Draft: Clarify error message when trying to register to an instance with the GitLab.com account
What does this MR do and why?
WHY
A GitLab instance can allow authenticating with external providers, including Google, Github, or GitLab.com: https://docs.gitlab.com/ee/integration/omniauth.html
When these are disabled, there are two UX problems:
-
You can still see the providers' buttons on the Sign in page.
-
Clicking GitLab.com results in an error message built from omniauth_callbacks_controller.rb. The repetition of "GitLab" can be confusing to users (example), not knowing which instance it refers to:
Signing in using your GitLab.com account without a pre-existing GitLab account is not allowed. Create a GitLab account first, and then connect it to your GitLab.com account.
With other providers, it's clear:
Signing in using your Github account without a pre-existing GitLab account is not allowed. Create a GitLab account first, and then connect it to your Github account.
MVC 1 from #415478: Edit strings in https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/controllers/omniauth_callbacks_controller.rb#L199-205 to be clearer in case of using GitLab.com but that also work with other providers:
- "Signing in using your
%{label}account without a pre-existing GitLab account is not allowed." - "Create a GitLab account first, and then connect it to your
%{label}account."
Mentions in the following docs should also be updated to match:
- https://docs.gitlab.com/ee/integration/omniauth.html#configure-common-settings
- Error text in https://docs.gitlab.com/ee/integration/github.html#signing-in-using-your-github-account-without-a-pre-existing-gitlab-account-is-not-allowed
- Add similar troubleshooting topic to https://docs.gitlab.com/ee/integration/gitlab.html
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Signing in with GitLab.com:
| Before | After |
|---|---|
 |
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
These are steps that I think should work, according to the documentation, but they don't work for me.
Click to expand
To configure your GDK:
-
On GitLab.com, create an application. Save the app ID and secret somewhere. For Redirect URI, I used my GDK's address:
http://127.0.0.1:3000/, maybe I should have used something else. -
In
gitlab/config/gitlab.yml, find theomniauth:section (for me, line 622) and configure the following lines like below (docs):omniauth: allow_single_sign_on: ["gitlab", "github"] auto_link_ldap_user: true # Locks down those users until they have been cleared by the admin (default: true). block_auto_created_users: false -
Under
providers:(for me, line 673), uncomment thegitlabblock, and add your app ID and secret and the scope you assigned it when creating the application:- { name: 'gitlab', app_id: 'YOUR_APP_ID', app_secret: 'YOUR_APP_SECRET', args: { scope: 'read_user', client_options: { site: "http://127.0.0.1:3000/" } } } -
Do something to disable what you did above, but still have the button appear. I don't know what it is, but the GNOME instance did it: https://gitlab.gnome.org/users/sign_up.
-
Save the file.
-
In GDK folder, edit or create
gdk.ymlso it has theoverwrite_changes: falsesetting undergdk:gdk: overwrite_changes: false⚠ This doesn't work for me andgitlab.ymlis reset after the next step🤔 -
Reconfigure GDK:
gdk reconfigure. -
Go to your GDK URL: http://127.0.0.1:3000/ or http://gdk.test:3000.
-
If you're signed in, sign out.
-
On the sign in page, select Register.
-
On the sign-up page, there should now be a GitLab.com icon following the regular sign-in form. Select the icon.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #415478