500 error when inviting user to group with SAML enabled
Summary
When inviting a user to an group while SAML is enabled, it throws a 500 error.
Steps to reproduce
- Create a new group with an Ultimate trial
- Enable SAML on the group and force SAML auth
- Invite a user that does not have an account on GitLab.com
Example Project
What is the current bug behavior?
Inviting a member to a group where SAML is enabled throws an unhandled 500 error
What is the expected correct behavior?
Relevant logs and/or screenshots
Sentry logs: https://new-sentry.gitlab.net/organizations/gitlab/issues/947786/events/cf02c07b371c4d54b72c5209ca19312a/?project=3
Raw stack trace
NoMethodError: undefined method `using_gitlab_com_seat?' for nil:NilClass
return user.using_gitlab_com_seat?(source) if ::Gitlab.com?
^^^^^^^^^^^^^^^^^^^^^^^
from ee/app/models/ee/member.rb:173:in `is_using_seat'
from ee/app/services/ee/members/destroy_service.rb:22:in `after_execute'
from app/services/members/destroy_service.rb:101:in `delete_member_associations'
from app/services/members/destroy_service.rb:85:in `destroy_data_related_to_member'
from ee/app/services/ee/members/destroy_service.rb:112:in `destroy_data_related_to_member'
from app/services/members/destroy_service.rb:29:in `execute'
from app/controllers/concerns/membership_actions.rb:31:in `destroy'
from actionpack (7.0.8.4) lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
from actionpack (7.0.8.4) lib/abstract_controller/base.rb:215:in `process_action'
from actionpack (7.0.8.4) lib/action_controller/metal/rendering.rb:165:in `process_action'
from actionpack (7.0.8.4) lib/abstract_controller/callbacks.rb:234:in `block in process_action'
from activesupport (7.0.8.4) lib/active_support/callbacks.rb:118:in `block in run_callbacks'
from lib/gitlab/ip_address_state.rb:11:in `with'
from ee/app/controllers/ee/application_controller.rb:45:in `set_current_ip_address'
from activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'
from app/controllers/application_controller.rb:474:in `set_current_admin'
from activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'
from lib/gitlab/session.rb:11:in `with_session'
from app/controllers/application_controller.rb:465:in `set_session_storage'
from activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'
from lib/gitlab/i18n.rb:114:in `with_locale'
from lib/gitlab/i18n.rb:120:in `with_user_locale'
from app/controllers/application_controller.rb:456:in `set_locale'
from activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'
from marginalia (1.11.1) lib/marginalia.rb:109:in `record_query_comment'
from activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'
from app/controllers/application_controller.rb:449:in `set_current_context'
from activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'
from sentry-rails (5.17.3) lib/sentry/rails/controller_transaction.rb:28:in `block in sentry_around_action'
from sentry-ruby (5.17.3) lib/sentry/hub.rb:102:in `with_child_span'
from sentry-ruby (5.17.3) lib/sentry-ruby.rb:490:in `with_child_span'
from sentry-rails (5.17.3) lib/sentry/rails/controller_transaction.rb:14:in `sentry_around_action'
from activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'
from activesupport (7.0.8.4) lib/active_support/callbacks.rb:138:in `run_callbacks'
from actionpack (7.0.8.4) lib/abstract_controller/callbacks.rb:233:in `process_action'
from actionpack (7.0.8.4) lib/action_controller/metal/rescue.rb:23:in `process_action'
from actionpack (7.0.8.4) lib/action_controller/metal/instrumentation.rb:67:in `block in process_action'
from activesupport (7.0.8.4) lib/active_support/notifications.rb:206:in `block in instrument'
from activesupport (7.0.8.4) lib/active_support/notifications/instrumenter.rb:24:in `instrument'
from activesupport (7.0.8.4) lib/active_support/notifications.rb:206:in `instrument'
from actionpack (7.0.8.4) lib/action_controller/metal/instrumentation.rb:66:in `process_action'
from actionpack (7.0.8.4) lib/action_controller/metal/params_wrapper.rb:259:in `process_action'
from activerecord (7.0.8.4) lib/active_record/railties/controller_runtime.rb:27:in `process_action'
from actionpack (7.0.8.4) lib/abstract_controller/base.rb:151:in `process'
from actionview (7.0.8.4) lib/action_view/rendering.rb:39:in `process'
from actionpack (7.0.8.4) lib/action_controller/metal.rb:188:in `dispatch'
from actionpack (7.0.8.4) lib/action_controller/metal.rb:251:in `dispatch'
from actionpack (7.0.8.4) lib/action_dispatch/routing/route_set.rb:49:in `dispatch'
from actionpack (7.0.8.4) lib/action_dispatch/routing/route_set.rb:32:in `serve'
from actionpack (7.0.8.4) lib/action_dispatch/routing/mapper.rb:18:in `block in <class:Constraints>'
from actionpack (7.0.8.4) lib/action_dispatch/routing/mapper.rb:48:in `serve'
from actionpack (7.0.8.4) lib/action_dispatch/journey/router.rb:50:in `block in serve'
from actionpack (7.0.8.4) lib/action_dispatch/journey/router.rb:32:in `each'
from actionpack (7.0.8.4) lib/action_dispatch/journey/router.rb:32:in `serve'
from actionpack (7.0.8.4) lib/action_dispatch/routing/route_set.rb:852:in `call'
from gitlab-experiment (0.9.1) lib/gitlab/experiment/middleware.rb:19:in `call'
from omniauth (2.1.0) lib/omniauth/strategy.rb:202:in `call!'
from omniauth (2.1.0) lib/omniauth/strategy.rb:169:in `call'
from omniauth (2.1.0) lib/omniauth/strategy.rb:470:in `call_app!'
from ee/lib/omni_auth/strategies/group_saml.rb:41:in `other_phase'
from omniauth (2.1.0) lib/omniauth/strategy.rb:195:in `call!'
from omniauth (2.1.0) lib/omniauth/strategy.rb:169:in `call'
from omniauth (2.1.0) lib/omniauth/strategy.rb:202:in `call!'
from omniauth (2.1.0) lib/omniauth/strategy.rb:169:in `call'
from omniauth (2.1.0) lib/omniauth/strategy.rb:202:in `call!'
from omniauth (2.1.0) lib/omniauth/strategy.rb:169:in `call'
from omniauth (2.1.0) lib/omniauth/strategy.rb:202:in `call!'
from omniauth (2.1.0) lib/omniauth/strategy.rb:169:in `call'
from flipper (0.26.2) lib/flipper/middleware/memoizer.rb:72:in `memoized_call'
from flipper (0.26.2) lib/flipper/middleware/memoizer.rb:37:in `call'
from lib/gitlab/metrics/elasticsearch_rack_middleware.rb:16:in `call'
from lib/gitlab/middleware/sidekiq_shard_awareness_validation.rb:20:in `block in call'
from lib/gitlab/sidekiq_sharding/validator.rb:42:in `enabled'
from lib/gitlab/middleware/sidekiq_shard_awareness_validation.rb:20:in `call'
from lib/gitlab/middleware/memory_report.rb:13:in `call'
from lib/gitlab/middleware/speedscope.rb:13:in `call'
from lib/gitlab/database/load_balancing/rack_middleware.rb:23:in `call'
from lib/gitlab/middleware/rails_queue_duration.rb:33:in `call'
from lib/gitlab/etag_caching/middleware.rb:21:in `call'
from lib/gitlab/metrics/rack_middleware.rb:16:in `block in call'
from lib/gitlab/metrics/web_transaction.rb:46:in `run'
from lib/gitlab/metrics/rack_middleware.rb:16:in `call'
from lib/gitlab/middleware/go.rb:24:in `call'
from lib/gitlab/middleware/query_analyzer.rb:11:in `block in call'
from lib/gitlab/database/query_analyzer.rb:40:in `within'
from lib/gitlab/middleware/query_analyzer.rb:11:in `call'
from batch-loader (2.0.5) lib/batch_loader/middleware.rb:11:in `call'
from rack-attack (6.7.0) lib/rack/attack.rb:103:in `call'
from apollo_upload_server (2.1.6) lib/apollo_upload_server/middleware.rb:19:in `call'
from lib/gitlab/middleware/multipart.rb:173:in `call'
from rack-attack (6.7.0) lib/rack/attack.rb:127:in `call'
from warden (1.2.9) lib/warden/manager.rb:36:in `block in call'
from warden (1.2.9) lib/warden/manager.rb:34:in `catch'
from warden (1.2.9) lib/warden/manager.rb:34:in `call'
from rack-cors (2.0.2) lib/rack/cors.rb:102:in `call'
from rack (2.2.9) lib/rack/tempfile_reaper.rb:15:in `call'
from rack (2.2.9) lib/rack/etag.rb:27:in `call'
from rack (2.2.9) lib/rack/conditional_get.rb:40:in `call'
from rack (2.2.9) lib/rack/head.rb:12:in `call'
from actionpack (7.0.8.4) lib/action_dispatch/http/permissions_policy.rb:38:in `call'
from actionpack (7.0.8.4) lib/action_dispatch/http/content_security_policy.rb:36:in `call'
from lib/gitlab/middleware/read_only/controller.rb:50:in `call'
from lib/gitlab/middleware/read_only.rb:18:in `call'
from lib/gitlab/middleware/unauthenticated_session_expiry.rb:18:in `call'
from rack (2.2.9) lib/rack/session/abstract/id.rb:266:in `context'
from rack (2.2.9) lib/rack/session/abstract/id.rb:260:in `call'
from actionpack (7.0.8.4) lib/action_dispatch/middleware/cookies.rb:704:in `call'
from lib/gitlab/middleware/same_site_cookies.rb:27:in `call'
from actionpack (7.0.8.4) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
from activesupport (7.0.8.4) lib/active_support/callbacks.rb:99:in `run_callbacks'
from actionpack (7.0.8.4) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
from sentry-rails (5.17.3) lib/sentry/rails/rescued_exception_interceptor.rb:12:in `call'
from actionpack (7.0.8.4) lib/action_dispatch/middleware/debug_exceptions.rb:28:in `call'
from lib/gitlab/middleware/path_traversal_check.rb:34:in `call'
from lib/gitlab/middleware/handle_malformed_strings.rb:21:in `call'
from sentry-ruby (5.17.3) lib/sentry/rack/capture_exceptions.rb:29:in `block (2 levels) in call'
from sentry-ruby (5.17.3) lib/sentry/hub.rb:251:in `with_session_tracking'
from sentry-ruby (5.17.3) lib/sentry-ruby.rb:403:in `with_session_tracking'
from sentry-ruby (5.17.3) lib/sentry/rack/capture_exceptions.rb:20:in `block in call'
from sentry-ruby (5.17.3) lib/sentry/hub.rb:59:in `with_scope'
from sentry-ruby (5.17.3) lib/sentry-ruby.rb:383:in `with_scope'
from sentry-ruby (5.17.3) lib/sentry/rack/capture_exceptions.rb:19:in `call'
from actionpack (7.0.8.4) lib/action_dispatch/middleware/show_exceptions.rb:29:in `call'
from lib/gitlab/middleware/basic_health_check.rb:25:in `call'
from lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app'
from railties (7.0.8.4) lib/rails/rack/logger.rb:25:in `block in call'
from activesupport (7.0.8.4) lib/active_support/tagged_logging.rb:99:in `block in tagged'
from activesupport (7.0.8.4) lib/active_support/tagged_logging.rb:37:in `tagged'
from activesupport (7.0.8.4) lib/active_support/tagged_logging.rb:99:in `tagged'
from railties (7.0.8.4) lib/rails/rack/logger.rb:25:in `call'
from actionpack (7.0.8.4) lib/action_dispatch/middleware/remote_ip.rb:93:in `call'
from lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'
from lib/gitlab/middleware/request_context.rb:15:in `call'
from lib/gitlab/middleware/webhook_recursion_detection.rb:15:in `call'
from request_store (1.5.1) lib/request_store/middleware.rb:19:in `call'
from rack (2.2.9) lib/rack/method_override.rb:24:in `call'
from rack (2.2.9) lib/rack/runtime.rb:22:in `call'
from rack-timeout (0.7.0) lib/rack/timeout/core.rb:154:in `block in call'
from rack-timeout (0.7.0) lib/rack/timeout/support/timeout.rb:19:in `timeout'
from rack-timeout (0.7.0) lib/rack/timeout/core.rb:153:in `call'
from config/initializers/fix_local_cache_middleware.rb:11:in `call'
from lib/gitlab/middleware/compressed_json.rb:44:in `call'
from actionpack (7.0.8.4) lib/action_dispatch/middleware/executor.rb:14:in `call'
from lib/gitlab/middleware/rack_multipart_tempfile_factory.rb:19:in `call'
from rack (2.2.9) lib/rack/sendfile.rb:110:in `call'
from lib/gitlab/middleware/sidekiq_web_static.rb:20:in `call'
from lib/gitlab/metrics/requests_rack_middleware.rb:79:in `call'
from gitlab-labkit (0.36.1) lib/labkit/middleware/rack.rb:22:in `block in call'
from gitlab-labkit (0.36.1) lib/labkit/context.rb:35:in `with_context'
from gitlab-labkit (0.36.1) lib/labkit/middleware/rack.rb:21:in `call'
from actionpack (7.0.8.4) lib/action_dispatch/middleware/request_id.rb:26:in `call'
from actionpack (7.0.8.4) lib/action_dispatch/middleware/host_authorization.rb:131:in `call'
from railties (7.0.8.4) lib/rails/engine.rb:530:in `call'
from railties (7.0.8.4) lib/rails/railtie.rb:226:in `public_send'
from railties (7.0.8.4) lib/rails/railtie.rb:226:in `method_missing'
from lib/gitlab/middleware/release_env.rb:13:in `call'
from rack (2.2.9) lib/rack/urlmap.rb:74:in `block in call'
from rack (2.2.9) lib/rack/urlmap.rb:58:in `each'
from rack (2.2.9) lib/rack/urlmap.rb:58:in `call'
from puma (6.4.0) lib/puma/configuration.rb:272:in `call'
from puma (6.4.0) lib/puma/request.rb:100:in `block in handle_request'
from puma (6.4.0) lib/puma/thread_pool.rb:378:in `with_force_shutdown'
from puma (6.4.0) lib/puma/request.rb:99:in `handle_request'
from puma (6.4.0) lib/puma/server.rb:443:in `process_client'
from puma (6.4.0) lib/puma/server.rb:241:in `block in run'
from puma (6.4.0) lib/puma/thread_pool.rb:155:in `block in spawn_thread'Output of checks
This bug happens on GitLab.com
Possible fixes
Workarounds
Temporarily disable SAML on the group and then invite the member to the group. After the member has signed up and logged in, re-enable SAML.
Edited by Matthew Badeau