to be editable