gitlab-org--gitlab-foss/spec/features/oauth_login_spec.rb

require 'spec_helper'

feature 'OAuth Login', js: true do
  def enter_code(code)
    fill_in 'user_otp_attempt', with: code
    click_button 'Verify code'
  end

  def stub_omniauth_config(provider)
    OmniAuth.config.add_mock(provider, OmniAuth::AuthHash.new(provider: provider.to_s, uid: "12345"))
    Rails.application.env_config['devise.mapping'] = Devise.mappings[:user]
    Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[provider]
  end

  providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2,
               :facebook, :cas3, :auth0, :authentiq]

  before(:all) do
    # The OmniAuth `full_host` parameter doesn't get set correctly (it gets set to something like `http://localhost`
    # here), and causes integration tests to fail with 404s. We set the `full_host` by removing the request path (and
    # anything after it) from the request URI.
    @omniauth_config_full_host = OmniAuth.config.full_host
    OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(/#{request['REQUEST_PATH']}.*/, '') }
  end

  after(:all) do
    OmniAuth.config.full_host = @omniauth_config_full_host
  end

  providers.each do |provider|
    context "when the user logs in using the #{provider} provider" do
      context 'when two-factor authentication is disabled' do
        it 'logs the user in' do
          stub_omniauth_config(provider)
          user = create(:omniauth_user, extern_uid: 'my-uid', provider: provider.to_s)
          login_via(provider.to_s, user, 'my-uid')

          expect(current_path).to eq root_path
        end
      end

      context 'when two-factor authentication is enabled' do
        it 'logs the user in' do
          stub_omniauth_config(provider)
          user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: provider.to_s)
          login_via(provider.to_s, user, 'my-uid')

          enter_code(user.current_otp)
          expect(current_path).to eq root_path
        end
      end

      context 'when "remember me" is checked' do
        context 'when two-factor authentication is disabled' do
          it 'remembers the user after a browser restart' do
            stub_omniauth_config(provider)
            user = create(:omniauth_user, extern_uid: 'my-uid', provider: provider.to_s)
            login_via(provider.to_s, user, 'my-uid', remember_me: true)

            clear_browser_session

            visit(root_path)
            expect(current_path).to eq root_path
          end
        end

        context 'when two-factor authentication is enabled' do
          it 'remembers the user after a browser restart' do
            stub_omniauth_config(provider)
            user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: provider.to_s)
            login_via(provider.to_s, user, 'my-uid', remember_me: true)
            enter_code(user.current_otp)

            clear_browser_session

            visit(root_path)
            expect(current_path).to eq root_path
          end
        end
      end

      context 'when "remember me" is not checked' do
        context 'when two-factor authentication is disabled' do
          it 'does not remember the user after a browser restart' do
            stub_omniauth_config(provider)
            user = create(:omniauth_user, extern_uid: 'my-uid', provider: provider.to_s)
            login_via(provider.to_s, user, 'my-uid', remember_me: false)

            clear_browser_session

            visit(root_path)
            expect(current_path).to eq new_user_session_path
          end
        end

        context 'when two-factor authentication is enabled' do
          it 'does not remember the user after a browser restart' do
            stub_omniauth_config(provider)
            user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: provider.to_s)
            login_via(provider.to_s, user, 'my-uid', remember_me: false)
            enter_code(user.current_otp)

            clear_browser_session

            visit(root_path)
            expect(current_path).to eq new_user_session_path
          end
        end
      end
    end
  end
end
Add integration tests around OAuth login. - There was previously a test for `saml` login in `login_spec`, but this didn't seem to be passing. A lot of things didn't seem right here, and I suspect that this test hasn't been running. I'll investigate this further. - It took almost a whole working day to figure out this line: OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') } As always, it's obvious in retrospect, but it took some digging to figure out tests were failing and returning 404s during the callback phase. - Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook 2017-06-14 04:30:07 +00:00			`require 'spec_helper'`

Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`feature 'OAuth Login', js: true do`
Add integration tests around OAuth login. - There was previously a test for `saml` login in `login_spec`, but this didn't seem to be passing. A lot of things didn't seem right here, and I suspect that this test hasn't been running. I'll investigate this further. - It took almost a whole working day to figure out this line: OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') } As always, it's obvious in retrospect, but it took some digging to figure out tests were failing and returning 404s during the callback phase. - Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook 2017-06-14 04:30:07 +00:00			`def enter_code(code)`
			`fill_in 'user_otp_attempt', with: code`
			`click_button 'Verify code'`
			`end`

			`def stub_omniauth_config(provider)`
Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`OmniAuth.config.add_mock(provider, OmniAuth::AuthHash.new(provider: provider.to_s, uid: "12345"))`
Add integration tests around OAuth login. - There was previously a test for `saml` login in `login_spec`, but this didn't seem to be passing. A lot of things didn't seem right here, and I suspect that this test hasn't been running. I'll investigate this further. - It took almost a whole working day to figure out this line: OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') } As always, it's obvious in retrospect, but it took some digging to figure out tests were failing and returning 404s during the callback phase. - Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook 2017-06-14 04:30:07 +00:00			`Rails.application.env_config['devise.mapping'] = Devise.mappings[:user]`
Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[provider]`
Add integration tests around OAuth login. - There was previously a test for `saml` login in `login_spec`, but this didn't seem to be passing. A lot of things didn't seem right here, and I suspect that this test hasn't been running. I'll investigate this further. - It took almost a whole working day to figure out this line: OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') } As always, it's obvious in retrospect, but it took some digging to figure out tests were failing and returning 404s during the callback phase. - Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook 2017-06-14 04:30:07 +00:00			`end`

Add more providers to the OAuth login integration tests. - Added saml, authentiq, cas3, and auth0 - Crowd seems to be a special case that will be handled separately. 2017-06-19 04:40:24 +00:00			`providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2,`
Test logging in via the Authentiq OAuth provider in a feature spec. - The `migration:path-pg` build was previously failing when the Authentiq feature spec was enabled by placing Authentiq configuration in the `test` section of `gitlab.yml` - The `migration:path-pg` task checks out an old revision of the codebase (`v8.14.10`) and runs a `schema:load`. It then checks out the commit under test, and runs `db:migrate`, to verify that migrations run without errors. - The problem here is that `v8.14.10` does not have the Authentiq module installed, but is run with the `gitlab.yml` for `master`, which would contain the `Authentiq` configuration in the `test` section. - The solution was to use the `v8.14.10` `gitlab.yml` for the `schema:load`, rather than the `gitlab.yml` from master. 2017-07-07 03:25:18 +00:00			`:facebook, :cas3, :auth0, :authentiq]`
Add integration tests around OAuth login. - There was previously a test for `saml` login in `login_spec`, but this didn't seem to be passing. A lot of things didn't seem right here, and I suspect that this test hasn't been running. I'll investigate this further. - It took almost a whole working day to figure out this line: OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') } As always, it's obvious in retrospect, but it took some digging to figure out tests were failing and returning 404s during the callback phase. - Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook 2017-06-14 04:30:07 +00:00
Add Omniauth OAuth config to the test section of `gitlab.yml` - I tried to get this to work by stubbing out portions of the config within the test. This didn't work as expected because Devise/Omniauth loaded before the stub could run, and the stubbed config was ignored. - I attempted to fix this by reloading Devise/Omniauth after stubbing the config. This successfully got Devise to load the stubbed providers, but failed while trying to access a route such as `user_gitlab_omniauth_authorize_path`. - I spent a while trying to figure this out (even trying `Rails.application.reload_routes!`), but nothing seemed to work. - I settled for adding this config directly to `gitlab.yml` rather than go down this path any further. 2017-06-19 07:55:09 +00:00			`before(:all) do`
Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			# The OmniAuth `full_host` parameter doesn't get set correctly (it gets set to something like `http://localhost`
			# here), and causes integration tests to fail with 404s. We set the `full_host` by removing the request path (and
			`# anything after it) from the request URI.`
			`@omniauth_config_full_host = OmniAuth.config.full_host`
Test the "Remember Me" flow for OAuth-based login. 2017-06-15 04:40:47 +00:00			`OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(/#{request['REQUEST_PATH']}.*/, '') }`
Add integration tests around OAuth login. - There was previously a test for `saml` login in `login_spec`, but this didn't seem to be passing. A lot of things didn't seem right here, and I suspect that this test hasn't been running. I'll investigate this further. - It took almost a whole working day to figure out this line: OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') } As always, it's obvious in retrospect, but it took some digging to figure out tests were failing and returning 404s during the callback phase. - Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook 2017-06-14 04:30:07 +00:00			`end`

Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`after(:all) do`
			`OmniAuth.config.full_host = @omniauth_config_full_host`
			`end`

Add integration tests around OAuth login. - There was previously a test for `saml` login in `login_spec`, but this didn't seem to be passing. A lot of things didn't seem right here, and I suspect that this test hasn't been running. I'll investigate this further. - It took almost a whole working day to figure out this line: OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') } As always, it's obvious in retrospect, but it took some digging to figure out tests were failing and returning 404s during the callback phase. - Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook 2017-06-14 04:30:07 +00:00			`providers.each do \|provider\|`
			`context "when the user logs in using the #{provider} provider" do`
Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`context 'when two-factor authentication is disabled' do`
Add integration tests around OAuth login. - There was previously a test for `saml` login in `login_spec`, but this didn't seem to be passing. A lot of things didn't seem right here, and I suspect that this test hasn't been running. I'll investigate this further. - It took almost a whole working day to figure out this line: OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') } As always, it's obvious in retrospect, but it took some digging to figure out tests were failing and returning 404s during the callback phase. - Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook 2017-06-14 04:30:07 +00:00			`it 'logs the user in' do`
			`stub_omniauth_config(provider)`
			`user = create(:omniauth_user, extern_uid: 'my-uid', provider: provider.to_s)`
			`login_via(provider.to_s, user, 'my-uid')`

			`expect(current_path).to eq root_path`
			`end`
			`end`

Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`context 'when two-factor authentication is enabled' do`
Add integration tests around OAuth login. - There was previously a test for `saml` login in `login_spec`, but this didn't seem to be passing. A lot of things didn't seem right here, and I suspect that this test hasn't been running. I'll investigate this further. - It took almost a whole working day to figure out this line: OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') } As always, it's obvious in retrospect, but it took some digging to figure out tests were failing and returning 404s during the callback phase. - Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook 2017-06-14 04:30:07 +00:00			`it 'logs the user in' do`
			`stub_omniauth_config(provider)`
			`user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: provider.to_s)`
			`login_via(provider.to_s, user, 'my-uid')`

			`enter_code(user.current_otp)`
			`expect(current_path).to eq root_path`
			`end`
			`end`
Test the "Remember Me" flow for OAuth-based login. 2017-06-15 04:40:47 +00:00
			`context 'when "remember me" is checked' do`
Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`context 'when two-factor authentication is disabled' do`
Test the "Remember Me" flow for OAuth-based login. 2017-06-15 04:40:47 +00:00			`it 'remembers the user after a browser restart' do`
			`stub_omniauth_config(provider)`
			`user = create(:omniauth_user, extern_uid: 'my-uid', provider: provider.to_s)`
			`login_via(provider.to_s, user, 'my-uid', remember_me: true)`

Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`clear_browser_session`
Test the "Remember Me" flow for OAuth-based login. 2017-06-15 04:40:47 +00:00
			`visit(root_path)`
			`expect(current_path).to eq root_path`
			`end`
			`end`

Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`context 'when two-factor authentication is enabled' do`
Test the "Remember Me" flow for OAuth-based login. 2017-06-15 04:40:47 +00:00			`it 'remembers the user after a browser restart' do`
			`stub_omniauth_config(provider)`
			`user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: provider.to_s)`
			`login_via(provider.to_s, user, 'my-uid', remember_me: true)`
			`enter_code(user.current_otp)`

Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`clear_browser_session`
Test the "Remember Me" flow for OAuth-based login. 2017-06-15 04:40:47 +00:00
			`visit(root_path)`
			`expect(current_path).to eq root_path`
			`end`
			`end`
			`end`

			`context 'when "remember me" is not checked' do`
Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`context 'when two-factor authentication is disabled' do`
Test the "Remember Me" flow for OAuth-based login. 2017-06-15 04:40:47 +00:00			`it 'does not remember the user after a browser restart' do`
			`stub_omniauth_config(provider)`
			`user = create(:omniauth_user, extern_uid: 'my-uid', provider: provider.to_s)`
			`login_via(provider.to_s, user, 'my-uid', remember_me: false)`

Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`clear_browser_session`
Test the "Remember Me" flow for OAuth-based login. 2017-06-15 04:40:47 +00:00
			`visit(root_path)`
			`expect(current_path).to eq new_user_session_path`
			`end`
			`end`

Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`context 'when two-factor authentication is enabled' do`
			`it 'does not remember the user after a browser restart' do`
Test the "Remember Me" flow for OAuth-based login. 2017-06-15 04:40:47 +00:00			`stub_omniauth_config(provider)`
			`user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: provider.to_s)`
			`login_via(provider.to_s, user, 'my-uid', remember_me: false)`
			`enter_code(user.current_otp)`

Implement review comments for !11963 from @adamniedzielski. - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes 2017-06-30 16:36:36 +00:00			`clear_browser_session`
Test the "Remember Me" flow for OAuth-based login. 2017-06-15 04:40:47 +00:00
			`visit(root_path)`
			`expect(current_path).to eq new_user_session_path`
			`end`
			`end`
			`end`
Add integration tests around OAuth login. - There was previously a test for `saml` login in `login_spec`, but this didn't seem to be passing. A lot of things didn't seem right here, and I suspect that this test hasn't been running. I'll investigate this further. - It took almost a whole working day to figure out this line: OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') } As always, it's obvious in retrospect, but it took some digging to figure out tests were failing and returning 404s during the callback phase. - Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook 2017-06-14 04:30:07 +00:00			`end`
			`end`
			`end`