diff options
author | Sean McGivern <sean@gitlab.com> | 2017-03-07 19:16:08 +0300 |
---|---|---|
committer | Sean McGivern <sean@gitlab.com> | 2017-03-07 19:16:08 +0300 |
commit | de37dcee90ac44ba794ad504e91f18b8fb4b13a3 (patch) | |
tree | 8be4fd7cbbe1f1a06dfdfa1da12616989e28d783 /spec/lib/gitlab/auth_spec.rb | |
parent | 6a52cda31da4becc3e342530a2bdf0868d8921cc (diff) | |
parent | b2ca28d24bfbb0a574fccdf1ea05d549ccd6bf66 (diff) |
Merge branch 'siemens/gitlab-ce-feature/openid-connect'
Diffstat (limited to 'spec/lib/gitlab/auth_spec.rb')
-rw-r--r-- | spec/lib/gitlab/auth_spec.rb | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb index 939e8cb3a56..03c4879ed6f 100644 --- a/spec/lib/gitlab/auth_spec.rb +++ b/spec/lib/gitlab/auth_spec.rb @@ -3,6 +3,24 @@ require 'spec_helper' describe Gitlab::Auth, lib: true do let(:gl_auth) { described_class } + describe 'constants' do + it 'API_SCOPES contains all scopes for API access' do + expect(subject::API_SCOPES).to eq [:api, :read_user] + end + + it 'OPENID_SCOPES contains all scopes for OpenID Connect' do + expect(subject::OPENID_SCOPES).to eq [:openid] + end + + it 'DEFAULT_SCOPES contains all default scopes' do + expect(subject::DEFAULT_SCOPES).to eq [:api] + end + + it 'OPTIONAL_SCOPES contains all non-default scopes' do + expect(subject::OPTIONAL_SCOPES).to eq [:read_user, :openid] + end + end + describe 'find_for_git_client' do context 'build token' do subject { gl_auth.find_for_git_client('gitlab-ci-token', build.token, project: project, ip: 'ip') } @@ -222,6 +240,18 @@ describe Gitlab::Auth, lib: true do end end + it "does not find user in blocked state" do + user.block + + expect( gl_auth.find_with_user_password(username, password) ).not_to eql user + end + + it "does not find user in ldap_blocked state" do + user.ldap_block + + expect( gl_auth.find_with_user_password(username, password) ).not_to eql user + end + context "with ldap enabled" do before do allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true) |