Updating user email doesn't work when user synced attributes exist
Zendesk: https://gitlab.zendesk.com/agent/tickets/94975 (internal)
In Gitlab::Auth::LDAP::Access
we update various user attributes if the value in LDAP has changed. On the customer's system this didn't happen for all users, but for a specific user we saw the following:
In Gitlab::Auth::LDAP::Access#update_email
we see that we get past the equality check - that is, we know that the LDAP email does not match the current email. GitLab calls the Users::UpdateService
and sends the new email address.
Then in Users::UpdateService#assign_attributes
there is a check for user_synced_attributes_metadata
. In the case of this user, that showed us that email was read only because it was synced. LDAP is the thing trying to update it, so it should work. However, the update service simply returns without updating the email address and the update is still considered successful.
Since LDAP is the provider doing the syncing, this email update should happen successfully.