2019-03-30 03:23:56 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-01-06 02:38:52 -05:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-24 14:09:03 -04:00
|
|
|
RSpec.describe Identity do
|
2016-01-06 02:38:52 -05:00
|
|
|
describe 'relations' do
|
|
|
|
it { is_expected.to belong_to(:user) }
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'fields' do
|
|
|
|
it { is_expected.to respond_to(:provider) }
|
|
|
|
it { is_expected.to respond_to(:extern_uid) }
|
|
|
|
end
|
|
|
|
|
2019-01-29 01:35:25 -05:00
|
|
|
describe 'validations' do
|
2020-02-05 07:09:15 -05:00
|
|
|
let_it_be(:user) { create(:user) }
|
2019-01-29 01:35:25 -05:00
|
|
|
|
|
|
|
context 'with existing user and provider' do
|
|
|
|
before do
|
|
|
|
create(:identity, provider: 'ldapmain', user_id: user.id)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns false for a duplicate entry' do
|
|
|
|
identity = user.identities.build(provider: 'ldapmain', user_id: user.id)
|
|
|
|
|
|
|
|
expect(identity.validate).to be_falsey
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns true when a different provider is used' do
|
|
|
|
identity = user.identities.build(provider: 'gitlab', user_id: user.id)
|
|
|
|
|
|
|
|
expect(identity.validate).to be_truthy
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with newly-created user' do
|
|
|
|
before do
|
|
|
|
create(:identity, provider: 'ldapmain', user_id: nil)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'successfully validates even with a nil user_id' do
|
|
|
|
identity = user.identities.build(provider: 'ldapmain')
|
|
|
|
|
|
|
|
expect(identity.validate).to be_truthy
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-01-06 02:38:52 -05:00
|
|
|
describe '#is_ldap?' do
|
|
|
|
let(:ldap_identity) { create(:identity, provider: 'ldapmain') }
|
|
|
|
let(:other_identity) { create(:identity, provider: 'twitter') }
|
|
|
|
|
|
|
|
it 'returns true if it is a ldap identity' do
|
2016-01-12 09:29:10 -05:00
|
|
|
expect(ldap_identity.ldap?).to be_truthy
|
2016-01-06 02:38:52 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns false if it is not a ldap identity' do
|
2016-01-12 09:29:10 -05:00
|
|
|
expect(other_identity.ldap?).to be_falsey
|
2016-01-06 02:38:52 -05:00
|
|
|
end
|
|
|
|
end
|
2017-10-31 05:52:44 -04:00
|
|
|
|
|
|
|
describe '.with_extern_uid' do
|
|
|
|
context 'LDAP identity' do
|
|
|
|
let!(:ldap_identity) { create(:identity, provider: 'ldapmain', extern_uid: 'uid=john smith,ou=people,dc=example,dc=com') }
|
|
|
|
|
|
|
|
it 'finds the identity when the DN is formatted differently' do
|
|
|
|
identity = described_class.with_extern_uid('ldapmain', 'uid=John Smith, ou=People, dc=example, dc=com').first
|
|
|
|
|
|
|
|
expect(identity).to eq(ldap_identity)
|
|
|
|
end
|
|
|
|
end
|
2017-11-17 09:24:25 -05:00
|
|
|
|
|
|
|
context 'any other provider' do
|
|
|
|
let!(:test_entity) { create(:identity, provider: 'test_provider', extern_uid: 'test_uid') }
|
|
|
|
|
|
|
|
it 'the extern_uid lookup is case insensitive' do
|
|
|
|
identity = described_class.with_extern_uid('test_provider', 'TEST_UID').first
|
|
|
|
|
|
|
|
expect(identity).to eq(test_entity)
|
|
|
|
end
|
|
|
|
end
|
2017-10-31 05:52:44 -04:00
|
|
|
end
|
2017-12-21 09:31:15 -05:00
|
|
|
|
2020-12-08 07:09:53 -05:00
|
|
|
describe '.with_any_extern_uid' do
|
|
|
|
context 'provider with extern uid' do
|
|
|
|
let!(:test_entity) { create(:identity, provider: 'test_provider', extern_uid: 'test_uid') }
|
|
|
|
|
|
|
|
it 'finds any extern uids associated with a provider' do
|
|
|
|
identity = described_class.with_any_extern_uid('test_provider').first
|
|
|
|
|
|
|
|
expect(identity).to be
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'provider with nil extern uid' do
|
|
|
|
let!(:nil_entity) { create(:identity, provider: 'nil_entity_provider', extern_uid: nil) }
|
|
|
|
|
|
|
|
it 'has no results when there are no extern uids' do
|
|
|
|
identity = described_class.with_any_extern_uid('nil_entity_provider').first
|
|
|
|
|
|
|
|
expect(identity).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'no provider' do
|
|
|
|
it 'has no results when there is no associated provider' do
|
|
|
|
identity = described_class.with_any_extern_uid('nonexistent_provider').first
|
|
|
|
|
|
|
|
expect(identity).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-12-21 09:31:15 -05:00
|
|
|
context 'callbacks' do
|
|
|
|
context 'before_save' do
|
|
|
|
describe 'normalizes extern uid' do
|
|
|
|
let!(:ldap_identity) { create(:identity, provider: 'ldapmain', extern_uid: 'uid=john smith,ou=people,dc=example,dc=com') }
|
|
|
|
|
|
|
|
it 'if extern_uid changes' do
|
|
|
|
expect(ldap_identity).not_to receive(:ensure_normalized_extern_uid)
|
2021-11-03 17:10:35 -04:00
|
|
|
ldap_identity.save!
|
2017-12-21 09:31:15 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'if current_uid is nil' do
|
|
|
|
expect(ldap_identity).to receive(:ensure_normalized_extern_uid)
|
|
|
|
|
2021-11-03 17:10:35 -04:00
|
|
|
ldap_identity.update!(extern_uid: nil)
|
2017-12-21 09:31:15 -05:00
|
|
|
|
|
|
|
expect(ldap_identity.extern_uid).to be_nil
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'if extern_uid changed and not nil' do
|
2021-11-03 17:10:35 -04:00
|
|
|
ldap_identity.update!(extern_uid: 'uid=john1,ou=PEOPLE,dc=example,dc=com')
|
2017-12-21 09:31:15 -05:00
|
|
|
|
|
|
|
expect(ldap_identity.extern_uid).to eq 'uid=john1,ou=people,dc=example,dc=com'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2018-02-15 04:27:38 -05:00
|
|
|
|
|
|
|
context 'after_destroy' do
|
|
|
|
let!(:user) { create(:user) }
|
|
|
|
let(:ldap_identity) { create(:identity, provider: 'ldapmain', extern_uid: 'uid=john smith,ou=people,dc=example,dc=com', user: user) }
|
|
|
|
let(:ldap_user_synced_attributes) { { provider: 'ldapmain', name_synced: true, email_synced: true } }
|
|
|
|
let(:other_provider_user_synced_attributes) { { provider: 'other', name_synced: true, email_synced: true } }
|
|
|
|
|
|
|
|
describe 'if user synced attributes metadada provider' do
|
|
|
|
context 'matches the identity provider ' do
|
|
|
|
it 'removes the user synced attributes' do
|
|
|
|
user.create_user_synced_attributes_metadata(ldap_user_synced_attributes)
|
|
|
|
|
|
|
|
expect(user.user_synced_attributes_metadata.provider).to eq 'ldapmain'
|
|
|
|
|
2021-11-03 17:10:35 -04:00
|
|
|
ldap_identity.destroy!
|
2018-02-15 04:27:38 -05:00
|
|
|
|
|
|
|
expect(user.reload.user_synced_attributes_metadata).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'does not matche the identity provider' do
|
|
|
|
it 'does not remove the user synced attributes' do
|
|
|
|
user.create_user_synced_attributes_metadata(other_provider_user_synced_attributes)
|
|
|
|
|
|
|
|
expect(user.user_synced_attributes_metadata.provider).to eq 'other'
|
|
|
|
|
2021-11-03 17:10:35 -04:00
|
|
|
ldap_identity.destroy!
|
2018-02-15 04:27:38 -05:00
|
|
|
|
|
|
|
expect(user.reload.user_synced_attributes_metadata.provider).to eq 'other'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2017-12-21 09:31:15 -05:00
|
|
|
end
|
2016-01-06 02:38:52 -05:00
|
|
|
end
|