From 154ce29d05a7f5dc9058b518b889ae98a8833b78 Mon Sep 17 00:00:00 2001
From: Sanad Liaquat <sliaquat@gitlab.com>
Date: Wed, 10 Oct 2018 20:02:43 +0500
Subject: [PATCH] Initial commit

Use ACCEPT_INSECURE_CERTS env var and fix step

Simplify saml signin

Fix rubo cop offence

Add missing # frozen_string_literal: true
---
 .rubocop.yml                                  |  1 +
 .../devise/shared/_omniauth_box.html.haml     |  2 +-
 qa/qa.rb                                      | 13 +++++++++++++
 qa/qa/page/main/login.rb                      |  9 +++++++++
 qa/qa/runtime/browser.rb                      |  4 ++++
 qa/qa/runtime/env.rb                          |  4 ++++
 .../test/integration/instance_saml.rb         | 13 +++++++++++++
 .../login_via_instance_wide_saml_sso_spec.rb  | 17 +++++++++++++++++
 qa/qa/vendor/saml_idp/page/base.rb            | 14 ++++++++++++++
 qa/qa/vendor/saml_idp/page/login.rb           | 19 +++++++++++++++++++
 .../test/integration/instance_saml_spec.rb    |  9 +++++++++
 11 files changed, 104 insertions(+), 1 deletion(-)
 create mode 100644 qa/qa/scenario/test/integration/instance_saml.rb
 create mode 100644 qa/qa/specs/features/browser_ui/1_manage/login/login_via_instance_wide_saml_sso_spec.rb
 create mode 100644 qa/qa/vendor/saml_idp/page/base.rb
 create mode 100644 qa/qa/vendor/saml_idp/page/login.rb
 create mode 100644 qa/spec/scenario/test/integration/instance_saml_spec.rb

diff --git a/.rubocop.yml b/.rubocop.yml
index 242e7615211..1ea0b552fcb 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -84,6 +84,7 @@ Naming/FileName:
     - EE
     - JSON
     - LDAP
+    - SAML
     - IO
     - HMAC
     - QA
diff --git a/app/views/devise/shared/_omniauth_box.html.haml b/app/views/devise/shared/_omniauth_box.html.haml
index 269a3721e06..12271ee5adb 100644
--- a/app/views/devise/shared/_omniauth_box.html.haml
+++ b/app/views/devise/shared/_omniauth_box.html.haml
@@ -5,7 +5,7 @@
   .d-flex.justify-content-between.flex-wrap
     - providers.each do |provider|
       - has_icon = provider_has_icon?(provider)
-      = link_to omniauth_authorize_path(:user, provider), method: :post, class: 'btn d-flex align-items-center omniauth-btn text-left oauth-login', id: "oauth-login-#{provider}" do
+      = link_to omniauth_authorize_path(:user, provider), method: :post, class: 'btn d-flex align-items-center omniauth-btn text-left oauth-login qa-saml-login-button', id: "oauth-login-#{provider}" do
         - if has_icon
           = provider_image_tag(provider)
         %span
diff --git a/qa/qa.rb b/qa/qa.rb
index a0511186e70..5d4d691827e 100644
--- a/qa/qa.rb
+++ b/qa/qa.rb
@@ -97,6 +97,7 @@ module QA
       module Integration
         autoload :Github, 'qa/scenario/test/integration/github'
         autoload :LDAP, 'qa/scenario/test/integration/ldap'
+        autoload :InstanceSAML, 'qa/scenario/test/integration/instance_saml'
         autoload :Kubernetes, 'qa/scenario/test/integration/kubernetes'
         autoload :Mattermost, 'qa/scenario/test/integration/mattermost'
         autoload :ObjectStorage, 'qa/scenario/test/integration/object_storage'
@@ -300,6 +301,18 @@ module QA
     autoload :Config, 'qa/specs/config'
     autoload :Runner, 'qa/specs/runner'
   end
+
+  ##
+  # Classes that describe the structure of vendor/third party application pages
+  #
+  module Vendor
+    module SAMLIdp
+      module Page
+        autoload :Base, 'qa/vendor/saml_idp/page/base'
+        autoload :Login, 'qa/vendor/saml_idp/page/login'
+      end
+    end
+  end
 end
 
 QA::Runtime::Release.extend_autoloads!
diff --git a/qa/qa/page/main/login.rb b/qa/qa/page/main/login.rb
index eab7a85ff04..94b9486b0d5 100644
--- a/qa/qa/page/main/login.rb
+++ b/qa/qa/page/main/login.rb
@@ -31,6 +31,10 @@ module QA
           element :register_tab
         end
 
+        view 'app/views/devise/shared/_omniauth_box.html.haml' do
+          element :saml_login_button
+        end
+
         def initialize
           # The login page is usually the entry point for all the scenarios so
           # we need to wait for the instance to start. That said, in some cases
@@ -130,6 +134,11 @@ module QA
           click_element :sign_in_button
         end
 
+        def sign_in_with_saml
+          set_initial_password_if_present
+          click_element :saml_login_button
+        end
+
         def sign_in_using_gitlab_credentials(user)
           switch_to_sign_in_tab if has_sign_in_tab?
           switch_to_standard_tab if has_standard_tab?
diff --git a/qa/qa/runtime/browser.rb b/qa/qa/runtime/browser.rb
index 4c64270ce92..9aaf57e8d83 100644
--- a/qa/qa/runtime/browser.rb
+++ b/qa/qa/runtime/browser.rb
@@ -51,6 +51,10 @@ module QA
             }
           )
 
+          if QA::Runtime::Env.accept_insecure_certs?
+            capabilities['acceptInsecureCerts'] = true
+          end
+
           options = Selenium::WebDriver::Chrome::Options.new
           options.add_argument("window-size=1240,1680")
 
diff --git a/qa/qa/runtime/env.rb b/qa/qa/runtime/env.rb
index 5bebb5ccec0..4a2109799fa 100644
--- a/qa/qa/runtime/env.rb
+++ b/qa/qa/runtime/env.rb
@@ -8,6 +8,10 @@ module QA
         enabled?(ENV['CHROME_HEADLESS'])
       end
 
+      def accept_insecure_certs?
+        enabled?(ENV['ACCEPT_INSECURE_CERTS'])
+      end
+
       def running_in_ci?
         ENV['CI'] || ENV['CI_SERVER']
       end
diff --git a/qa/qa/scenario/test/integration/instance_saml.rb b/qa/qa/scenario/test/integration/instance_saml.rb
new file mode 100644
index 00000000000..0697d0c2a0e
--- /dev/null
+++ b/qa/qa/scenario/test/integration/instance_saml.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module QA
+  module Scenario
+    module Test
+      module Integration
+        class InstanceSAML < Test::Instance::All
+          tags :instance_saml
+        end
+      end
+    end
+  end
+end
diff --git a/qa/qa/specs/features/browser_ui/1_manage/login/login_via_instance_wide_saml_sso_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/login/login_via_instance_wide_saml_sso_spec.rb
new file mode 100644
index 00000000000..8d5055aab45
--- /dev/null
+++ b/qa/qa/specs/features/browser_ui/1_manage/login/login_via_instance_wide_saml_sso_spec.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module QA
+  context :manage, :orchestrated, :instance_saml do
+    describe 'Instance wide SAML SSO' do
+      it 'User logs in to gitlab with SAML SSO' do
+        Runtime::Browser.visit(:gitlab, Page::Main::Login)
+
+        Page::Main::Login.act { sign_in_with_saml }
+
+        Vendor::SAMLIdp::Page::Login.act { login }
+
+        expect(page).to have_content('Welcome to GitLab')
+      end
+    end
+  end
+end
diff --git a/qa/qa/vendor/saml_idp/page/base.rb b/qa/qa/vendor/saml_idp/page/base.rb
new file mode 100644
index 00000000000..286cb0a8cd8
--- /dev/null
+++ b/qa/qa/vendor/saml_idp/page/base.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module QA
+  module Vendor
+    module SAMLIdp
+      module Page
+        class Base
+          include Capybara::DSL
+          include Scenario::Actable
+        end
+      end
+    end
+  end
+end
diff --git a/qa/qa/vendor/saml_idp/page/login.rb b/qa/qa/vendor/saml_idp/page/login.rb
new file mode 100644
index 00000000000..9c1f9904a7a
--- /dev/null
+++ b/qa/qa/vendor/saml_idp/page/login.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'capybara/dsl'
+
+module QA
+  module Vendor
+    module SAMLIdp
+      module Page
+        class Login < Page::Base
+          def login
+            fill_in 'username', with: 'user1'
+            fill_in 'password', with: 'user1pass'
+            click_on 'Login'
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/qa/spec/scenario/test/integration/instance_saml_spec.rb b/qa/spec/scenario/test/integration/instance_saml_spec.rb
new file mode 100644
index 00000000000..cb8a6a630cc
--- /dev/null
+++ b/qa/spec/scenario/test/integration/instance_saml_spec.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+describe QA::Scenario::Test::Integration::InstanceSAML do
+  context '#perform' do
+    it_behaves_like 'a QA scenario class' do
+      let(:tags) { [:instance_saml] }
+    end
+  end
+end