diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-03-31 03:09:06 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-03-31 03:09:06 +0300 |
commit | ae6b4f857f51765dac310e8075c2c3f88e51dcab (patch) | |
tree | 7e350d6d94d6b9cae89b3cf4c79e9a8b09880842 /spec/features/users/login_spec.rb | |
parent | ae92150461ad4cffcf85a4dc6313bc403e596391 (diff) |
Add latest changes from gitlab-org/security/gitlab@14-9-stable-ee
Diffstat (limited to 'spec/features/users/login_spec.rb')
-rw-r--r-- | spec/features/users/login_spec.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/spec/features/users/login_spec.rb b/spec/features/users/login_spec.rb index 13d7078322e..8610cae58a4 100644 --- a/spec/features/users/login_spec.rb +++ b/spec/features/users/login_spec.rb @@ -150,6 +150,27 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do end end + describe 'with a disallowed password' do + let(:user) { create(:user, :disallowed_password) } + + before do + expect(authentication_metrics) + .to increment(:user_unauthenticated_counter) + .and increment(:user_password_invalid_counter) + end + + it 'disallows login' do + gitlab_sign_in(user, password: user.password) + + expect(page).to have_content('Invalid login or password.') + end + + it 'does not update Devise trackable attributes' do + expect { gitlab_sign_in(user, password: user.password) } + .not_to change { User.ghost.reload.sign_in_count } + end + end + describe 'with the ghost user' do it 'disallows login' do expect(authentication_metrics) |