diff options
Diffstat (limited to 'spec/lib/gitlab/ldap')
| -rw-r--r-- | spec/lib/gitlab/ldap/access_spec.rb | 55 | ||||
| -rw-r--r-- | spec/lib/gitlab/ldap/adapter_spec.rb | 31 | ||||
| -rw-r--r-- | spec/lib/gitlab/ldap/authentication_spec.rb | 53 | ||||
| -rw-r--r-- | spec/lib/gitlab/ldap/config_spec.rb | 20 | ||||
| -rw-r--r-- | spec/lib/gitlab/ldap/user_spec.rb | 106 |
5 files changed, 0 insertions, 265 deletions
diff --git a/spec/lib/gitlab/ldap/access_spec.rb b/spec/lib/gitlab/ldap/access_spec.rb deleted file mode 100644 index 707a0521ab3..00000000000 --- a/spec/lib/gitlab/ldap/access_spec.rb +++ /dev/null @@ -1,55 +0,0 @@ -require 'spec_helper' - -describe Gitlab::LDAP::Access do - let(:access) { Gitlab::LDAP::Access.new user } - let(:user) { create(:omniauth_user) } - - describe :allowed? do - subject { access.allowed? } - - context 'when the user cannot be found' do - before { Gitlab::LDAP::Person.stub(find_by_dn: nil) } - - it { is_expected.to be_falsey } - end - - context 'when the user is found' do - before { Gitlab::LDAP::Person.stub(find_by_dn: :ldap_user) } - - context 'and the user is diabled via active directory' do - before { Gitlab::LDAP::Person.stub(disabled_via_active_directory?: true) } - - it { is_expected.to be_falsey } - - it "should block user in GitLab" do - access.allowed? - user.should be_blocked - end - end - - context 'and has no disabled flag in active diretory' do - before do - user.block - - Gitlab::LDAP::Person.stub(disabled_via_active_directory?: false) - end - - it { is_expected.to be_truthy } - - it "should unblock user in GitLab" do - access.allowed? - user.should_not be_blocked - end - end - - context 'without ActiveDirectory enabled' do - before do - Gitlab::LDAP::Config.stub(enabled?: true) - Gitlab::LDAP::Config.any_instance.stub(active_directory: false) - end - - it { is_expected.to be_truthy } - end - end - end -end diff --git a/spec/lib/gitlab/ldap/adapter_spec.rb b/spec/lib/gitlab/ldap/adapter_spec.rb deleted file mode 100644 index b609e4b38f2..00000000000 --- a/spec/lib/gitlab/ldap/adapter_spec.rb +++ /dev/null @@ -1,31 +0,0 @@ -require 'spec_helper' - -describe Gitlab::LDAP::Adapter do - let(:adapter) { Gitlab::LDAP::Adapter.new 'ldapmain' } - - describe :dn_matches_filter? do - let(:ldap) { double(:ldap) } - subject { adapter.dn_matches_filter?(:dn, :filter) } - before { adapter.stub(ldap: ldap) } - - context "when the search is successful" do - context "and the result is non-empty" do - before { ldap.stub(search: [:foo]) } - - it { is_expected.to be_truthy } - end - - context "and the result is empty" do - before { ldap.stub(search: []) } - - it { is_expected.to be_falsey } - end - end - - context "when the search encounters an error" do - before { ldap.stub(search: nil, get_operation_result: double(code: 1, message: 'some error')) } - - it { is_expected.to be_falsey } - end - end -end diff --git a/spec/lib/gitlab/ldap/authentication_spec.rb b/spec/lib/gitlab/ldap/authentication_spec.rb deleted file mode 100644 index 8afc2b21f46..00000000000 --- a/spec/lib/gitlab/ldap/authentication_spec.rb +++ /dev/null @@ -1,53 +0,0 @@ -require 'spec_helper' - -describe Gitlab::LDAP::Authentication do - let(:klass) { Gitlab::LDAP::Authentication } - let(:user) { create(:omniauth_user, extern_uid: dn) } - let(:dn) { 'uid=john,ou=people,dc=example,dc=com' } - let(:login) { 'john' } - let(:password) { 'password' } - - describe :login do - let(:adapter) { double :adapter } - before do - Gitlab::LDAP::Config.stub(enabled?: true) - end - - it "finds the user if authentication is successful" do - user - # try only to fake the LDAP call - klass.any_instance.stub(adapter: double(:adapter, - bind_as: double(:ldap_user, dn: dn) - )) - expect(klass.login(login, password)).to be_truthy - end - - it "is false if the user does not exist" do - # try only to fake the LDAP call - klass.any_instance.stub(adapter: double(:adapter, - bind_as: double(:ldap_user, dn: dn) - )) - expect(klass.login(login, password)).to be_falsey - end - - it "is false if authentication fails" do - user - # try only to fake the LDAP call - klass.any_instance.stub(adapter: double(:adapter, bind_as: nil)) - expect(klass.login(login, password)).to be_falsey - end - - it "fails if ldap is disabled" do - Gitlab::LDAP::Config.stub(enabled?: false) - expect(klass.login(login, password)).to be_falsey - end - - it "fails if no login is supplied" do - expect(klass.login('', password)).to be_falsey - end - - it "fails if no password is supplied" do - expect(klass.login(login, '')).to be_falsey - end - end -end
\ No newline at end of file diff --git a/spec/lib/gitlab/ldap/config_spec.rb b/spec/lib/gitlab/ldap/config_spec.rb deleted file mode 100644 index 00e9076c787..00000000000 --- a/spec/lib/gitlab/ldap/config_spec.rb +++ /dev/null @@ -1,20 +0,0 @@ -require 'spec_helper' - -describe Gitlab::LDAP::Config do - let(:config) { Gitlab::LDAP::Config.new provider } - let(:provider) { 'ldapmain' } - - describe '#initalize' do - it 'requires a provider' do - expect{ Gitlab::LDAP::Config.new }.to raise_error ArgumentError - end - - it "works" do - expect(config).to be_a described_class - end - - it "raises an error if a unknow provider is used" do - expect{ Gitlab::LDAP::Config.new 'unknown' }.to raise_error - end - end -end diff --git a/spec/lib/gitlab/ldap/user_spec.rb b/spec/lib/gitlab/ldap/user_spec.rb deleted file mode 100644 index 42015c28c81..00000000000 --- a/spec/lib/gitlab/ldap/user_spec.rb +++ /dev/null @@ -1,106 +0,0 @@ -require 'spec_helper' - -describe Gitlab::LDAP::User do - let(:ldap_user) { Gitlab::LDAP::User.new(auth_hash) } - let(:gl_user) { ldap_user.gl_user } - let(:info) do - { - name: 'John', - email: 'john@example.com', - nickname: 'john' - } - end - let(:auth_hash) do - double(uid: 'my-uid', provider: 'ldapmain', info: double(info)) - end - - describe :changed? do - it "marks existing ldap user as changed" do - existing_user = create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain') - expect(ldap_user.changed?).to be_truthy - end - - it "marks existing non-ldap user if the email matches as changed" do - existing_user = create(:user, email: 'john@example.com') - expect(ldap_user.changed?).to be_truthy - end - - it "dont marks existing ldap user as changed" do - existing_user = create(:omniauth_user, email: 'john@example.com', extern_uid: 'my-uid', provider: 'ldapmain') - expect(ldap_user.changed?).to be_falsey - end - end - - describe :find_or_create do - it "finds the user if already existing" do - existing_user = create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain') - - expect{ ldap_user.save }.to_not change{ User.count } - end - - it "connects to existing non-ldap user if the email matches" do - existing_user = create(:omniauth_user, email: 'john@example.com', provider: "twitter") - expect{ ldap_user.save }.to_not change{ User.count } - - existing_user.reload - expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid' - expect(existing_user.ldap_identity.provider).to eql 'ldapmain' - end - - it "creates a new user if not found" do - expect{ ldap_user.save }.to change{ User.count }.by(1) - end - end - - - describe 'blocking' do - context 'signup' do - context 'dont block on create' do - before { Gitlab::LDAP::Config.any_instance.stub block_auto_created_users: false } - - it do - ldap_user.save - expect(gl_user).to be_valid - expect(gl_user).not_to be_blocked - end - end - - context 'block on create' do - before { Gitlab::LDAP::Config.any_instance.stub block_auto_created_users: true } - - it do - ldap_user.save - expect(gl_user).to be_valid - expect(gl_user).to be_blocked - end - end - end - - context 'sign-in' do - before do - ldap_user.save - ldap_user.gl_user.activate - end - - context 'dont block on create' do - before { Gitlab::LDAP::Config.any_instance.stub block_auto_created_users: false } - - it do - ldap_user.save - expect(gl_user).to be_valid - expect(gl_user).not_to be_blocked - end - end - - context 'block on create' do - before { Gitlab::LDAP::Config.any_instance.stub block_auto_created_users: true } - - it do - ldap_user.save - expect(gl_user).to be_valid - expect(gl_user).not_to be_blocked - end - end - end - end -end |