gitlab-org--gitlab-foss/spec/lib/gitlab/auth/saml/identity_linker_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Gitlab::Auth::Saml::IdentityLinker do
  let(:user) { create(:user) }
  let(:provider) { 'saml' }
  let(:uid) { user.email }
  let(:in_response_to) { '12345' }
  let(:saml_response) { instance_double(OneLogin::RubySaml::Response, in_response_to: in_response_to) }
  let(:session) { { 'last_authn_request_id' => in_response_to } }

  let(:oauth) do
    OmniAuth::AuthHash.new(provider: provider, uid: uid, extra: { response_object: saml_response })
  end

  subject { described_class.new(user, oauth, session) }

  context 'with valid GitLab initiated request' do
    context 'linked identity exists' do
      let!(:identity) { user.identities.create!(provider: provider, extern_uid: uid) }

      it "doesn't create new identity" do
        expect { subject.link }.not_to change { Identity.count }
      end

      it "sets #changed? to false" do
        subject.link

        expect(subject).not_to be_changed
      end
    end

    context 'identity needs to be created' do
      it 'creates linked identity' do
        expect { subject.link }.to change { user.identities.count }
      end

      it 'sets identity provider' do
        subject.link

        expect(user.identities.last.provider).to eq provider
      end

      it 'sets identity extern_uid' do
        subject.link

        expect(user.identities.last.extern_uid).to eq uid
      end

      it 'sets #changed? to true' do
        subject.link

        expect(subject).to be_changed
      end
    end
  end

  context 'with identity provider initiated request' do
    let(:session) { { 'last_authn_request_id' => nil } }

    it 'attempting to link accounts raises an exception' do
      expect { subject.link }.to raise_error(Gitlab::Auth::Saml::IdentityLinker::UnverifiedRequest)
    end
  end
end
Add frozen_string_literal to spec/lib (part 1) Using the sed script from https://gitlab.com/gitlab-org/gitlab-ce/issues/59758 2019-07-25 01:21:37 -04:00			`# frozen_string_literal: true`

Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00			`require 'spec_helper'`

Add latest changes from gitlab-org/gitlab@master 2020-06-24 05:08:32 -04:00			`RSpec.describe Gitlab::Auth::Saml::IdentityLinker do`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00			`let(:user) { create(:user) }`
			`let(:provider) { 'saml' }`
			`let(:uid) { user.email }`
Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`let(:in_response_to) { '12345' }`
			`let(:saml_response) { instance_double(OneLogin::RubySaml::Response, in_response_to: in_response_to) }`
			`let(:session) { { 'last_authn_request_id' => in_response_to } }`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00
Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`let(:oauth) do`
			`OmniAuth::AuthHash.new(provider: provider, uid: uid, extra: { response_object: saml_response })`
			`end`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00
Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`subject { described_class.new(user, oauth, session) }`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00
Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`context 'with valid GitLab initiated request' do`
			`context 'linked identity exists' do`
			`let!(:identity) { user.identities.create!(provider: provider, extern_uid: uid) }`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00
Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`it "doesn't create new identity" do`
			`expect { subject.link }.not_to change { Identity.count }`
			`end`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00
Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`it "sets #changed? to false" do`
			`subject.link`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00
Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`expect(subject).not_to be_changed`
			`end`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00			`end`

Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`context 'identity needs to be created' do`
			`it 'creates linked identity' do`
			`expect { subject.link }.to change { user.identities.count }`
			`end`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00
Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`it 'sets identity provider' do`
			`subject.link`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00
Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`expect(user.identities.last.provider).to eq provider`
			`end`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00
Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`it 'sets identity extern_uid' do`
			`subject.link`

			`expect(user.identities.last.extern_uid).to eq uid`
			`end`

			`it 'sets #changed? to true' do`
			`subject.link`

			`expect(subject).to be_changed`
			`end`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00			`end`
Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`end`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00
Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`context 'with identity provider initiated request' do`
			`let(:session) { { 'last_authn_request_id' => nil } }`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00
Validate that SAML requests are originated from gitlab If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 2019-08-19 09:19:19 -04:00			`it 'attempting to link accounts raises an exception' do`
			`expect { subject.link }.to raise_error(Gitlab::Auth::Saml::IdentityLinker::UnverifiedRequest)`
Refactor OmniauthCallbacksController to remove duplication Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml 2018-04-18 10:03:27 -04:00			`end`
			`end`
			`end`