diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 17:34:42 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 17:34:42 +0300 |
commit | 9f46488805e86b1bc341ea1620b866016c2ce5ed (patch) | |
tree | f9748c7e287041e37d6da49e0a29c9511dc34768 /spec/controllers/ldap | |
parent | dfc92d081ea0332d69c8aca2f0e745cb48ae5e6d (diff) |
Add latest changes from gitlab-org/gitlab@13-0-stable-ee
Diffstat (limited to 'spec/controllers/ldap')
-rw-r--r-- | spec/controllers/ldap/omniauth_callbacks_controller_spec.rb | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb index ceab9754617..0242a91ac60 100644 --- a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb +++ b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb @@ -65,4 +65,55 @@ describe Ldap::OmniauthCallbacksController do expect(request.env['warden']).to be_authenticated end end + + describe 'enable admin mode' do + include_context 'custom session' + + before do + sign_in user + end + + context 'with a regular user' do + it 'cannot be enabled' do + reauthenticate_and_check_admin_mode(expected_admin_mode: false) + + expect(response).to redirect_to(root_path) + end + end + + context 'with an admin user' do + let(:user) { create(:omniauth_user, :admin, extern_uid: uid, provider: provider) } + + context 'when requested first' do + before do + subject.current_user_mode.request_admin_mode! + end + + it 'can be enabled' do + reauthenticate_and_check_admin_mode(expected_admin_mode: true) + + expect(response).to redirect_to(admin_root_path) + end + end + + context 'when not requested first' do + it 'cannot be enabled' do + reauthenticate_and_check_admin_mode(expected_admin_mode: false) + + expect(response).to redirect_to(root_path) + end + end + end + end + + def reauthenticate_and_check_admin_mode(expected_admin_mode:) + # Initially admin mode disabled + expect(subject.current_user_mode.admin_mode?).to be(false) + + # Trigger OmniAuth admin mode flow and expect admin mode status + post provider + + expect(request.env['warden']).to be_authenticated + expect(subject.current_user_mode.admin_mode?).to be(expected_admin_mode) + end end |