Merge branch 'ce-security-jej/group-saml-link-origin-verification' into 'master'
Ensure request to link GroupSAML acount was GitLab initiated See merge request gitlab/gitlabhq!2976
This commit is contained in:
commit
040e6e72bf
3 changed files with 14 additions and 7 deletions
|
@ -12,7 +12,7 @@ module Gitlab
|
|||
end
|
||||
|
||||
def link
|
||||
save if identity.new_record?
|
||||
save if unlinked?
|
||||
end
|
||||
|
||||
def changed?
|
||||
|
@ -35,6 +35,10 @@ module Gitlab
|
|||
@changed = identity.save
|
||||
end
|
||||
|
||||
def unlinked?
|
||||
identity.new_record?
|
||||
end
|
||||
|
||||
# rubocop: disable CodeReuse/ActiveRecord
|
||||
def identity
|
||||
@identity ||= current_user.identities
|
||||
|
|
|
@ -193,7 +193,7 @@ describe OmniauthCallbacksController, type: :controller do
|
|||
before do
|
||||
stub_omniauth_saml_config({ enabled: true, auto_link_saml_user: true, allow_single_sign_on: ['saml'],
|
||||
providers: [saml_config] })
|
||||
mock_auth_hash('saml', 'my-uid', user.email, mock_saml_response)
|
||||
mock_auth_hash_with_saml_xml('saml', 'my-uid', user.email, mock_saml_response)
|
||||
request.env["devise.mapping"] = Devise.mappings[:user]
|
||||
request.env['omniauth.auth'] = Rails.application.env_config['omniauth.auth']
|
||||
post :saml, params: { SAMLResponse: mock_saml_response }
|
||||
|
|
|
@ -47,7 +47,7 @@ module LoginHelpers
|
|||
end
|
||||
|
||||
def gitlab_sign_in_via(provider, user, uid, saml_response = nil)
|
||||
mock_auth_hash(provider, uid, user.email, saml_response)
|
||||
mock_auth_hash_with_saml_xml(provider, uid, user.email, saml_response)
|
||||
visit new_user_session_path
|
||||
click_link provider
|
||||
end
|
||||
|
@ -87,7 +87,12 @@ module LoginHelpers
|
|||
click_link "oauth-login-#{provider}"
|
||||
end
|
||||
|
||||
def mock_auth_hash(provider, uid, email, saml_response = nil)
|
||||
def mock_auth_hash_with_saml_xml(provider, uid, email, saml_response)
|
||||
response_object = { document: saml_xml(saml_response) }
|
||||
mock_auth_hash(provider, uid, email, response_object: response_object)
|
||||
end
|
||||
|
||||
def mock_auth_hash(provider, uid, email, response_object: nil)
|
||||
# The mock_auth configuration allows you to set per-provider (or default)
|
||||
# authentication hashes to return during integration testing.
|
||||
OmniAuth.config.mock_auth[provider.to_sym] = OmniAuth::AuthHash.new({
|
||||
|
@ -110,9 +115,7 @@ module LoginHelpers
|
|||
image: 'mock_user_thumbnail_url'
|
||||
}
|
||||
},
|
||||
response_object: {
|
||||
document: saml_xml(saml_response)
|
||||
}
|
||||
response_object: response_object
|
||||
}
|
||||
})
|
||||
Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[provider.to_sym]
|
||||
|
|
Loading…
Reference in a new issue