diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 04:45:44 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 04:45:44 +0300 |
commit | 85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch) | |
tree | 9160f299afd8c80c038f08e1545be119f5e3f1e1 /spec/lib/gitlab/auth | |
parent | 15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff) |
Add latest changes from gitlab-org/gitlab@13-4-stable-ee
Diffstat (limited to 'spec/lib/gitlab/auth')
-rw-r--r-- | spec/lib/gitlab/auth/atlassian/auth_hash_spec.rb | 50 | ||||
-rw-r--r-- | spec/lib/gitlab/auth/atlassian/identity_linker_spec.rb | 71 | ||||
-rw-r--r-- | spec/lib/gitlab/auth/atlassian/user_spec.rb | 60 | ||||
-rw-r--r-- | spec/lib/gitlab/auth/ldap/adapter_spec.rb | 4 | ||||
-rw-r--r-- | spec/lib/gitlab/auth/ldap/config_spec.rb | 4 | ||||
-rw-r--r-- | spec/lib/gitlab/auth/o_auth/provider_spec.rb | 44 | ||||
-rw-r--r-- | spec/lib/gitlab/auth/o_auth/user_spec.rb | 53 |
7 files changed, 279 insertions, 7 deletions
diff --git a/spec/lib/gitlab/auth/atlassian/auth_hash_spec.rb b/spec/lib/gitlab/auth/atlassian/auth_hash_spec.rb new file mode 100644 index 00000000000..c57b15361c4 --- /dev/null +++ b/spec/lib/gitlab/auth/atlassian/auth_hash_spec.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Auth::Atlassian::AuthHash do + let(:auth_hash) do + described_class.new( + OmniAuth::AuthHash.new(uid: 'john', credentials: credentials) + ) + end + + let(:credentials) do + { + token: 'super_secret_token', + refresh_token: 'super_secret_refresh_token', + expires_at: 2.weeks.from_now.to_i, + expires: true + } + end + + describe '#uid' do + it 'returns the correct uid' do + expect(auth_hash.uid).to eq('john') + end + end + + describe '#token' do + it 'returns the correct token' do + expect(auth_hash.token).to eq(credentials[:token]) + end + end + + describe '#refresh_token' do + it 'returns the correct refresh token' do + expect(auth_hash.refresh_token).to eq(credentials[:refresh_token]) + end + end + + describe '#token' do + it 'returns the correct expires boolean' do + expect(auth_hash.expires?).to eq(credentials[:expires]) + end + end + + describe '#token' do + it 'returns the correct expiration' do + expect(auth_hash.expires_at).to eq(credentials[:expires_at]) + end + end +end diff --git a/spec/lib/gitlab/auth/atlassian/identity_linker_spec.rb b/spec/lib/gitlab/auth/atlassian/identity_linker_spec.rb new file mode 100644 index 00000000000..ca6b91ac6f1 --- /dev/null +++ b/spec/lib/gitlab/auth/atlassian/identity_linker_spec.rb @@ -0,0 +1,71 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Auth::Atlassian::IdentityLinker do + let(:user) { create(:user) } + let(:extern_uid) { generate(:username) } + let(:oauth) do + OmniAuth::AuthHash.new( + uid: extern_uid, + provider: 'atlassian_oauth2', + info: { name: 'John', email: 'john@mail.com' }, + credentials: credentials + ) + end + + let(:credentials) do + { + token: SecureRandom.alphanumeric(1254), + refresh_token: SecureRandom.alphanumeric(45), + expires_at: 2.weeks.from_now.to_i, + expires: true + } + end + + subject { described_class.new(user, oauth) } + + context 'linked identity exists' do + let!(:identity) { create(:atlassian_identity, user: user, extern_uid: extern_uid) } + + before do + subject.link + end + + it 'sets #changed? to false' do + expect(subject).not_to be_changed + end + + it 'does not mark as failed' do + expect(subject).not_to be_failed + end + end + + context 'identity already linked to different user' do + let!(:identity) { create(:atlassian_identity, extern_uid: extern_uid) } + + it 'sets #changed? to false' do + subject.link + + expect(subject).not_to be_changed + end + + it 'exposes error message' do + expect(subject.error_message).to eq 'Extern uid has already been taken' + end + end + + context 'identity needs to be created' do + let(:identity) { user.atlassian_identity } + + before do + subject.link + end + + it_behaves_like 'an atlassian identity' + + it 'sets #changed? to true' do + expect(subject).to be_changed + end + end +end diff --git a/spec/lib/gitlab/auth/atlassian/user_spec.rb b/spec/lib/gitlab/auth/atlassian/user_spec.rb new file mode 100644 index 00000000000..1db01102bc2 --- /dev/null +++ b/spec/lib/gitlab/auth/atlassian/user_spec.rb @@ -0,0 +1,60 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Auth::Atlassian::User do + let(:oauth_user) { described_class.new(oauth) } + let(:gl_user) { oauth_user.gl_user } + let(:extern_uid) { generate(:username) } + let(:oauth) do + OmniAuth::AuthHash.new( + uid: extern_uid, + provider: 'atlassian_oauth2', + info: { name: 'John', email: 'john@mail.com' }, + credentials: credentials) + end + + let(:credentials) do + { + token: SecureRandom.alphanumeric(1254), + refresh_token: SecureRandom.alphanumeric(45), + expires_at: 2.weeks.from_now.to_i, + expires: true + } + end + + describe '.assign_identity_from_auth_hash!' do + let(:auth_hash) { ::Gitlab::Auth::Atlassian::AuthHash.new(oauth) } + let(:identity) { described_class.assign_identity_from_auth_hash!(Atlassian::Identity.new, auth_hash) } + + it_behaves_like 'an atlassian identity' + end + + describe '#save' do + context 'for an existing user' do + context 'with an existing Atlassian Identity' do + let!(:existing_user) { create(:atlassian_user, extern_uid: extern_uid) } + let(:identity) { gl_user.atlassian_identity } + + before do + oauth_user.save # rubocop:disable Rails/SaveBang + end + + it 'finds the existing user and identity' do + expect(gl_user.id).to eq(existing_user.id) + expect(identity.id).to eq(existing_user.atlassian_identity.id) + end + + it_behaves_like 'an atlassian identity' + end + + context 'for a new user' do + it 'creates the user and identity' do + oauth_user.save # rubocop:disable Rails/SaveBang + + expect(gl_user).to be_valid + end + end + end + end +end diff --git a/spec/lib/gitlab/auth/ldap/adapter_spec.rb b/spec/lib/gitlab/auth/ldap/adapter_spec.rb index 78970378b7f..8546d63cf77 100644 --- a/spec/lib/gitlab/auth/ldap/adapter_spec.rb +++ b/spec/lib/gitlab/auth/ldap/adapter_spec.rb @@ -128,7 +128,7 @@ RSpec.describe Gitlab::Auth::Ldap::Adapter do before do allow(adapter).to receive(:renew_connection_adapter).and_return(ldap) allow(ldap).to receive(:search) { raise Net::LDAP::Error, "some error" } - allow(Rails.logger).to receive(:warn) + allow(Gitlab::AppLogger).to receive(:warn) end context 'retries the operation' do @@ -152,7 +152,7 @@ RSpec.describe Gitlab::Auth::Ldap::Adapter do it 'logs the error' do expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError) - expect(Rails.logger).to have_received(:warn).with( + expect(Gitlab::AppLogger).to have_received(:warn).with( "LDAP search raised exception Net::LDAP::Error: some error") end end diff --git a/spec/lib/gitlab/auth/ldap/config_spec.rb b/spec/lib/gitlab/auth/ldap/config_spec.rb index 4287596af8f..e4c87a54365 100644 --- a/spec/lib/gitlab/auth/ldap/config_spec.rb +++ b/spec/lib/gitlab/auth/ldap/config_spec.rb @@ -168,7 +168,7 @@ AtlErSqafbECNDSwS5BX8yDpu5yRBJ4xegO/rNlmb8ICRYkuJapD1xXicFOsmfUK end it 'logs an error when an invalid key or cert are configured' do - allow(Rails.logger).to receive(:error) + allow(Gitlab::AppLogger).to receive(:error) stub_ldap_config( options: { 'host' => 'ldap.example.com', @@ -183,7 +183,7 @@ AtlErSqafbECNDSwS5BX8yDpu5yRBJ4xegO/rNlmb8ICRYkuJapD1xXicFOsmfUK config.adapter_options - expect(Rails.logger).to have_received(:error).with(/LDAP TLS Options/).twice + expect(Gitlab::AppLogger).to have_received(:error).with(/LDAP TLS Options/).twice end context 'when verify_certificates is enabled' do diff --git a/spec/lib/gitlab/auth/o_auth/provider_spec.rb b/spec/lib/gitlab/auth/o_auth/provider_spec.rb index 658a9976cc2..57f17365190 100644 --- a/spec/lib/gitlab/auth/o_auth/provider_spec.rb +++ b/spec/lib/gitlab/auth/o_auth/provider_spec.rb @@ -45,7 +45,7 @@ RSpec.describe Gitlab::Auth::OAuth::Provider do end end - describe '#config_for' do + describe '.config_for' do context 'for an LDAP provider' do context 'when the provider exists' do it 'returns the config' do @@ -91,4 +91,46 @@ RSpec.describe Gitlab::Auth::OAuth::Provider do end end end + + describe '.label_for' do + subject { described_class.label_for(name) } + + context 'when configuration specifies a custom label' do + let(:name) { 'google_oauth2' } + let(:label) { 'Custom Google Provider' } + let(:provider) { OpenStruct.new({ 'name' => name, 'label' => label }) } + + before do + stub_omniauth_setting(providers: [provider]) + end + + it 'returns the custom label name' do + expect(subject).to eq(label) + end + end + + context 'when configuration does not specify a custom label' do + let(:provider) { OpenStruct.new({ 'name' => name } ) } + + before do + stub_omniauth_setting(providers: [provider]) + end + + context 'when the name does not correspond to a label mapping' do + let(:name) { 'twitter' } + + it 'returns the titleized name' do + expect(subject).to eq(name.titleize) + end + end + end + + context 'when the name corresponds to a label mapping' do + let(:name) { 'gitlab' } + + it 'returns the mapped name' do + expect(subject).to eq('GitLab.com') + end + end + end end diff --git a/spec/lib/gitlab/auth/o_auth/user_spec.rb b/spec/lib/gitlab/auth/o_auth/user_spec.rb index 12e774ec1f8..243d0a4cb45 100644 --- a/spec/lib/gitlab/auth/o_auth/user_spec.rb +++ b/spec/lib/gitlab/auth/o_auth/user_spec.rb @@ -202,7 +202,56 @@ RSpec.describe Gitlab::Auth::OAuth::User do include_examples "to verify compliance with allow_single_sign_on" end - context "with auto_link_user enabled" do + context "with auto_link_user enabled for a different provider" do + before do + stub_omniauth_config(auto_link_user: ['saml']) + end + + context "and a current GitLab user with a matching email" do + let!(:existing_user) { create(:user, email: 'john@mail.com', username: 'john') } + + it "adds the OmniAuth identity to the GitLab user account" do + oauth_user.save + + expect(gl_user).not_to be_valid + end + end + + context "and no current GitLab user with a matching email" do + include_examples "to verify compliance with allow_single_sign_on" + end + end + + context "with auto_link_user enabled for the correct provider" do + before do + stub_omniauth_config(auto_link_user: ['twitter']) + end + + context "and a current GitLab user with a matching email" do + let!(:existing_user) { create(:user, email: 'john@mail.com', username: 'john') } + + it "adds the OmniAuth identity to the GitLab user account" do + oauth_user.save + + expect(gl_user).to be_valid + expect(gl_user.username).to eql 'john' + expect(gl_user.email).to eql 'john@mail.com' + expect(gl_user.identities.length).to be 1 + identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } } + expect(identities_as_hash).to match_array( + [ + { provider: 'twitter', extern_uid: uid } + ] + ) + end + end + + context "and no current GitLab user with a matching email" do + include_examples "to verify compliance with allow_single_sign_on" + end + end + + context "with auto_link_user enabled for all providers" do before do stub_omniauth_config(auto_link_user: true) end @@ -421,7 +470,7 @@ RSpec.describe Gitlab::Auth::OAuth::User do context "with both auto_link_user and auto_link_ldap_user enabled" do before do - stub_omniauth_config(auto_link_user: true, auto_link_ldap_user: true) + stub_omniauth_config(auto_link_user: ['twitter'], auto_link_ldap_user: true) end context "and at least one LDAP provider is defined" do |