kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec/lib/gitlab/o_auth/user_spec.rb

339 lines
12 KiB
Ruby
Raw Normal View History

Rewrite OAuth specs
2013-09-03 17:53:13 -04:00
require 'spec_helper'
Tag lib specs
2015-12-09 05:55:36 -05:00
describe Gitlab::OAuth::User, lib: true do
Refactor OAuth refactorings to CE
2014-10-10 06:03:32 -04:00
let(:oauth_user) { Gitlab::OAuth::User.new(auth_hash) }
let(:gl_user) { oauth_user.gl_user }
let(:uid) { 'my-uid' }
let(:provider) { 'my-provider' }
Allow configuration of LDAP attributes GitLab will use for the new user account.
2015-09-08 05:58:48 -04:00
let(:auth_hash) { OmniAuth::AuthHash.new(uid: uid, provider: provider, info: info_hash) }
Refactor OAuth refactorings to CE
2014-10-10 06:03:32 -04:00
let(:info_hash) do
{
Clean username acquired from OAuth/LDAP. Fixes #1967.
2015-02-11 08:12:43 -05:00
nickname: '-john+gitlab-ETC%.git@gmail.com',
Rewrite OAuth specs
2013-09-03 17:53:13 -04:00
name: 'John',
email: 'john@mail.com'
Refactor OAuth refactorings to CE
2014-10-10 06:03:32 -04:00
}
Rewrite OAuth specs
2013-09-03 17:53:13 -04:00
end
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
let(:ldap_user) { Gitlab::LDAP::Person.new(Net::LDAP::Entry.new, 'ldapmain') }
Rewrite OAuth specs
2013-09-03 17:53:13 -04:00
Added default setting for `external_providers`
2016-04-11 11:16:42 -04:00
describe '#persisted?' do
Supporting for multiple omniauth provider for the same user
2014-11-27 06:34:39 -05:00
let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }
Add tests for finding an oauth authenticated user
2014-09-01 06:59:04 -04:00
it "finds an existing user based on uid and provider (facebook)" do
Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
2015-02-12 13:17:35 -05:00
expect( oauth_user.persisted? ).to be_truthy
Add tests for finding an oauth authenticated user
2014-09-01 06:59:04 -04:00
end
Added default setting for `external_providers`
2016-04-11 11:16:42 -04:00
it 'returns false if user is not found in database' do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
allow(auth_hash).to receive(:uid).and_return('non-existing')
Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
2015-02-12 13:17:35 -05:00
expect( oauth_user.persisted? ).to be_falsey
Add tests for finding an oauth authenticated user
2014-09-01 06:59:04 -04:00
end
end
Added default setting for `external_providers`
2016-04-11 11:16:42 -04:00
describe '#save' do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
def stub_omniauth_config(messages)
allow(Gitlab.config.omniauth).to receive_messages(messages)
end
def stub_ldap_config(messages)
allow(Gitlab::LDAP::Config).to receive_messages(messages)
end
Remove LDAP save test This is handled within the LDAP class
2014-10-16 11:18:40 -04:00
let(:provider) { 'twitter' }
Rewrite OAuth specs
2013-09-03 17:53:13 -04:00
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
describe 'signup' do
Added default setting for `external_providers`
2016-04-11 11:16:42 -04:00
shared_examples 'to verify compliance with allow_single_sign_on' do
context 'provider is marked as external' do
adds second batch of tests changed to active tense
2016-08-01 11:00:44 -04:00
it 'marks user as external' do
Added default setting for `external_providers`
2016-04-11 11:16:42 -04:00
stub_omniauth_config(allow_single_sign_on: ['twitter'], external_providers: ['twitter'])
oauth_user.save
expect(gl_user).to be_valid
expect(gl_user.external).to be_truthy
end
end
context 'provider was external, now has been removed' do
adds second batch of tests changed to active tense
2016-08-01 11:00:44 -04:00
it 'does not mark external user as internal' do
Added default setting for `external_providers`
2016-04-11 11:16:42 -04:00
create(:omniauth_user, extern_uid: 'my-uid', provider: 'twitter', external: true)
stub_omniauth_config(allow_single_sign_on: ['twitter'], external_providers: ['facebook'])
oauth_user.save
expect(gl_user).to be_valid
Fixed privilege escalation issue where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list.
2016-06-28 19:19:04 -04:00
expect(gl_user.external).to be_truthy
end
end
context 'provider is not external' do
context 'when adding a new OAuth identity' do
adds second batch of tests changed to active tense
2016-08-01 11:00:44 -04:00
it 'does not promote an external user to internal' do
Fixed privilege escalation issue where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list.
2016-06-28 19:19:04 -04:00
user = create(:user, email: 'john@mail.com', external: true)
user.identities.create(provider: provider, extern_uid: uid)
oauth_user.save
expect(gl_user).to be_valid
expect(gl_user.external).to be_truthy
end
Added default setting for `external_providers`
2016-04-11 11:16:42 -04:00
end
end
context 'with new allow_single_sign_on enabled syntax' do
Decouple SAML authentication from the default Omniauth logic
2016-02-18 17:01:07 -05:00
before { stub_omniauth_config(allow_single_sign_on: ['twitter']) }
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
it "creates a user from Omniauth" do
oauth_user.save
Ensure oath callbacks without a nickname work (google)
2014-09-01 08:26:10 -04:00
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
expect(gl_user).to be_valid
identity = gl_user.identities.first
expect(identity.extern_uid).to eql uid
expect(identity.provider).to eql 'twitter'
end
end
Make new `allow_single_sign_on` feature backwards compatible
2016-02-18 17:02:43 -05:00
context "with old allow_single_sign_on enabled syntax" do
before { stub_omniauth_config(allow_single_sign_on: true) }
it "creates a user from Omniauth" do
oauth_user.save
expect(gl_user).to be_valid
identity = gl_user.identities.first
expect(identity.extern_uid).to eql uid
expect(identity.provider).to eql 'twitter'
end
end
Added default setting for `external_providers`
2016-04-11 11:16:42 -04:00
context 'with new allow_single_sign_on disabled syntax' do
Decouple SAML authentication from the default Omniauth logic
2016-02-18 17:01:07 -05:00
before { stub_omniauth_config(allow_single_sign_on: []) }
Added default setting for `external_providers`
2016-04-11 11:16:42 -04:00
it 'throws an error' do
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
expect{ oauth_user.save }.to raise_error StandardError
end
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
end
Make new `allow_single_sign_on` feature backwards compatible
2016-02-18 17:02:43 -05:00
Added default setting for `external_providers`
2016-04-11 11:16:42 -04:00
context 'with old allow_single_sign_on disabled (Default)' do
Make new `allow_single_sign_on` feature backwards compatible
2016-02-18 17:02:43 -05:00
before { stub_omniauth_config(allow_single_sign_on: false) }
Added default setting for `external_providers`
2016-04-11 11:16:42 -04:00
it 'throws an error' do
Make new `allow_single_sign_on` feature backwards compatible
2016-02-18 17:02:43 -05:00
expect{ oauth_user.save }.to raise_error StandardError
end
end
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
end
Ensure oath callbacks without a nickname work (google)
2014-09-01 08:26:10 -04:00
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
context "with auto_link_ldap_user disabled (default)" do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { stub_omniauth_config(auto_link_ldap_user: false) }
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
include_examples "to verify compliance with allow_single_sign_on"
end
context "with auto_link_ldap_user enabled" do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { stub_omniauth_config(auto_link_ldap_user: true) }
Fix behavior of ldap_person method in Gitlab::OAuth::User Code tweaks in 45e9150a caused the ldap_person method to not return expected results. Improved tests to cover the ldap_person method, which was previously stubbed.
2015-06-17 12:06:27 -04:00
context "and no LDAP provider defined" do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { stub_ldap_config(providers: []) }
Fix behavior of ldap_person method in Gitlab::OAuth::User Code tweaks in 45e9150a caused the ldap_person method to not return expected results. Improved tests to cover the ldap_person method, which was previously stubbed.
2015-06-17 12:06:27 -04:00
include_examples "to verify compliance with allow_single_sign_on"
end
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
Fix behavior of ldap_person method in Gitlab::OAuth::User Code tweaks in 45e9150a caused the ldap_person method to not return expected results. Improved tests to cover the ldap_person method, which was previously stubbed.
2015-06-17 12:06:27 -04:00
context "and at least one LDAP provider is defined" do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { stub_ldap_config(providers: %w(ldapmain)) }
Fix behavior of ldap_person method in Gitlab::OAuth::User Code tweaks in 45e9150a caused the ldap_person method to not return expected results. Improved tests to cover the ldap_person method, which was previously stubbed.
2015-06-17 12:06:27 -04:00
context "and a corresponding LDAP person" do
before do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
allow(ldap_user).to receive(:uid) { uid }
allow(ldap_user).to receive(:username) { uid }
Enable Style/SpaceAfterComma Rubocop cop
2016-06-29 09:23:44 -04:00
allow(ldap_user).to receive(:email) { ['johndoe@example.com', 'john2@example.com'] }
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
allow(ldap_user).to receive(:dn) { 'uid=user1,ou=People,dc=example' }
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
end
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
Fix behavior of ldap_person method in Gitlab::OAuth::User Code tweaks in 45e9150a caused the ldap_person method to not return expected results. Improved tests to cover the ldap_person method, which was previously stubbed.
2015-06-17 12:06:27 -04:00
context "and no account for the LDAP user" do
it "creates a user with dual LDAP and omniauth identities" do
Omniauth auto link LDAP user falls back to find by DN when user cannot be found by uid
2016-10-19 10:50:34 -04:00
allow(Gitlab::LDAP::Person).to receive(:find_by_uid).and_return(ldap_user)
Fix behavior of ldap_person method in Gitlab::OAuth::User Code tweaks in 45e9150a caused the ldap_person method to not return expected results. Improved tests to cover the ldap_person method, which was previously stubbed.
2015-06-17 12:06:27 -04:00
oauth_user.save
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
Fix behavior of ldap_person method in Gitlab::OAuth::User Code tweaks in 45e9150a caused the ldap_person method to not return expected results. Improved tests to cover the ldap_person method, which was previously stubbed.
2015-06-17 12:06:27 -04:00
expect(gl_user).to be_valid
expect(gl_user.username).to eql uid
expect(gl_user.email).to eql 'johndoe@example.com'
expect(gl_user.identities.length).to eql 2
identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } }
expect(identities_as_hash).to match_array(
[ { provider: 'ldapmain', extern_uid: 'uid=user1,ou=People,dc=example' },
{ provider: 'twitter', extern_uid: uid }
])
end
end
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
Fix behavior of ldap_person method in Gitlab::OAuth::User Code tweaks in 45e9150a caused the ldap_person method to not return expected results. Improved tests to cover the ldap_person method, which was previously stubbed.
2015-06-17 12:06:27 -04:00
context "and LDAP user has an account already" do
let!(:existing_user) { create(:omniauth_user, email: 'john@example.com', extern_uid: 'uid=user1,ou=People,dc=example', provider: 'ldapmain', username: 'john') }
it "adds the omniauth identity to the LDAP account" do
Omniauth auto link LDAP user falls back to find by DN when user cannot be found by uid
2016-10-19 10:50:34 -04:00
allow(Gitlab::LDAP::Person).to receive(:find_by_uid).and_return(ldap_user)
Fix behavior of ldap_person method in Gitlab::OAuth::User Code tweaks in 45e9150a caused the ldap_person method to not return expected results. Improved tests to cover the ldap_person method, which was previously stubbed.
2015-06-17 12:06:27 -04:00
oauth_user.save
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
Fix behavior of ldap_person method in Gitlab::OAuth::User Code tweaks in 45e9150a caused the ldap_person method to not return expected results. Improved tests to cover the ldap_person method, which was previously stubbed.
2015-06-17 12:06:27 -04:00
expect(gl_user).to be_valid
expect(gl_user.username).to eql 'john'
expect(gl_user.email).to eql 'john@example.com'
expect(gl_user.identities.length).to eql 2
identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } }
expect(identities_as_hash).to match_array(
[ { provider: 'ldapmain', extern_uid: 'uid=user1,ou=People,dc=example' },
{ provider: 'twitter', extern_uid: uid }
])
end
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
end
Omniauth auto link LDAP user falls back to find by DN when user cannot be found by uid
2016-10-19 10:50:34 -04:00
context 'when an LDAP person is not found by uid' do
it 'tries to find an LDAP person by DN and adds the omniauth identity to the user' do
allow(Gitlab::LDAP::Person).to receive(:find_by_uid).and_return(nil)
allow(Gitlab::LDAP::Person).to receive(:find_by_dn).and_return(ldap_user)
oauth_user.save
identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } }
expect(identities_as_hash)
.to match_array(
[
{ provider: 'ldapmain', extern_uid: 'uid=user1,ou=People,dc=example' },
{ provider: 'twitter', extern_uid: uid }
]
)
end
end
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
end
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
Fix behavior of ldap_person method in Gitlab::OAuth::User Code tweaks in 45e9150a caused the ldap_person method to not return expected results. Improved tests to cover the ldap_person method, which was previously stubbed.
2015-06-17 12:06:27 -04:00
context "and no corresponding LDAP person" do
before { allow(Gitlab::LDAP::Person).to receive(:find_by_uid).and_return(nil) }
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
Fix behavior of ldap_person method in Gitlab::OAuth::User Code tweaks in 45e9150a caused the ldap_person method to not return expected results. Improved tests to cover the ldap_person method, which was previously stubbed.
2015-06-17 12:06:27 -04:00
include_examples "to verify compliance with allow_single_sign_on"
end
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
end
Refactor OAuth refactorings to CE
2014-10-10 06:03:32 -04:00
end
Ensure oath callbacks without a nickname work (google)
2014-09-01 08:26:10 -04:00
end
Add regressiontest to verify allow_single_sign_on setting verification for #1677 Since testing omniauth_callback_controller.rb is very difficult, the logic is moved to the models
2014-10-16 14:08:30 -04:00
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
describe 'blocking' do
let(:provider) { 'twitter' }
Decouple SAML authentication from the default Omniauth logic
2016-02-18 17:01:07 -05:00
before { stub_omniauth_config(allow_single_sign_on: ['twitter']) }
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
context 'signup with omniauth only' do
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
context 'dont block on create' do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { stub_omniauth_config(block_auto_created_users: false) }
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
it do
oauth_user.save
Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
2015-02-12 13:17:35 -05:00
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
end
end
context 'block on create' do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { stub_omniauth_config(block_auto_created_users: true) }
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
it do
oauth_user.save
Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
2015-02-12 13:17:35 -05:00
expect(gl_user).to be_valid
expect(gl_user).to be_blocked
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
end
end
end
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
context 'signup with linked omniauth and LDAP account' do
before do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
stub_omniauth_config(auto_link_ldap_user: true)
allow(ldap_user).to receive(:uid) { uid }
allow(ldap_user).to receive(:username) { uid }
Enable Style/SpaceAfterComma Rubocop cop
2016-06-29 09:23:44 -04:00
allow(ldap_user).to receive(:email) { ['johndoe@example.com', 'john2@example.com'] }
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
allow(ldap_user).to receive(:dn) { 'uid=user1,ou=People,dc=example' }
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
allow(oauth_user).to receive(:ldap_person).and_return(ldap_user)
end
context "and no account for the LDAP user" do
context 'dont block on create (LDAP)' do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: false) }
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
it do
oauth_user.save
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end
context 'block on create (LDAP)' do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: true) }
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
it do
oauth_user.save
expect(gl_user).to be_valid
expect(gl_user).to be_blocked
end
end
end
context 'and LDAP user has an account already' do
let!(:existing_user) { create(:omniauth_user, email: 'john@example.com', extern_uid: 'uid=user1,ou=People,dc=example', provider: 'ldapmain', username: 'john') }
context 'dont block on create (LDAP)' do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: false) }
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
it do
oauth_user.save
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end
context 'block on create (LDAP)' do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: true) }
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
it do
oauth_user.save
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end
end
end
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
context 'sign-in' do
before do
oauth_user.save
oauth_user.gl_user.activate
end
context 'dont block on create' do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { stub_omniauth_config(block_auto_created_users: false) }
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
it do
oauth_user.save
Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
2015-02-12 13:17:35 -05:00
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
end
end
context 'block on create' do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { stub_omniauth_config(block_auto_created_users: true) }
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
it do
oauth_user.save
Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
2015-02-12 13:17:35 -05:00
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
Fix account existing blocking Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-17 07:08:02 -04:00
end
end
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
context 'dont block on create (LDAP)' do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: false) }
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
it do
oauth_user.save
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end
context 'block on create (LDAP)' do
Fix Gitlab::OAuth::User spec
2015-06-18 22:12:03 -04:00
before { allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: true) }
Add option to automatically link omniauth and LDAP identities Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
2015-06-02 06:01:29 -04:00
it do
oauth_user.save
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end
Add regressiontest to verify allow_single_sign_on setting verification for #1677 Since testing omniauth_callback_controller.rb is very difficult, the logic is moved to the models
2014-10-16 14:08:30 -04:00
end
end
Rewrite OAuth specs
2013-09-03 17:53:13 -04:00
end
end
Copy permalink