gitlab-org--gitlab-foss/spec/initializers/100_patch_omniauth_oauth2_spec.rb

56 lines
1.8 KiB
Ruby

# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'OmniAuth::Strategies::OAuth2', type: :strategy do
let(:strategy) { [OmniAuth::Strategies::OAuth2] }
it 'verifies the gem version' do
current_version = OmniAuth::OAuth2::VERSION
expected_version = '1.7.1'
expect(current_version).to eq(expected_version), <<~EOF
New version #{current_version} of the `omniauth-oauth2` gem detected!
Please check if the monkey patches in `config/initializers_before_autoloader/100_patch_omniauth_oauth2.rb`
are still needed, and either update/remove them, or bump the version in this spec.
EOF
end
context 'when a custom error message is passed from an OAuth2 provider' do
let(:message) { 'Please go to https://evil.com' }
let(:state) { 'secret' }
let(:callback_path) { '/users/auth/oauth2/callback' }
let(:params) { { state: state, error: 'evil_key', error_description: message } }
let(:error) { last_request.env['omniauth.error'] }
before do
env('rack.session', { 'omniauth.state' => state })
end
it 'returns the custom error message if the state is valid' do
get callback_path, **params
expect(error.message).to eq("evil_key | #{message}")
end
it 'returns the custom `error_reason` message if the `error_description` is blank' do
get callback_path, **params.merge(error_description: ' ', error_reason: 'custom reason')
expect(error.message).to eq('evil_key | custom reason')
end
it 'returns a CSRF error if the state is invalid' do
get callback_path, **params.merge(state: 'invalid')
expect(error.message).to eq('csrf_detected | CSRF detected')
end
it 'returns a CSRF error if the state is missing' do
get callback_path, **params.without(:state)
expect(error.message).to eq('csrf_detected | CSRF detected')
end
end
end