Auditor role not bypassing SSO enforce with IP restrictions on

Summary

In !50199 (merged) we added a bypass for the Auditor role, and I reported this was working correctly for auditors in #211962 (comment 489035674) , but it seems not always.

Steps to reproduce

  1. Sign in with an auditor account.
  2. Visit a project in a group with SSO enforce on and IP restrictions on.
  3. Get redirected to "Authorize" screen.

Example Project

Visit the project listed in (internal): https://gitlab.zendesk.com/agent/tickets/182586

What is the current bug behavior?

Get the authorize screen.

What is the expected correct behavior?

Bypass SSO enforce, don't get the authorize screen, can view group/project.

Relevant logs and/or screenshots

image

Kibana entries: https://log.gprd.gitlab.net/goto/363b0dff67ae6fc3ea74c0a129098dd8

Output of checks

GitLab.com, GitLab Enterprise Edition 13.9.0-pre fa36f8013ca

Possible fixes

Edited by Cynthia "Arty" Ng