Merge branch 'if-ee-726-smartcard_auth-ce_port' into 'master'
Backport of ee/8120: Smartcard authentication See merge request gitlab-org/gitlab-ce!23012
This commit is contained in:
Douwe Maan
commit
d5f0859630
8 changed files with 72 additions and 30 deletions
|
|
@ -181,11 +181,11 @@ class ApplicationController < ActionController::Base
|
|||
Ability.allowed?(object, action, subject)
|
||||
end
|
||||
|
||||
def access_denied!(message = nil)
|
||||
def access_denied!(message = nil, status = nil)
|
||||
# If we display a custom access denied message to the user, we don't want to
|
||||
# hide existence of the resource, rather tell them they cannot access it using
|
||||
# the provided message
|
||||
status = message.present? ? :forbidden : :not_found
|
||||
status ||= message.present? ? :forbidden : :not_found
|
||||
|
||||
respond_to do |format|
|
||||
format.any { head status }
|
||||
|
|
|
|||
|
|
@ -24,6 +24,23 @@ module AuthHelper
|
|||
Gitlab::Auth::OAuth::Provider.label_for(name)
|
||||
end
|
||||
|
||||
def form_based_provider_priority
|
||||
['crowd', /^ldap/, 'kerberos']
|
||||
end
|
||||
|
||||
def form_based_provider_with_highest_priority
|
||||
@form_based_provider_with_highest_priority ||= begin
|
||||
form_based_provider_priority.each do |provider_regexp|
|
||||
highest_priority = form_based_providers.find { |provider| provider.match?(provider_regexp) }
|
||||
break highest_priority unless highest_priority.nil?
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def form_based_auth_provider_has_active_class?(provider)
|
||||
form_based_provider_with_highest_priority == provider
|
||||
end
|
||||
|
||||
def form_based_provider?(name)
|
||||
[LDAP_PROVIDER, 'crowd'].any? { |pattern| pattern === name.to_s }
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
- if form_based_providers.any?
|
||||
- if crowd_enabled?
|
||||
.login-box.tab-pane.active{ id: "crowd", role: 'tabpanel' }
|
||||
.login-box.tab-pane{ id: "crowd", role: 'tabpanel', class: active_when(form_based_auth_provider_has_active_class?(:crowd)) }
|
||||
.login-body
|
||||
= render 'devise/sessions/new_crowd'
|
||||
- @ldap_servers.each_with_index do |server, i|
|
||||
.login-box.tab-pane{ id: "#{server['provider_name']}", role: 'tabpanel', class: active_when(i.zero? && !crowd_enabled?) }
|
||||
.login-box.tab-pane{ id: "#{server['provider_name']}", role: 'tabpanel', class: active_when(i.zero? && form_based_auth_provider_has_active_class?(:ldapmain)) }
|
||||
.login-body
|
||||
= render 'devise/sessions/new_ldap', server: server
|
||||
- if password_authentication_enabled_for_web?
|
||||
|
|
@ -12,6 +12,8 @@
|
|||
.login-body
|
||||
= render 'devise/sessions/new_base'
|
||||
|
||||
= render_if_exists 'devise/sessions/new_smartcard'
|
||||
|
||||
- elsif password_authentication_enabled_for_web?
|
||||
.login-box.tab-pane.active{ id: 'login-pane', role: 'tabpanel' }
|
||||
.login-body
|
||||
|
|
|
|||
|
|
@ -1,10 +1,13 @@
|
|||
%ul.nav-links.new-session-tabs.nav-tabs.nav{ class: ('custom-provider-tabs' if form_based_providers.any?) }
|
||||
- if crowd_enabled?
|
||||
%li.nav-item
|
||||
= link_to "Crowd", "#crowd", class: 'nav-link active', 'data-toggle' => 'tab'
|
||||
= link_to "Crowd", "#crowd", class: "nav-link #{active_when(form_based_auth_provider_has_active_class?(:crowd))}", 'data-toggle' => 'tab'
|
||||
- @ldap_servers.each_with_index do |server, i|
|
||||
%li.nav-item
|
||||
= link_to server['label'], "##{server['provider_name']}", class: "nav-link #{active_when(i.zero? && !crowd_enabled?)} qa-ldap-tab", 'data-toggle' => 'tab'
|
||||
= link_to server['label'], "##{server['provider_name']}", class: "nav-link #{active_when(i.zero? && form_based_auth_provider_has_active_class?(:ldapmain))} qa-ldap-tab", 'data-toggle' => 'tab'
|
||||
|
||||
= render_if_exists 'devise/shared/tab_smartcard'
|
||||
|
||||
- if password_authentication_enabled_for_web?
|
||||
%li.nav-item
|
||||
= link_to 'Standard', '#login-pane', class: 'nav-link qa-standard-tab', 'data-toggle' => 'tab'
|
||||
|
|
|
|||
|
|
@ -650,7 +650,7 @@ describe ApplicationController do
|
|||
describe '#access_denied' do
|
||||
controller(described_class) do
|
||||
def index
|
||||
access_denied!(params[:message])
|
||||
access_denied!(params[:message], params[:status])
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -669,6 +669,12 @@ describe ApplicationController do
|
|||
|
||||
expect(response).to have_gitlab_http_status(403)
|
||||
end
|
||||
|
||||
it 'renders a status passed to access denied' do
|
||||
get :index, status: 401
|
||||
|
||||
expect(response).to have_gitlab_http_status(401)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when invalid UTF-8 parameters are received' do
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ require 'spec_helper'
|
|||
|
||||
describe 'Login' do
|
||||
include TermsHelper
|
||||
include UserLoginHelper
|
||||
|
||||
before do
|
||||
stub_authentication_activity_metrics(debug: true)
|
||||
|
|
@ -546,29 +547,6 @@ describe 'Login' do
|
|||
ensure_tab_pane_correctness(false)
|
||||
end
|
||||
end
|
||||
|
||||
def ensure_tab_pane_correctness(visit_path = true)
|
||||
if visit_path
|
||||
visit new_user_session_path
|
||||
end
|
||||
|
||||
ensure_tab_pane_counts
|
||||
ensure_one_active_tab
|
||||
ensure_one_active_pane
|
||||
end
|
||||
|
||||
def ensure_tab_pane_counts
|
||||
tabs_count = page.all('[role="tab"]').size
|
||||
expect(page).to have_selector('[role="tabpanel"]', count: tabs_count)
|
||||
end
|
||||
|
||||
def ensure_one_active_tab
|
||||
expect(page).to have_selector('ul.new-session-tabs > li > a.active', count: 1)
|
||||
end
|
||||
|
||||
def ensure_one_active_pane
|
||||
expect(page).to have_selector('.tab-pane.active', count: 1)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when terms are enforced' do
|
||||
|
|
|
|||
|
|
@ -42,6 +42,16 @@ describe AuthHelper do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'form_based_auth_provider_has_active_class?' do
|
||||
it 'selects main LDAP server' do
|
||||
allow(helper).to receive(:auth_providers) { [:twitter, :ldapprimary, :ldapsecondary, :kerberos] }
|
||||
expect(helper.form_based_auth_provider_has_active_class?(:twitter)).to be(false)
|
||||
expect(helper.form_based_auth_provider_has_active_class?(:ldapprimary)).to be(true)
|
||||
expect(helper.form_based_auth_provider_has_active_class?(:ldapsecondary)).to be(false)
|
||||
expect(helper.form_based_auth_provider_has_active_class?(:kerberos)).to be(false)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'enabled_button_based_providers' do
|
||||
before do
|
||||
allow(helper).to receive(:auth_providers) { [:twitter, :github] }
|
||||
|
|
|
|||
26
spec/support/helpers/user_login_helper.rb
Normal file
26
spec/support/helpers/user_login_helper.rb
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module UserLoginHelper
|
||||
def ensure_tab_pane_correctness(visit_path = true)
|
||||
if visit_path
|
||||
visit new_user_session_path
|
||||
end
|
||||
|
||||
ensure_tab_pane_counts
|
||||
ensure_one_active_tab
|
||||
ensure_one_active_pane
|
||||
end
|
||||
|
||||
def ensure_tab_pane_counts
|
||||
tabs_count = page.all('[role="tab"]').size
|
||||
expect(page).to have_selector('[role="tabpanel"]', count: tabs_count)
|
||||
end
|
||||
|
||||
def ensure_one_active_tab
|
||||
expect(page).to have_selector('ul.new-session-tabs > li > a.active', count: 1)
|
||||
end
|
||||
|
||||
def ensure_one_active_pane
|
||||
expect(page).to have_selector('.tab-pane.active', count: 1)
|
||||
end
|
||||
end
|
||||
Loading…
Reference in a new issue