2013-09-12 16:27:51 -04:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2015-12-09 05:55:36 -05:00
|
|
|
describe Gitlab::LDAP::User, lib: true do
|
2015-04-14 11:09:05 -04:00
|
|
|
let(:ldap_user) { Gitlab::LDAP::User.new(auth_hash) }
|
|
|
|
let(:gl_user) { ldap_user.gl_user }
|
2014-09-01 09:30:46 -04:00
|
|
|
let(:info) do
|
2014-10-10 06:03:32 -04:00
|
|
|
{
|
2013-09-12 16:27:51 -04:00
|
|
|
name: 'John',
|
2014-09-01 09:30:46 -04:00
|
|
|
email: 'john@example.com',
|
2014-03-10 13:16:43 -04:00
|
|
|
nickname: 'john'
|
2014-10-10 06:03:32 -04:00
|
|
|
}
|
|
|
|
end
|
|
|
|
let(:auth_hash) do
|
2015-09-08 12:34:18 -04:00
|
|
|
OmniAuth::AuthHash.new(uid: 'my-uid', provider: 'ldapmain', info: info)
|
2013-09-12 16:27:51 -04:00
|
|
|
end
|
2015-10-08 15:59:46 -04:00
|
|
|
let(:ldap_user_upper_case) { Gitlab::LDAP::User.new(auth_hash_upper_case) }
|
|
|
|
let(:info_upper_case) do
|
|
|
|
{
|
|
|
|
name: 'John',
|
|
|
|
email: 'John@Example.com', # Email address has upper case chars
|
|
|
|
nickname: 'john'
|
|
|
|
}
|
|
|
|
end
|
|
|
|
let(:auth_hash_upper_case) do
|
|
|
|
OmniAuth::AuthHash.new(uid: 'my-uid', provider: 'ldapmain', info: info_upper_case)
|
|
|
|
end
|
2014-09-01 09:30:46 -04:00
|
|
|
|
2016-07-11 18:12:31 -04:00
|
|
|
describe '#changed?' do
|
2015-01-29 16:28:41 -05:00
|
|
|
it "marks existing ldap user as changed" do
|
2015-05-21 17:49:06 -04:00
|
|
|
create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain')
|
2015-04-14 11:09:05 -04:00
|
|
|
expect(ldap_user.changed?).to be_truthy
|
2015-01-29 16:28:41 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "marks existing non-ldap user if the email matches as changed" do
|
2015-05-21 17:49:06 -04:00
|
|
|
create(:user, email: 'john@example.com')
|
2015-04-14 11:09:05 -04:00
|
|
|
expect(ldap_user.changed?).to be_truthy
|
2015-01-29 16:28:41 -05:00
|
|
|
end
|
|
|
|
|
2016-08-01 11:00:44 -04:00
|
|
|
it "does not mark existing ldap user as changed" do
|
2016-01-19 10:25:38 -05:00
|
|
|
create(:omniauth_user, email: 'john@example.com', extern_uid: 'my-uid', provider: 'ldapmain', ldap_email: true)
|
2015-04-14 11:09:05 -04:00
|
|
|
expect(ldap_user.changed?).to be_falsey
|
2015-01-29 16:28:41 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-12-22 13:00:41 -05:00
|
|
|
describe '.find_by_uid_and_provider' do
|
|
|
|
it 'retrieves the correct user' do
|
|
|
|
special_info = {
|
|
|
|
name: 'John Åström',
|
|
|
|
email: 'john@example.com',
|
|
|
|
nickname: 'jastrom'
|
|
|
|
}
|
|
|
|
special_hash = OmniAuth::AuthHash.new(uid: 'CN=John Åström,CN=Users,DC=Example,DC=com', provider: 'ldapmain', info: special_info)
|
|
|
|
special_chars_user = described_class.new(special_hash)
|
|
|
|
user = special_chars_user.save
|
|
|
|
|
|
|
|
expect(described_class.find_by_uid_and_provider(special_hash.uid, special_hash.provider)).to eq user
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-09-01 09:30:46 -04:00
|
|
|
describe :find_or_create do
|
|
|
|
it "finds the user if already existing" do
|
2015-05-21 17:49:06 -04:00
|
|
|
create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain')
|
2013-09-12 16:27:51 -04:00
|
|
|
|
2015-06-17 21:30:58 -04:00
|
|
|
expect{ ldap_user.save }.not_to change{ User.count }
|
2013-09-12 16:27:51 -04:00
|
|
|
end
|
|
|
|
|
2014-09-01 09:30:46 -04:00
|
|
|
it "connects to existing non-ldap user if the email matches" do
|
2014-12-04 06:43:08 -05:00
|
|
|
existing_user = create(:omniauth_user, email: 'john@example.com', provider: "twitter")
|
2015-06-17 21:30:58 -04:00
|
|
|
expect{ ldap_user.save }.not_to change{ User.count }
|
2014-09-01 09:30:46 -04:00
|
|
|
|
|
|
|
existing_user.reload
|
2014-11-27 06:34:39 -05:00
|
|
|
expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
|
|
|
|
expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
|
2013-09-12 16:27:51 -04:00
|
|
|
end
|
|
|
|
|
2015-07-21 17:03:26 -04:00
|
|
|
it 'connects to existing ldap user if the extern_uid changes' do
|
|
|
|
existing_user = create(:omniauth_user, email: 'john@example.com', extern_uid: 'old-uid', provider: 'ldapmain')
|
|
|
|
expect{ ldap_user.save }.not_to change{ User.count }
|
|
|
|
|
|
|
|
existing_user.reload
|
|
|
|
expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
|
|
|
|
expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
|
2015-10-08 15:59:46 -04:00
|
|
|
expect(existing_user.id).to eql ldap_user.gl_user.id
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'connects to existing ldap user if the extern_uid changes and email address has upper case characters' do
|
|
|
|
existing_user = create(:omniauth_user, email: 'john@example.com', extern_uid: 'old-uid', provider: 'ldapmain')
|
|
|
|
expect{ ldap_user_upper_case.save }.not_to change{ User.count }
|
|
|
|
|
|
|
|
existing_user.reload
|
|
|
|
expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
|
|
|
|
expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
|
2015-07-21 17:03:26 -04:00
|
|
|
expect(existing_user.id).to eql ldap_user.gl_user.id
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'maintains an identity per provider' do
|
|
|
|
existing_user = create(:omniauth_user, email: 'john@example.com', provider: 'twitter')
|
|
|
|
expect(existing_user.identities.count).to eql(1)
|
|
|
|
|
|
|
|
ldap_user.save
|
|
|
|
expect(ldap_user.gl_user.identities.count).to eql(2)
|
|
|
|
|
|
|
|
# Expect that find_by provider only returns a single instance of an identity and not an Enumerable
|
|
|
|
expect(ldap_user.gl_user.identities.find_by(provider: 'twitter')).to be_instance_of Identity
|
|
|
|
expect(ldap_user.gl_user.identities.find_by(provider: auth_hash.provider)).to be_instance_of Identity
|
|
|
|
end
|
|
|
|
|
2014-09-01 09:30:46 -04:00
|
|
|
it "creates a new user if not found" do
|
2015-04-14 11:09:05 -04:00
|
|
|
expect{ ldap_user.save }.to change{ User.count }.by(1)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-01-19 10:25:38 -05:00
|
|
|
describe 'updating email' do
|
|
|
|
context "when LDAP sets an email" do
|
|
|
|
it "has a real email" do
|
|
|
|
expect(ldap_user.gl_user.email).to eq(info[:email])
|
|
|
|
end
|
|
|
|
|
|
|
|
it "has ldap_email set to true" do
|
|
|
|
expect(ldap_user.gl_user.ldap_email?).to be(true)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when LDAP doesn't set an email" do
|
|
|
|
before do
|
|
|
|
info.delete(:email)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "has a temp email" do
|
|
|
|
expect(ldap_user.gl_user.temp_oauth_email?).to be(true)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "has ldap_email set to false" do
|
|
|
|
expect(ldap_user.gl_user.ldap_email?).to be(false)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-04-14 11:09:05 -04:00
|
|
|
describe 'blocking' do
|
2015-05-21 17:49:06 -04:00
|
|
|
def configure_block(value)
|
2017-02-22 11:55:08 -05:00
|
|
|
allow_any_instance_of(Gitlab::LDAP::Config)
|
|
|
|
.to receive(:block_auto_created_users).and_return(value)
|
2015-05-21 17:49:06 -04:00
|
|
|
end
|
|
|
|
|
2015-04-14 11:09:05 -04:00
|
|
|
context 'signup' do
|
|
|
|
context 'dont block on create' do
|
2015-05-21 17:49:06 -04:00
|
|
|
before { configure_block(false) }
|
2015-04-14 11:09:05 -04:00
|
|
|
|
|
|
|
it do
|
|
|
|
ldap_user.save
|
|
|
|
expect(gl_user).to be_valid
|
|
|
|
expect(gl_user).not_to be_blocked
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'block on create' do
|
2015-05-21 17:49:06 -04:00
|
|
|
before { configure_block(true) }
|
2015-04-14 11:09:05 -04:00
|
|
|
|
|
|
|
it do
|
|
|
|
ldap_user.save
|
|
|
|
expect(gl_user).to be_valid
|
|
|
|
expect(gl_user).to be_blocked
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'sign-in' do
|
|
|
|
before do
|
|
|
|
ldap_user.save
|
|
|
|
ldap_user.gl_user.activate
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'dont block on create' do
|
2015-05-21 17:49:06 -04:00
|
|
|
before { configure_block(false) }
|
2015-04-14 11:09:05 -04:00
|
|
|
|
|
|
|
it do
|
|
|
|
ldap_user.save
|
|
|
|
expect(gl_user).to be_valid
|
|
|
|
expect(gl_user).not_to be_blocked
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'block on create' do
|
2015-05-21 17:49:06 -04:00
|
|
|
before { configure_block(true) }
|
2015-04-14 11:09:05 -04:00
|
|
|
|
|
|
|
it do
|
|
|
|
ldap_user.save
|
|
|
|
expect(gl_user).to be_valid
|
|
|
|
expect(gl_user).not_to be_blocked
|
|
|
|
end
|
|
|
|
end
|
2013-09-12 16:27:51 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|