From 0e78d90629614d1762079f4aea6b1cf42325064d Mon Sep 17 00:00:00 2001 From: Jackie Fraser Date: Wed, 14 Jul 2021 08:31:27 -0400 Subject: [PATCH] Add saml_provider_id query param to Users API Allows the `saml_provider_id` query param to be sent to the API endpoint GET `/api/users` to return only users created by the provided SAML provider id. Changelog: added MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66167 EE: true --- doc/api/users.md | 1 + ee/app/finders/ee/users_finder.rb | 2 +- ee/lib/ee/api/helpers/users_helpers.rb | 1 + ee/spec/finders/users_finder_spec.rb | 2 +- ee/spec/requests/api/users_spec.rb | 20 ++++++++++++++++++++ 5 files changed, 24 insertions(+), 2 deletions(-) diff --git a/doc/api/users.md b/doc/api/users.md index e074bd44c7adb3..15fa397823e6d4 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -109,6 +109,7 @@ GET /users | `two_factor` | string | no | Filter users by Two-factor authentication. Filter values are `enabled` or `disabled`. By default it returns all users | | `without_projects` | boolean | no | Filter users without projects. Default is `false`, which means that all users are returned, with and without projects. | | `admins` | boolean | no | Return only admin users. Default is `false` | +| `saml_provider_id` **(PREMIUM)** | number | no | Return only users created by the specified SAML provider ID. If not included, it returns all users. | ```json [ diff --git a/ee/app/finders/ee/users_finder.rb b/ee/app/finders/ee/users_finder.rb index f91966a717284d..82d9375a519fcf 100644 --- a/ee/app/finders/ee/users_finder.rb +++ b/ee/app/finders/ee/users_finder.rb @@ -17,7 +17,7 @@ def by_non_ldap(users) end def by_saml_provider_id(users) - saml_provider_id = params[:by_saml_provider_id] + saml_provider_id = params[:saml_provider_id] return users unless saml_provider_id users.limit_to_saml_provider(saml_provider_id) diff --git a/ee/lib/ee/api/helpers/users_helpers.rb b/ee/lib/ee/api/helpers/users_helpers.rb index ecf2a23aab210b..80fdacdf24ed2d 100644 --- a/ee/lib/ee/api/helpers/users_helpers.rb +++ b/ee/lib/ee/api/helpers/users_helpers.rb @@ -16,6 +16,7 @@ module UsersHelpers params :optional_index_params_ee do optional :skip_ldap, type: Grape::API::Boolean, default: false, desc: 'Skip LDAP users' + optional :saml_provider_id, type: Integer, desc: 'Return only users from the specified SAML provider Id' end end end diff --git a/ee/spec/finders/users_finder_spec.rb b/ee/spec/finders/users_finder_spec.rb index 362dba1a209013..d8cc0facde31e8 100644 --- a/ee/spec/finders/users_finder_spec.rb +++ b/ee/spec/finders/users_finder_spec.rb @@ -40,7 +40,7 @@ end it 'returns only saml users from the provided saml_provider_id' do - users = described_class.new(normal_user, by_saml_provider_id: saml_provider.id).execute + users = described_class.new(normal_user, saml_provider_id: saml_provider.id).execute expect(users).to contain_exactly(saml_user) end diff --git a/ee/spec/requests/api/users_spec.rb b/ee/spec/requests/api/users_spec.rb index 02cfcf9378559f..454ac305ebd4b2 100644 --- a/ee/spec/requests/api/users_spec.rb +++ b/ee/spec/requests/api/users_spec.rb @@ -182,6 +182,26 @@ end end + describe 'GET /api/users?saml_provider_id' do + context 'querying users by saml provider id' do + let(:group) { create(:group) } + let(:saml_provider) { create(:saml_provider, group: group, enabled: true, enforced_sso: true) } + + it 'returns only users for the saml_provider_id' do + saml_user = create(:user) + create(:identity, provider: 'group_saml1', saml_provider_id: saml_provider.id, user: saml_user) + non_saml_user = create(:user) + + get api("/users", user), params: { saml_provider_id: saml_provider.id } + + expect(response).to match_response_schema('public_api/v4/user/basics') + expect(response).to include_pagination_headers + expect(json_response.map { |u| u['id'] }).to include(saml_user.id) + expect(json_response.map { |u| u['id'] }).not_to include(non_saml_user.id) + end + end + end + describe 'GET /user/:id' do context 'when authenticated' do context 'as an admin' do -- GitLab