Add latest changes from gitlab-org/gitlab@master

2022-11-09 03:09:46 +00:00 · 2022-11-09 03:09:46 +00:00 · 6faeb44a01
parent 5cd8380e46
commit 6faeb44a01
4 changed files with 60 additions and 13 deletions
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@ -47,7 +47,7 @@ class Admin::UsersController < Admin::ApplicationController
  end

  def impersonate
-    if can?(user, :log_in) && !impersonation_in_progress?
+    if can?(user, :log_in) && !user.password_expired? && !impersonation_in_progress?
      session[:impersonator_id] = current_user.id

      warden.set_user(user, scope: :user)
@ -64,6 +64,8 @@ class Admin::UsersController < Admin::ApplicationController
          _("You are already impersonating another user")
        elsif user.blocked?
          _("You cannot impersonate a blocked user")
+        elsif user.password_expired?
+          _("You cannot impersonate a user with an expired password")
        elsif user.internal?
          _("You cannot impersonate an internal user")
        else
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -46613,6 +46613,9 @@ msgstr ""
 msgid "You cannot impersonate a user who cannot log in"
 msgstr ""

+msgid "You cannot impersonate a user with an expired password"
+msgstr ""
+
 msgid "You cannot impersonate an internal user"
 msgstr ""

--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@ -836,6 +836,60 @@ RSpec.describe Admin::UsersController do

        expect(session[:github_access_token]).to be_nil
      end
+
+      context "when the user's password is expired" do
+        before do
+          user.update!(password_expires_at: 1.day.ago)
+        end
+
+        it "shows a notice" do
+          post :impersonate, params: { id: user.username }
+
+          expect(flash[:alert]).to eq(_('You cannot impersonate a user with an expired password'))
+        end
+
+        it "doesn't sign us in as the user" do
+          post :impersonate, params: { id: user.username }
+
+          expect(warden.user).to eq(admin)
+        end
+      end
+
+      context "when the user is internal" do
+        before do
+          user.update!(user_type: :migration_bot)
+        end
+
+        it "shows a notice" do
+          post :impersonate, params: { id: user.username }
+
+          expect(flash[:alert]).to eq(_("You cannot impersonate an internal user"))
+        end
+
+        it "doesn't sign us in as the user" do
+          post :impersonate, params: { id: user.username }
+
+          expect(warden.user).to eq(admin)
+        end
+      end
+
+      context "when the user is a project bot" do
+        before do
+          user.update!(user_type: :project_bot)
+        end
+
+        it "shows a notice" do
+          post :impersonate, params: { id: user.username }
+
+          expect(flash[:alert]).to eq(_("You cannot impersonate a user who cannot log in"))
+        end
+
+        it "doesn't sign us in as the user" do
+          post :impersonate, params: { id: user.username }
+
+          expect(warden.user).to eq(admin)
+        end
+      end
    end

    context "when impersonation is disabled" do
--- a/spec/features/admin/users/user_spec.rb
+++ b/spec/features/admin/users/user_spec.rb
@ -216,18 +216,6 @@ RSpec.describe 'Admin::Users::User' do
          icon = first('[data-testid="incognito-icon"]')
          expect(icon).not_to be nil
        end
-
-        context 'a user with an expired password' do
-          before do
-            another_user.update!(password_expires_at: Time.zone.now - 5.minutes)
-          end
-
-          it 'does not redirect to password change page' do
-            subject
-
-            expect(page).to have_current_path('/')
-          end
-        end
      end

      context 'ending impersonation' do