Add latest changes from gitlab-org/gitlab@13-4-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-19 04:45:44 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-19 04:45:44 +0300
commit: 85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch)
tree: 9160f299afd8c80c038f08e1545be119f5e3f1e1 /spec/controllers/sessions_controller_spec.rb
parent: 15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff)
1 files changed, 58 insertions, 35 deletions
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index f2e16baaccf..688539f2a03 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -6,11 +6,11 @@ RSpec.describe SessionsController do
   include DeviseHelpers
   include LdapHelpers
 
-  describe '#new' do
-    before do
-      set_devise_mapping(context: @request)
-    end
+  before do
+    set_devise_mapping(context: @request)
+  end
 
+  describe '#new' do
     context 'when auto sign-in is enabled' do
       before do
         stub_omniauth_setting(auto_sign_in_with_provider: :saml)
@@ -59,13 +59,19 @@ RSpec.describe SessionsController do
         end
       end
     end
-  end
 
-  describe '#create' do
-    before do
-      set_devise_mapping(context: @request)
+    it "redirects correctly for referer on same host with params" do
+      host = "test.host"
+      search_path = "/search?search=seed_project"
+      request.headers[:HTTP_REFERER] = "http://#{host}#{search_path}"
+
+      get(:new, params: { redirect_to_referer: :yes })
+
+      expect(controller.stored_location_for(:redirect)).to eq(search_path)
     end
+  end
 
+  describe '#create' do
     it_behaves_like 'known sign in' do
       let(:user) { create(:user) }
       let(:post_action) { post(:create, params: { user: { login: user.username, password: user.password } }) }
@@ -130,8 +136,13 @@ RSpec.describe SessionsController do
         end
 
         it 'creates an audit log record' do
-          expect { post(:create, params: { user: user_params }) }.to change { SecurityEvent.count }.by(1)
-          expect(SecurityEvent.last.details[:with]).to eq('standard')
+          expect { post(:create, params: { user: user_params }) }.to change { AuditEvent.count }.by(1)
+          expect(AuditEvent.last.details[:with]).to eq('standard')
+        end
+
+        it 'creates an authentication event record' do
+          expect { post(:create, params: { user: user_params }) }.to change { AuthenticationEvent.count }.by(1)
+          expect(AuthenticationEvent.last.provider).to eq('standard')
         end
 
         include_examples 'user login request with unique ip limit', 302 do
@@ -229,7 +240,7 @@ RSpec.describe SessionsController do
 
           context 'when there are more than 5 anonymous session with the same IP' do
             before do
-              allow(Gitlab::AnonymousSession).to receive_message_chain(:new, :stored_sessions).and_return(6)
+              allow(Gitlab::AnonymousSession).to receive_message_chain(:new, :session_count).and_return(6)
             end
 
             it 'displays an error when the reCAPTCHA is not solved' do
@@ -241,7 +252,7 @@ RSpec.describe SessionsController do
             end
 
             it 'successfully logs in a user when reCAPTCHA is solved' do
-              expect(Gitlab::AnonymousSession).to receive_message_chain(:new, :cleanup_session_per_ip_entries)
+              expect(Gitlab::AnonymousSession).to receive_message_chain(:new, :cleanup_session_per_ip_count)
 
               succesful_login(user_params)
 
@@ -398,8 +409,13 @@ RSpec.describe SessionsController do
       end
 
       it "creates an audit log record" do
-        expect { authenticate_2fa(login: user.username, otp_attempt: user.current_otp) }.to change { SecurityEvent.count }.by(1)
-        expect(SecurityEvent.last.details[:with]).to eq("two-factor")
+        expect { authenticate_2fa(login: user.username, otp_attempt: user.current_otp) }.to change { AuditEvent.count }.by(1)
+        expect(AuditEvent.last.details[:with]).to eq("two-factor")
+      end
+
+      it "creates an authentication event record" do
+        expect { authenticate_2fa(login: user.username, otp_attempt: user.current_otp) }.to change { AuthenticationEvent.count }.by(1)
+        expect(AuthenticationEvent.last.provider).to eq("two-factor")
       end
     end
 
@@ -410,6 +426,10 @@ RSpec.describe SessionsController do
         post(:create, params: { user: user_params }, session: { otp_user_id: user.id })
       end
 
+      before do
+        stub_feature_flags(webauthn: false)
+      end
+
       context 'remember_me field' do
         it 'sets a remember_user_token cookie when enabled' do
           allow(U2fRegistration).to receive(:authenticate).and_return(true)
@@ -435,31 +455,21 @@ RSpec.describe SessionsController do
 
       it "creates an audit log record" do
         allow(U2fRegistration).to receive(:authenticate).and_return(true)
-        expect { authenticate_2fa_u2f(login: user.username, device_response: "{}") }.to change { SecurityEvent.count }.by(1)
-        expect(SecurityEvent.last.details[:with]).to eq("two-factor-via-u2f-device")
+        expect { authenticate_2fa_u2f(login: user.username, device_response: "{}") }.to change { AuditEvent.count }.by(1)
+        expect(AuditEvent.last.details[:with]).to eq("two-factor-via-u2f-device")
       end
-    end
-  end
-
-  describe "#new" do
-    before do
-      set_devise_mapping(context: @request)
-    end
 
-    it "redirects correctly for referer on same host with params" do
-      host = "test.host"
-      search_path = "/search?search=seed_project"
-      request.headers[:HTTP_REFERER] = "http://#{host}#{search_path}"
-
-      get(:new, params: { redirect_to_referer: :yes })
+      it "creates an authentication event record" do
+        allow(U2fRegistration).to receive(:authenticate).and_return(true)
 
-      expect(controller.stored_location_for(:redirect)).to eq(search_path)
+        expect { authenticate_2fa_u2f(login: user.username, device_response: "{}") }.to change { AuthenticationEvent.count }.by(1)
+        expect(AuthenticationEvent.last.provider).to eq("two-factor-via-u2f-device")
+      end
     end
   end
 
   context 'when login fails' do
     before do
-      set_devise_mapping(context: @request)
       @request.env["warden.options"] = { action:  'unauthenticated' }
     end
 
@@ -473,10 +483,6 @@ RSpec.describe SessionsController do
   describe '#set_current_context' do
     let_it_be(:user) { create(:user) }
 
-    before do
-      set_devise_mapping(context: @request)
-    end
-
     context 'when signed in' do
       before do
         sign_in(user)
@@ -530,4 +536,21 @@ RSpec.describe SessionsController do
       end
     end
   end
+
+  describe '#destroy' do
+    before do
+      sign_in(user)
+    end
+
+    context 'for a user whose password has expired' do
+      let(:user) { create(:user, password_expires_at: 2.days.ago) }
+
+      it 'allows to sign out successfully' do
+        delete :destroy
+
+        expect(response).to redirect_to(new_user_session_path)
+        expect(controller.current_user).to be_nil
+      end
+    end
+  end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-19 04:45:44 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-19 04:45:44 +0300
commit	85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch)
tree	9160f299afd8c80c038f08e1545be119f5e3f1e1 /spec/controllers/sessions_controller_spec.rb
parent	15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff)