2019-07-25 01:27:42 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-08-03 10:47:11 -04:00
|
|
|
require_relative 'devise_helpers'
|
|
|
|
|
2012-08-23 05:19:40 -04:00
|
|
|
module LoginHelpers
|
2017-07-09 04:51:59 -04:00
|
|
|
include DeviseHelpers
|
|
|
|
|
2017-10-16 04:37:53 -04:00
|
|
|
# Overriding Devise::Test::IntegrationHelpers#sign_in to store @current_user
|
|
|
|
# since we may need it in LiveDebugger#live_debug.
|
|
|
|
def sign_in(resource, scope: nil)
|
|
|
|
super
|
|
|
|
|
|
|
|
@current_user = resource
|
|
|
|
end
|
|
|
|
|
2017-11-02 07:02:51 -04:00
|
|
|
# Overriding Devise::Test::IntegrationHelpers#sign_out to clear @current_user.
|
|
|
|
def sign_out(resource_or_scope)
|
|
|
|
super
|
|
|
|
|
|
|
|
@current_user = nil
|
|
|
|
end
|
|
|
|
|
2015-06-02 17:30:21 -04:00
|
|
|
# Internal: Log in as a specific user or a new user of a specific role
|
2012-08-23 05:19:40 -04:00
|
|
|
#
|
2015-06-02 17:30:21 -04:00
|
|
|
# user_or_role - User object, or a role to create (e.g., :admin, :user)
|
|
|
|
#
|
|
|
|
# Examples:
|
|
|
|
#
|
|
|
|
# # Create a user automatically
|
2017-06-05 14:22:37 -04:00
|
|
|
# gitlab_sign_in(:user)
|
2015-06-02 17:30:21 -04:00
|
|
|
#
|
|
|
|
# # Create an admin automatically
|
2017-06-05 14:22:37 -04:00
|
|
|
# gitlab_sign_in(:admin)
|
2015-06-02 17:30:21 -04:00
|
|
|
#
|
|
|
|
# # Provide an existing User record
|
|
|
|
# user = create(:user)
|
2017-06-05 14:22:37 -04:00
|
|
|
# gitlab_sign_in(user)
|
2017-06-05 14:51:54 -04:00
|
|
|
def gitlab_sign_in(user_or_role, **kwargs)
|
2017-06-25 16:19:06 -04:00
|
|
|
user =
|
2017-02-22 12:25:50 -05:00
|
|
|
if user_or_role.is_a?(User)
|
2017-02-22 10:10:32 -05:00
|
|
|
user_or_role
|
|
|
|
else
|
2020-08-13 14:10:36 -04:00
|
|
|
create(user_or_role) # rubocop:disable Rails/SaveBang
|
2017-02-22 10:10:32 -05:00
|
|
|
end
|
2013-06-22 11:57:34 -04:00
|
|
|
|
2017-06-25 16:19:06 -04:00
|
|
|
gitlab_sign_in_with(user, **kwargs)
|
|
|
|
|
2017-10-16 04:37:53 -04:00
|
|
|
@current_user = user
|
2012-08-23 05:19:40 -04:00
|
|
|
end
|
|
|
|
|
2019-09-26 08:06:00 -04:00
|
|
|
def gitlab_enable_admin_mode_sign_in(user)
|
|
|
|
visit new_admin_session_path
|
2020-03-13 08:09:22 -04:00
|
|
|
fill_in 'user_password', with: user.password
|
2019-10-21 08:06:14 -04:00
|
|
|
click_button 'Enter Admin Mode'
|
2022-08-19 17:11:26 -04:00
|
|
|
|
|
|
|
wait_for_requests
|
2019-09-26 08:06:00 -04:00
|
|
|
end
|
|
|
|
|
2018-06-25 11:32:03 -04:00
|
|
|
def gitlab_sign_in_via(provider, user, uid, saml_response = nil)
|
2018-12-08 09:12:50 -05:00
|
|
|
mock_auth_hash_with_saml_xml(provider, uid, user.email, saml_response)
|
2017-06-05 14:22:37 -04:00
|
|
|
visit new_user_session_path
|
2020-06-09 20:08:55 -04:00
|
|
|
click_button provider
|
2017-06-05 14:22:37 -04:00
|
|
|
end
|
|
|
|
|
2020-03-13 08:09:22 -04:00
|
|
|
def gitlab_enable_admin_mode_sign_in_via(provider, user, uid, saml_response = nil)
|
|
|
|
mock_auth_hash_with_saml_xml(provider, uid, user.email, saml_response)
|
|
|
|
visit new_admin_session_path
|
2020-06-09 20:08:55 -04:00
|
|
|
click_button provider
|
2020-03-13 08:09:22 -04:00
|
|
|
end
|
|
|
|
|
2017-06-05 14:22:37 -04:00
|
|
|
# Requires Javascript driver.
|
|
|
|
def gitlab_sign_out
|
|
|
|
find(".header-user-dropdown-toggle").click
|
|
|
|
click_link "Sign out"
|
2017-11-02 07:02:51 -04:00
|
|
|
@current_user = nil
|
2017-06-05 14:22:37 -04:00
|
|
|
|
2017-06-23 14:20:07 -04:00
|
|
|
expect(page).to have_button('Sign in')
|
2017-06-05 14:22:37 -04:00
|
|
|
end
|
|
|
|
|
2020-03-13 08:09:22 -04:00
|
|
|
# Requires Javascript driver.
|
|
|
|
def gitlab_disable_admin_mode
|
2021-05-31 17:09:39 -04:00
|
|
|
open_top_nav
|
|
|
|
|
|
|
|
within_top_nav do
|
|
|
|
click_on 'Leave Admin Mode'
|
|
|
|
end
|
2020-03-13 08:09:22 -04:00
|
|
|
end
|
|
|
|
|
2017-06-05 14:22:37 -04:00
|
|
|
private
|
|
|
|
|
|
|
|
# Private: Login as the specified user
|
2012-08-23 05:19:40 -04:00
|
|
|
#
|
2021-08-17 20:11:18 -04:00
|
|
|
# user - User instance to login with
|
2016-05-30 22:17:26 -04:00
|
|
|
# remember - Whether or not to check "Remember me" (default: false)
|
2021-08-17 20:11:18 -04:00
|
|
|
# two_factor_auth - If two-factor authentication is enabled (default: false)
|
2022-07-21 08:10:03 -04:00
|
|
|
# password - password to attempt to login with (default: user.password)
|
2022-03-31 17:08:16 -04:00
|
|
|
def gitlab_sign_in_with(user, remember: false, two_factor_auth: false, password: nil)
|
2012-08-23 05:19:40 -04:00
|
|
|
visit new_user_session_path
|
2017-06-05 14:22:37 -04:00
|
|
|
|
2013-03-25 10:10:14 -04:00
|
|
|
fill_in "user_login", with: user.email
|
2022-07-21 08:10:03 -04:00
|
|
|
fill_in "user_password", with: (password || user.password)
|
2016-05-30 22:17:26 -04:00
|
|
|
check 'user_remember_me' if remember
|
2017-06-05 14:22:37 -04:00
|
|
|
|
2022-04-08 14:08:29 -04:00
|
|
|
find('[data-testid="sign-in-button"]:enabled').click
|
2021-08-17 20:11:18 -04:00
|
|
|
|
|
|
|
if two_factor_auth
|
|
|
|
fill_in "user_otp_attempt", with: user.reload.current_otp
|
|
|
|
click_button "Verify code"
|
|
|
|
end
|
2016-06-30 15:54:07 -04:00
|
|
|
end
|
|
|
|
|
2019-09-04 09:18:36 -04:00
|
|
|
def login_via(provider, user, uid, remember_me: false, additional_info: {})
|
|
|
|
mock_auth_hash(provider, uid, user.email, additional_info: additional_info)
|
Add integration tests around OAuth login.
- There was previously a test for `saml` login in `login_spec`, but this didn't
seem to be passing. A lot of things didn't seem right here, and I suspect that
this test hasn't been running. I'll investigate this further.
- It took almost a whole working day to figure out this line:
OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') }
As always, it's obvious in retrospect, but it took some digging to figure out
tests were failing and returning 404s during the callback phase.
- Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook
2017-06-14 00:30:07 -04:00
|
|
|
visit new_user_session_path
|
|
|
|
expect(page).to have_content('Sign in with')
|
2017-06-15 00:40:47 -04:00
|
|
|
|
2017-07-18 09:45:11 -04:00
|
|
|
check 'remember_me' if remember_me
|
2017-06-15 00:40:47 -04:00
|
|
|
|
2020-06-09 20:08:55 -04:00
|
|
|
click_button "oauth-login-#{provider}"
|
Add integration tests around OAuth login.
- There was previously a test for `saml` login in `login_spec`, but this didn't
seem to be passing. A lot of things didn't seem right here, and I suspect that
this test hasn't been running. I'll investigate this further.
- It took almost a whole working day to figure out this line:
OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') }
As always, it's obvious in retrospect, but it took some digging to figure out
tests were failing and returning 404s during the callback phase.
- Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook
2017-06-14 00:30:07 -04:00
|
|
|
end
|
|
|
|
|
2022-06-16 14:09:35 -04:00
|
|
|
def register_via(provider, uid, email, additional_info: {})
|
|
|
|
mock_auth_hash(provider, uid, email, additional_info: additional_info)
|
|
|
|
visit new_user_registration_path
|
2022-08-19 11:11:58 -04:00
|
|
|
expect(page).to have_content('Create an account using').or(have_content('Register with'))
|
2022-06-16 14:09:35 -04:00
|
|
|
|
|
|
|
click_link_or_button "oauth-login-#{provider}"
|
|
|
|
end
|
|
|
|
|
2019-07-04 04:53:31 -04:00
|
|
|
def fake_successful_u2f_authentication
|
|
|
|
allow(U2fRegistration).to receive(:authenticate).and_return(true)
|
|
|
|
FakeU2fDevice.new(page, nil).fake_u2f_authentication
|
|
|
|
end
|
|
|
|
|
2020-09-07 08:08:27 -04:00
|
|
|
def fake_successful_webauthn_authentication
|
|
|
|
allow_any_instance_of(Webauthn::AuthenticateService).to receive(:execute).and_return(true)
|
|
|
|
FakeWebauthnDevice.new(page, nil).fake_webauthn_authentication
|
|
|
|
end
|
|
|
|
|
2018-12-08 09:12:50 -05:00
|
|
|
def mock_auth_hash_with_saml_xml(provider, uid, email, saml_response)
|
|
|
|
response_object = { document: saml_xml(saml_response) }
|
|
|
|
mock_auth_hash(provider, uid, email, response_object: response_object)
|
|
|
|
end
|
|
|
|
|
2019-09-04 09:18:36 -04:00
|
|
|
def configure_mock_auth(provider, uid, email, response_object: nil, additional_info: {})
|
2016-06-30 15:54:07 -04:00
|
|
|
# The mock_auth configuration allows you to set per-provider (or default)
|
|
|
|
# authentication hashes to return during integration testing.
|
2019-09-04 09:18:36 -04:00
|
|
|
|
2016-06-30 15:54:07 -04:00
|
|
|
OmniAuth.config.mock_auth[provider.to_sym] = OmniAuth::AuthHash.new({
|
|
|
|
provider: provider,
|
|
|
|
uid: uid,
|
|
|
|
info: {
|
|
|
|
name: 'mockuser',
|
|
|
|
email: email,
|
|
|
|
image: 'mock_user_thumbnail_url'
|
|
|
|
},
|
|
|
|
credentials: {
|
|
|
|
token: 'mock_token',
|
|
|
|
secret: 'mock_secret'
|
2016-07-05 17:34:34 -04:00
|
|
|
},
|
|
|
|
extra: {
|
2020-12-10 22:09:40 -05:00
|
|
|
raw_info: OneLogin::RubySaml::Attributes.new(
|
|
|
|
{
|
|
|
|
info: {
|
|
|
|
name: 'mockuser',
|
|
|
|
email: email,
|
|
|
|
image: 'mock_user_thumbnail_url'
|
|
|
|
}
|
2016-07-05 17:34:34 -04:00
|
|
|
}
|
2020-12-10 22:09:40 -05:00
|
|
|
),
|
2018-12-08 09:12:50 -05:00
|
|
|
response_object: response_object
|
2016-06-30 15:54:07 -04:00
|
|
|
}
|
2019-09-04 09:18:36 -04:00
|
|
|
}).merge(additional_info) { |_, old_hash, new_hash| old_hash.merge(new_hash) }
|
2019-07-04 04:53:31 -04:00
|
|
|
end
|
|
|
|
|
2019-09-04 09:18:36 -04:00
|
|
|
def mock_auth_hash(provider, uid, email, additional_info: {}, response_object: nil)
|
|
|
|
configure_mock_auth(provider, uid, email, additional_info: additional_info, response_object: response_object)
|
2019-07-04 04:53:31 -04:00
|
|
|
|
2019-04-23 14:30:29 -04:00
|
|
|
original_env_config_omniauth_auth = Rails.application.env_config['omniauth.auth']
|
2018-04-18 10:03:27 -04:00
|
|
|
Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[provider.to_sym]
|
2019-04-23 14:30:29 -04:00
|
|
|
|
|
|
|
original_env_config_omniauth_auth
|
2016-06-30 15:54:07 -04:00
|
|
|
end
|
2017-06-12 12:13:22 -04:00
|
|
|
|
2018-06-25 11:32:03 -04:00
|
|
|
def saml_xml(raw_saml_response)
|
|
|
|
return '' if raw_saml_response.blank?
|
|
|
|
|
|
|
|
XMLSecurity::SignedDocument.new(raw_saml_response, [])
|
|
|
|
end
|
|
|
|
|
2017-06-12 12:13:22 -04:00
|
|
|
def mock_saml_config
|
2022-02-17 07:12:30 -05:00
|
|
|
ActiveSupport::InheritableOptions.new(name: 'saml', label: 'saml', args: {
|
2017-06-12 12:13:22 -04:00
|
|
|
assertion_consumer_service_url: 'https://localhost:3443/users/auth/saml/callback',
|
|
|
|
idp_cert_fingerprint: '26:43:2C:47:AF:F0:6B:D0:07:9C:AD:A3:74:FE:5D:94:5F:4E:9E:52',
|
|
|
|
idp_sso_target_url: 'https://idp.example.com/sso/saml',
|
|
|
|
issuer: 'https://localhost:3443/',
|
|
|
|
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
|
|
|
|
})
|
|
|
|
end
|
|
|
|
|
2018-06-25 11:32:03 -04:00
|
|
|
def mock_saml_config_with_upstream_two_factor_authn_contexts
|
|
|
|
config = mock_saml_config
|
|
|
|
config.args[:upstream_two_factor_authn_contexts] = %w(urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport
|
|
|
|
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS
|
|
|
|
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN)
|
|
|
|
config
|
|
|
|
end
|
|
|
|
|
2018-01-09 11:47:31 -05:00
|
|
|
def stub_omniauth_provider(provider, context: Rails.application)
|
|
|
|
env = env_from_context(context)
|
|
|
|
|
|
|
|
set_devise_mapping(context: context)
|
2018-04-18 10:03:27 -04:00
|
|
|
env['omniauth.auth'] = OmniAuth.config.mock_auth[provider.to_sym]
|
2018-01-09 11:47:31 -05:00
|
|
|
end
|
|
|
|
|
2018-04-22 19:17:49 -04:00
|
|
|
def stub_omniauth_failure(strategy, message_key, exception = nil)
|
|
|
|
env = @request.env
|
|
|
|
|
|
|
|
env['omniauth.error'] = exception
|
|
|
|
env['omniauth.error.type'] = message_key.to_sym
|
|
|
|
env['omniauth.error.strategy'] = strategy
|
|
|
|
end
|
|
|
|
|
2020-12-01 07:09:17 -05:00
|
|
|
def stub_omniauth_saml_config(context: Rails.application, **messages)
|
2018-06-25 11:32:03 -04:00
|
|
|
set_devise_mapping(context: context)
|
|
|
|
routes = Rails.application.routes
|
|
|
|
routes.disable_clear_and_finalize = true
|
|
|
|
routes.formatter.clear
|
|
|
|
routes.draw do
|
2017-06-12 12:13:22 -04:00
|
|
|
post '/users/auth/saml' => 'omniauth_callbacks#saml'
|
|
|
|
end
|
2018-06-25 11:32:03 -04:00
|
|
|
saml_config = messages.key?(:providers) ? messages[:providers].first : mock_saml_config
|
|
|
|
allow(Gitlab::Auth::OAuth::Provider).to receive_messages(providers: [:saml], config_for: saml_config)
|
2017-06-12 12:13:22 -04:00
|
|
|
stub_omniauth_setting(messages)
|
2018-03-27 18:24:02 -04:00
|
|
|
stub_saml_authorize_path_helpers
|
|
|
|
end
|
|
|
|
|
|
|
|
def stub_saml_authorize_path_helpers
|
2018-06-19 16:45:39 -04:00
|
|
|
allow_any_instance_of(ActionDispatch::Routing::RoutesProxy)
|
|
|
|
.to receive(:user_saml_omniauth_authorize_path)
|
|
|
|
.and_return('/users/auth/saml')
|
|
|
|
allow(Devise::OmniAuth::UrlHelpers)
|
|
|
|
.to receive(:omniauth_authorize_path)
|
|
|
|
.with(:user, "saml")
|
|
|
|
.and_return('/users/auth/saml')
|
2017-06-12 12:13:22 -04:00
|
|
|
end
|
2017-10-17 09:20:07 -04:00
|
|
|
|
|
|
|
def stub_omniauth_config(messages)
|
|
|
|
allow(Gitlab.config.omniauth).to receive_messages(messages)
|
|
|
|
end
|
|
|
|
|
|
|
|
def stub_basic_saml_config
|
2018-02-23 07:10:39 -05:00
|
|
|
allow(Gitlab::Auth::Saml::Config).to receive_messages({ options: { name: 'saml', args: {} } })
|
2017-10-17 09:20:07 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def stub_saml_group_config(groups)
|
2018-02-23 07:10:39 -05:00
|
|
|
allow(Gitlab::Auth::Saml::Config).to receive_messages({ options: { name: 'saml', groups_attribute: 'groups', external_groups: groups, args: {} } })
|
2017-10-17 09:20:07 -04:00
|
|
|
end
|
2012-08-23 05:19:40 -04:00
|
|
|
end
|
2019-09-13 09:26:31 -04:00
|
|
|
|
2021-05-11 17:10:21 -04:00
|
|
|
LoginHelpers.prepend_mod_with('LoginHelpers')
|