2018-01-09 11:47:31 -05:00
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
describe OmniauthCallbacksController do
|
|
|
|
include LoginHelpers
|
|
|
|
|
2018-03-15 11:01:13 -04:00
|
|
|
let(:user) { create(:omniauth_user, extern_uid: extern_uid, provider: provider) }
|
2018-01-09 11:47:31 -05:00
|
|
|
|
|
|
|
before do
|
2018-03-15 11:01:13 -04:00
|
|
|
mock_auth_hash(provider.to_s, extern_uid, user.email)
|
2018-01-09 11:47:31 -05:00
|
|
|
stub_omniauth_provider(provider, context: request)
|
|
|
|
end
|
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
context 'when the user is on the last sign in attempt' do
|
2018-03-15 11:01:13 -04:00
|
|
|
let(:extern_uid) { 'my-uid' }
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
before do
|
|
|
|
user.update(failed_attempts: User.maximum_attempts.pred)
|
|
|
|
subject.response = ActionDispatch::Response.new
|
2018-03-15 11:01:13 -04:00
|
|
|
end
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
context 'when using a form based provider' do
|
|
|
|
let(:provider) { :ldap }
|
|
|
|
|
|
|
|
it 'locks the user when sign in fails' do
|
|
|
|
allow(subject).to receive(:params).and_return(ActionController::Parameters.new(username: user.username))
|
|
|
|
request.env['omniauth.error.strategy'] = OmniAuth::Strategies::LDAP.new(nil)
|
|
|
|
|
|
|
|
subject.send(:failure)
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
expect(user.reload).to be_access_locked
|
2018-03-15 11:01:13 -04:00
|
|
|
end
|
2018-01-09 11:47:31 -05:00
|
|
|
end
|
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
context 'when using a button based provider' do
|
|
|
|
let(:provider) { :github }
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
it 'does not lock the user when sign in fails' do
|
|
|
|
request.env['omniauth.error.strategy'] = OmniAuth::Strategies::GitHub.new(nil)
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
subject.send(:failure)
|
|
|
|
|
|
|
|
expect(user.reload).not_to be_access_locked
|
2018-03-15 11:01:13 -04:00
|
|
|
end
|
2018-01-09 11:47:31 -05:00
|
|
|
end
|
2018-03-22 06:34:42 -04:00
|
|
|
end
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
context 'strategies' do
|
|
|
|
context 'github' do
|
|
|
|
let(:extern_uid) { 'my-uid' }
|
|
|
|
let(:provider) { :github }
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
it 'allows sign in' do
|
2018-03-15 11:01:13 -04:00
|
|
|
post provider
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
expect(request.env['warden']).to be_authenticated
|
2018-03-15 11:01:13 -04:00
|
|
|
end
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
shared_context 'sign_up' do
|
|
|
|
let(:user) { double(email: 'new@example.com') }
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
before do
|
|
|
|
stub_omniauth_setting(block_auto_created_users: false)
|
|
|
|
end
|
2018-03-15 11:01:13 -04:00
|
|
|
end
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
context 'sign up' do
|
|
|
|
include_context 'sign_up'
|
|
|
|
|
|
|
|
it 'is allowed' do
|
|
|
|
post provider
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
expect(request.env['warden']).to be_authenticated
|
|
|
|
end
|
2018-03-15 11:01:13 -04:00
|
|
|
end
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
context 'when OAuth is disabled' do
|
|
|
|
before do
|
|
|
|
stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
|
|
|
|
settings = Gitlab::CurrentSettings.current_application_settings
|
|
|
|
settings.update(disabled_oauth_sign_in_sources: [provider.to_s])
|
|
|
|
end
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
it 'prevents login via POST' do
|
2018-03-15 11:01:13 -04:00
|
|
|
post provider
|
2018-01-09 11:47:31 -05:00
|
|
|
|
2018-03-15 11:01:13 -04:00
|
|
|
expect(request.env['warden']).not_to be_authenticated
|
|
|
|
end
|
2018-03-22 06:34:42 -04:00
|
|
|
|
|
|
|
it 'shows warning when attempting login' do
|
|
|
|
post provider
|
|
|
|
|
|
|
|
expect(response).to redirect_to new_user_session_path
|
|
|
|
expect(flash[:alert]).to eq('Signing in using GitHub has been disabled')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'allows linking the disabled provider' do
|
|
|
|
user.identities.destroy_all
|
|
|
|
sign_in(user)
|
|
|
|
|
|
|
|
expect { post provider }.to change { user.reload.identities.count }.by(1)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'sign up' do
|
|
|
|
include_context 'sign_up'
|
|
|
|
|
|
|
|
it 'is prevented' do
|
|
|
|
post provider
|
|
|
|
|
|
|
|
expect(request.env['warden']).not_to be_authenticated
|
|
|
|
end
|
|
|
|
end
|
2018-01-09 11:47:31 -05:00
|
|
|
end
|
|
|
|
end
|
2018-03-15 11:01:13 -04:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
context 'auth0' do
|
|
|
|
let(:extern_uid) { '' }
|
|
|
|
let(:provider) { :auth0 }
|
2018-03-15 11:01:13 -04:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
it 'does not allow sign in without extern_uid' do
|
|
|
|
post 'auth0'
|
2018-03-15 11:01:13 -04:00
|
|
|
|
2018-03-22 06:34:42 -04:00
|
|
|
expect(request.env['warden']).not_to be_authenticated
|
|
|
|
expect(response.status).to eq(302)
|
|
|
|
expect(controller).to set_flash[:alert].to('Wrong extern UID provided. Make sure Auth0 is configured correctly.')
|
|
|
|
end
|
2018-03-15 11:01:13 -04:00
|
|
|
end
|
|
|
|
end
|
2018-01-09 11:47:31 -05:00
|
|
|
end
|