Users should finish onboarding if they are claimed as an Enterprise user

From https://gitlab.com/gitlab-com/support/internal-requests/-/issues/25780#note_2356285551 / https://gitlab.com/gitlab-com/support/internal-requests/-/issues/25784

@dstull there is another fringe case in https://gitlab.com/gitlab-com/support/internal-requests/-/issues/25784 - There the user

• signed up but did not complete the onboarding flow
• was then claimed as an Enterprise user (via verified domain)
• on the associated namespace the Disable password authentication for enterprise users is active

So the user has no possibility to sign in using username and password to complete the flow regardless.

I've been looking into this in Slack with @adil.farrukh and we think that we should possibly set onboarding_in_progress to false when a user is claimed as an Enterprise user - what do you think?

@ahergenhan I see - that one looks like, from the logs, they are being denied due to this check perhaps, that I guess could be a feature of enteprise users that users can't create groups?

I'd like to think over the solution with the enterprise flow for that one a bit more to figure out the true cause of the 404 on the Registrations::GroupsController#new path and why it is that way in order to figure out how to handle this permanently... for your immediate case, I'd agree with your current work around.

Solution

Finish onboarding - diff for ideas

diff --git ee/app/services/groups/enterprise_users/associate_service.rb ee/app/services/groups/enterprise_users/associate_service.rb
index 0e1a65f320a6..7758b52896ec 100644
--- ee/app/services/groups/enterprise_users/associate_service.rb
+++ ee/app/services/groups/enterprise_users/associate_service.rb
@@ -19,6 +19,8 @@ def execute
 
         @user.user_detail.update!(enterprise_group_id: @group.id, enterprise_group_associated_at: Time.current)
 
+        ::Onboarding::FinishService.new(@user).execute
+
         Notify.user_associated_with_enterprise_group_email(@user.id).deliver_later
 
         log_info(message: 'Associated the user with the enterprise group')

Try to see if we can somehow only perform one transaction and fit this into the update action above this.

More details in thread

Plan

• Improve enterprise user query performance - !182897 (merged)
• Stop onboarding for new enterprise users - !182649 (merged)
• Enable Feature flag - [Feature flag] Enable no_onboarding_enterprise_... (#521697 - closed)
• Cleanup Feature flag - Cleanup the no_onboarding_enterprise_users feat... (!184478 - merged)
• Backfill existing users - Finish user onboarding for existing enterprise ... (!183597 - merged)
• Finalize backfill and final checkout - Finalize the finish onboarding for enterprise u... (!187713 - merged)