diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 04:45:44 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 04:45:44 +0300 |
commit | 85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch) | |
tree | 9160f299afd8c80c038f08e1545be119f5e3f1e1 /spec/controllers/sessions_controller_spec.rb | |
parent | 15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff) |
Add latest changes from gitlab-org/gitlab@13-4-stable-ee
Diffstat (limited to 'spec/controllers/sessions_controller_spec.rb')
-rw-r--r-- | spec/controllers/sessions_controller_spec.rb | 93 |
1 files changed, 58 insertions, 35 deletions
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb index f2e16baaccf..688539f2a03 100644 --- a/spec/controllers/sessions_controller_spec.rb +++ b/spec/controllers/sessions_controller_spec.rb @@ -6,11 +6,11 @@ RSpec.describe SessionsController do include DeviseHelpers include LdapHelpers - describe '#new' do - before do - set_devise_mapping(context: @request) - end + before do + set_devise_mapping(context: @request) + end + describe '#new' do context 'when auto sign-in is enabled' do before do stub_omniauth_setting(auto_sign_in_with_provider: :saml) @@ -59,13 +59,19 @@ RSpec.describe SessionsController do end end end - end - describe '#create' do - before do - set_devise_mapping(context: @request) + it "redirects correctly for referer on same host with params" do + host = "test.host" + search_path = "/search?search=seed_project" + request.headers[:HTTP_REFERER] = "http://#{host}#{search_path}" + + get(:new, params: { redirect_to_referer: :yes }) + + expect(controller.stored_location_for(:redirect)).to eq(search_path) end + end + describe '#create' do it_behaves_like 'known sign in' do let(:user) { create(:user) } let(:post_action) { post(:create, params: { user: { login: user.username, password: user.password } }) } @@ -130,8 +136,13 @@ RSpec.describe SessionsController do end it 'creates an audit log record' do - expect { post(:create, params: { user: user_params }) }.to change { SecurityEvent.count }.by(1) - expect(SecurityEvent.last.details[:with]).to eq('standard') + expect { post(:create, params: { user: user_params }) }.to change { AuditEvent.count }.by(1) + expect(AuditEvent.last.details[:with]).to eq('standard') + end + + it 'creates an authentication event record' do + expect { post(:create, params: { user: user_params }) }.to change { AuthenticationEvent.count }.by(1) + expect(AuthenticationEvent.last.provider).to eq('standard') end include_examples 'user login request with unique ip limit', 302 do @@ -229,7 +240,7 @@ RSpec.describe SessionsController do context 'when there are more than 5 anonymous session with the same IP' do before do - allow(Gitlab::AnonymousSession).to receive_message_chain(:new, :stored_sessions).and_return(6) + allow(Gitlab::AnonymousSession).to receive_message_chain(:new, :session_count).and_return(6) end it 'displays an error when the reCAPTCHA is not solved' do @@ -241,7 +252,7 @@ RSpec.describe SessionsController do end it 'successfully logs in a user when reCAPTCHA is solved' do - expect(Gitlab::AnonymousSession).to receive_message_chain(:new, :cleanup_session_per_ip_entries) + expect(Gitlab::AnonymousSession).to receive_message_chain(:new, :cleanup_session_per_ip_count) succesful_login(user_params) @@ -398,8 +409,13 @@ RSpec.describe SessionsController do end it "creates an audit log record" do - expect { authenticate_2fa(login: user.username, otp_attempt: user.current_otp) }.to change { SecurityEvent.count }.by(1) - expect(SecurityEvent.last.details[:with]).to eq("two-factor") + expect { authenticate_2fa(login: user.username, otp_attempt: user.current_otp) }.to change { AuditEvent.count }.by(1) + expect(AuditEvent.last.details[:with]).to eq("two-factor") + end + + it "creates an authentication event record" do + expect { authenticate_2fa(login: user.username, otp_attempt: user.current_otp) }.to change { AuthenticationEvent.count }.by(1) + expect(AuthenticationEvent.last.provider).to eq("two-factor") end end @@ -410,6 +426,10 @@ RSpec.describe SessionsController do post(:create, params: { user: user_params }, session: { otp_user_id: user.id }) end + before do + stub_feature_flags(webauthn: false) + end + context 'remember_me field' do it 'sets a remember_user_token cookie when enabled' do allow(U2fRegistration).to receive(:authenticate).and_return(true) @@ -435,31 +455,21 @@ RSpec.describe SessionsController do it "creates an audit log record" do allow(U2fRegistration).to receive(:authenticate).and_return(true) - expect { authenticate_2fa_u2f(login: user.username, device_response: "{}") }.to change { SecurityEvent.count }.by(1) - expect(SecurityEvent.last.details[:with]).to eq("two-factor-via-u2f-device") + expect { authenticate_2fa_u2f(login: user.username, device_response: "{}") }.to change { AuditEvent.count }.by(1) + expect(AuditEvent.last.details[:with]).to eq("two-factor-via-u2f-device") end - end - end - - describe "#new" do - before do - set_devise_mapping(context: @request) - end - it "redirects correctly for referer on same host with params" do - host = "test.host" - search_path = "/search?search=seed_project" - request.headers[:HTTP_REFERER] = "http://#{host}#{search_path}" - - get(:new, params: { redirect_to_referer: :yes }) + it "creates an authentication event record" do + allow(U2fRegistration).to receive(:authenticate).and_return(true) - expect(controller.stored_location_for(:redirect)).to eq(search_path) + expect { authenticate_2fa_u2f(login: user.username, device_response: "{}") }.to change { AuthenticationEvent.count }.by(1) + expect(AuthenticationEvent.last.provider).to eq("two-factor-via-u2f-device") + end end end context 'when login fails' do before do - set_devise_mapping(context: @request) @request.env["warden.options"] = { action: 'unauthenticated' } end @@ -473,10 +483,6 @@ RSpec.describe SessionsController do describe '#set_current_context' do let_it_be(:user) { create(:user) } - before do - set_devise_mapping(context: @request) - end - context 'when signed in' do before do sign_in(user) @@ -530,4 +536,21 @@ RSpec.describe SessionsController do end end end + + describe '#destroy' do + before do + sign_in(user) + end + + context 'for a user whose password has expired' do + let(:user) { create(:user, password_expires_at: 2.days.ago) } + + it 'allows to sign out successfully' do + delete :destroy + + expect(response).to redirect_to(new_user_session_path) + expect(controller.current_user).to be_nil + end + end + end end |