Refactor OmniauthCallbacksController to remove duplication

Moves LDAP to its own controller with tests
Provides path forward for implementing GroupSaml

1 files changed, 58 insertions, 0 deletions

diff --git a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb
new file mode 100644
index 00000000000..87c10a86cdd
--- /dev/null
+++ b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb
@@ -0,0 +1,58 @@
+require 'spec_helper'
+
+describe Ldap::OmniauthCallbacksController do
+  include_context 'Ldap::OmniauthCallbacksController'
+
+  it 'allows sign in' do
+    post provider
+
+    expect(request.env['warden']).to be_authenticated
+  end
+
+  it 'respects remember me checkbox' do
+    expect do
+      post provider, remember_me: '1'
+    end.to change { user.reload.remember_created_at }.from(nil)
+  end
+
+  context 'with 2FA' do
+    let(:user) { create(:omniauth_user, :two_factor_via_otp, extern_uid: uid, provider: provider) }
+
+    it 'passes remember_me to the Devise view' do
+      post provider, remember_me: '1'
+
+      expect(assigns[:user].remember_me).to eq '1'
+    end
+  end
+
+  context 'access denied' do
+    let(:valid_login?) { false }
+
+    it 'warns the user' do
+      post provider
+
+      expect(flash[:alert]).to match(/Access denied for your LDAP account*/)
+    end
+
+    it "doesn't authenticate user" do
+      post provider
+
+      expect(request.env['warden']).not_to be_authenticated
+      expect(response).to redirect_to(new_user_session_path)
+    end
+  end
+
+  context 'sign up' do
+    let(:user) { double(email: 'new@example.com') }
+
+    before do
+      stub_omniauth_setting(block_auto_created_users: false)
+    end
+
+    it 'is allowed' do
+      post provider
+
+      expect(request.env['warden']).to be_authenticated
+    end
+  end
+end