saml/auth_hash: Allow 2FA bypass for SAML 2.0 responses

Closes gitlab-org/gitlab-ce/#53102.
author: 115100 <115100@users.noreply.github.com> 2018-10-24 14:21:47 +0300
committer: 115100 <115100@users.noreply.github.com> 2018-10-25 14:08:07 +0300
commit: 2a8a4897ffebd01c784c028200d0cbdfaf32695e (patch)
tree: d6fc3e47823dc8b7abdecebfba01e503af7b813c /spec/lib/gitlab/auth
parent: 5726e51aaa19f37f76474219d0b0aa75894489e7 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/spec/lib/gitlab/auth/saml/auth_hash_spec.rb b/spec/lib/gitlab/auth/saml/auth_hash_spec.rb
index 76f49e778fb..3620e1afe25 100644
--- a/spec/lib/gitlab/auth/saml/auth_hash_spec.rb
+++ b/spec/lib/gitlab/auth/saml/auth_hash_spec.rb
@@ -82,6 +82,17 @@ describe Gitlab::Auth::Saml::AuthHash do
       end
     end
 
+    context 'with SAML 2.0 response_object' do
+      before do
+        auth_hash_data[:extra][:response_object] = { document:
+                                                         saml_xml(File.read('spec/fixtures/authentication/saml2_response.xml')) }
+      end
+
+      it 'can extract authn_context' do
+        expect(saml_auth_hash.authn_context).to eq 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
+      end
+    end
+
     context 'without response_object' do
       it 'returns an empty string' do
         expect(saml_auth_hash.authn_context).to be_nil
author	115100 <115100@users.noreply.github.com>	2018-10-24 14:21:47 +0300
committer	115100 <115100@users.noreply.github.com>	2018-10-25 14:08:07 +0300
commit	2a8a4897ffebd01c784c028200d0cbdfaf32695e (patch)
tree	d6fc3e47823dc8b7abdecebfba01e503af7b813c /spec/lib/gitlab/auth
parent	5726e51aaa19f37f76474219d0b0aa75894489e7 (diff)