Commit graph

12 commits

Author SHA1 Message Date
Winnie Hellmann
3db2f32759 Enable Capybara/FeatureMethods cop 2018-07-05 06:32:05 +00:00
James Edwards-Jones
f10c999bca Refactor OmniauthCallbacksController to remove duplication
Moves LDAP to its own controller with tests
Provides path forward for implementing GroupSaml
2018-04-22 23:50:55 +01:00
Robert Speicher
4493ec0880 Merge branch 'jej/fix-disabled-oauth-access-10-3' into 'security-10-3'
[10.3] Prevent login with disabled OAuth providers

See merge request gitlab/gitlabhq!2296

(cherry picked from commit 4936650427ffc88e6ee927aedbb2c724d24b094c)

a0f9d222 Prevents login with disabled OAuth providers
2018-01-16 17:05:01 -08:00
Douwe Maan
bfe8b96874 Add specs 2017-07-27 10:32:44 +02:00
Jacopo
0b5133bac2 Extract "@request.env['devise.mapping'] = Devise.mappings[:user]" to a test helper
Extracted `@request.env['devise.mapping'] = Devise.mappings[:user]` and `Rails.application.env_config['devise.mapping'] = Devise.mappings[:user]`
in our tests into the helper method `set_devise_mapping`
2017-07-20 18:36:53 +02:00
Timothy Andrew
d53690b6e5 Test logging in via the Authentiq OAuth provider in a feature spec.
- The `migration:path-pg` build was previously failing when the Authentiq
  feature spec was enabled by placing Authentiq configuration in the `test`
  section of `gitlab.yml`

- The `migration:path-pg` task checks out an old revision of the
  codebase (`v8.14.10`) and runs a `schema:load`. It then checks out the commit
  under test, and runs `db:migrate`, to verify that migrations run without
  errors.

- The problem here is that `v8.14.10` does not have the Authentiq module
  installed, but is run with the `gitlab.yml` for `master`, which would contain
  the `Authentiq` configuration in the `test` section.

- The solution was to use the `v8.14.10` `gitlab.yml` for the `schema:load`,
  rather than the `gitlab.yml` from master.
2017-07-07 04:54:30 +00:00
Timothy Andrew
89b0c987fc Remove Authentiq from the OAuth login integration tests.
- This is causing autoload-related errors in the `migration:path` builds. We
  need to find a better way of testing this provider.
2017-07-06 06:30:08 +00:00
Timothy Andrew
8fa08ea3cd Implement review comments for !11963 from @adamniedzielski.
- Change double quotes to single quotes.
- Why is `OmniAuth.config.full_host` being reassigned in the integration test?
- Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task
- Other minor changes
2017-07-06 06:30:07 +00:00
Timothy Andrew
15dba34c9a Add Omniauth OAuth config to the test section of gitlab.yml
- I tried to get this to work by stubbing out portions of the config within the
  test. This didn't work as expected because Devise/Omniauth loaded before the
  stub could run, and the stubbed config was ignored.

- I attempted to fix this by reloading Devise/Omniauth after stubbing the
  config. This successfully got Devise to load the stubbed providers, but failed
  while trying to access a route such as `user_gitlab_omniauth_authorize_path`.

- I spent a while trying to figure this out (even trying
  `Rails.application.reload_routes!`), but nothing seemed to work.

- I settled for adding this config directly to `gitlab.yml` rather than go down
  this path any further.
2017-07-06 06:30:06 +00:00
Timothy Andrew
fd94855893 Add more providers to the OAuth login integration tests.
- Added saml, authentiq, cas3, and auth0
- Crowd seems to be a special case that will be handled separately.
2017-07-06 06:30:06 +00:00
Timothy Andrew
43337c120d Test the "Remember Me" flow for OAuth-based login. 2017-07-06 06:30:05 +00:00
Timothy Andrew
e936db963e Add integration tests around OAuth login.
- There was previously a test for `saml` login in `login_spec`, but this didn't
  seem to be passing. A lot of things didn't seem right here, and I suspect that
  this test hasn't been running. I'll investigate this further.

- It took almost a whole working day to figure out this line:

    OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') }

  As always, it's obvious in retrospect, but it took some digging to figure out
  tests were failing and returning 404s during the callback phase.

- Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook
2017-07-06 06:30:05 +00:00