Settings: Internal user regex does not work with user accounts created by oauth
Summary
The installation in use has New users set to external but new users that fit the internal users regex are created as external users. Oauth is used for authentication by shibboleth.
Steps to reproduce
- Do the following things as admin
- Set "New users set to external -> Newly registered users will by default be external" in Settings/Account and limit.
- Set "Internal users" to "@example\.com"
- Use a private browser tab
- Login via shibboleth oauth with a user that has a mail address user@example.com
- Check as admin
- User got created as external user
Example Project
Not applicable.
What is the current bug behavior?
Newly created users authenticated by oauth shibboleth become external users although their mail address matches the internal users regex.
What is the expected correct behavior?
Newly created users authenticated by oauth shibboleth become internal users because their mail address matches the internal users regex.
Relevant logs and/or screenshots
The only log entry I found is
September 24, 2018 14:23: User "Example, Peter" (peter@example.com) was created
September 24, 2018 14:23: (OAuth) saving user peter@example.com from login with extern_uid => peter@example.com
There is no info if the user is created internally or externally.
Output of checks
This bug happens on a selfhosted GitLab Community Edition.
Results of GitLab environment info
Expand for output related to GitLab environment info
System information System: Ubuntu 16.04 Current User: git Using RVM: no Ruby Version: 2.4.4p296 Gem Version: 2.7.6 Bundler Version:1.16.2 Rake Version: 12.3.1 Redis Version: 3.2.11 Git Version: 2.18.0 Sidekiq Version:5.1.3 Go Version: unknownGitLab information Version: 11.3.0 Revision: 17bd59a Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql URL: https://gitlab.example.private HTTP Clone URL: https://gitlab.example.private/some-group/some-project.git SSH Clone URL: git@gitlab.example.private:some-group/some-project.git Using LDAP: no Using Omniauth: yes Omniauth Providers: shibboleth
GitLab Shell Version: 8.3.3 Repository storage paths: - default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
Expand for output related to the GitLab application check
Checking GitLab Shell ...GitLab Shell version >= 8.3.3 ? ... OK (8.3.3) Repo base directory exists? default... yes Repo storage directories are symlinks? default... no Repo paths owned by git:root, or git:git? default... yes Repo paths access is drwxrws---? default... yes hooks directories in repos are links: ... 2/1 ... ok 6/2 ... ok 8/3 ... repository is empty 13/4 ... ok 7/5 ... repository is empty 7/6 ... ok 16/7 ... ok 16/8 ... ok 12/9 ... ok 12/10 ... ok 12/11 ... ok 16/12 ... ok 25/13 ... ok 7/14 ... ok Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Check GitLab API access: OK Redis available via internal API: OK
Access to /var/opt/gitlab/.ssh/authorized_keys: OK gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Reply by email is disabled in config/gitlab.yml Checking LDAP ...
LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab ...
Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 2/1 ... yes 6/2 ... yes 8/3 ... yes 13/4 ... yes 7/5 ... yes 7/6 ... yes 16/7 ... yes 16/8 ... yes 12/9 ... yes 12/10 ... yes 12/11 ... yes 16/12 ... yes 25/13 ... yes 7/14 ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.3.5 ? ... yes (2.4.4) Git version >= 2.9.5 ? ... yes (2.18.0) Git user has default SSH configuration? ... yes Active users: ... 24
Checking GitLab ... Finished
Possible fixes
My guess: Apply check for internal users for accounts created by omniauth and set internal or external accordingly.