diff options
Diffstat (limited to 'spec/lib/gitlab/auth/saml/auth_hash_spec.rb')
| -rw-r--r-- | spec/lib/gitlab/auth/saml/auth_hash_spec.rb | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/spec/lib/gitlab/auth/saml/auth_hash_spec.rb b/spec/lib/gitlab/auth/saml/auth_hash_spec.rb index f1fad946f35..5286e22abc9 100644 --- a/spec/lib/gitlab/auth/saml/auth_hash_spec.rb +++ b/spec/lib/gitlab/auth/saml/auth_hash_spec.rb @@ -40,6 +40,32 @@ RSpec.describe Gitlab::Auth::Saml::AuthHash do end end + describe '#azure_group_overage_claim?' do + context 'when the claim is not present' do + let(:raw_info_attr) { {} } + + it 'is false' do + expect(saml_auth_hash.azure_group_overage_claim?).to eq(false) + end + end + + context 'when the claim is present' do + # The value of the claim is irrelevant, but it's still included + # in the test response to keep tests as real-world as possible. + # https://learn.microsoft.com/en-us/security/zero-trust/develop/configure-tokens-group-claims-app-roles#group-overages + let(:raw_info_attr) do + { + 'http://schemas.microsoft.com/claims/groups.link' => + ['https://graph.windows.net/8c750e43/users/e631c82c/getMemberObjects'] + } + end + + it 'is true' do + expect(saml_auth_hash.azure_group_overage_claim?).to eq(true) + end + end + end + describe '#authn_context' do let(:auth_hash_data) do { |