From 15dba34c9a469c95ea6112419dca33c2c63c6247 Mon Sep 17 00:00:00 2001
From: Timothy Andrew <mail@timothyandrew.net>
Date: Mon, 19 Jun 2017 07:55:09 +0000
Subject: Add Omniauth OAuth config to the test section of `gitlab.yml`

- I tried to get this to work by stubbing out portions of the config within the
  test. This didn't work as expected because Devise/Omniauth loaded before the
  stub could run, and the stubbed config was ignored.

- I attempted to fix this by reloading Devise/Omniauth after stubbing the
  config. This successfully got Devise to load the stubbed providers, but failed
  while trying to access a route such as `user_gitlab_omniauth_authorize_path`.

- I spent a while trying to figure this out (even trying
  `Rails.application.reload_routes!`), but nothing seemed to work.

- I settled for adding this config directly to `gitlab.yml` rather than go down
  this path any further.
---
 config/gitlab.yml.example | 66 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)

(limited to 'config/gitlab.yml.example')

diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 43a8c0078ca..b58a173bccb 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -615,6 +615,72 @@ test:
       title: "JIRA"
       url: https://sample_company.atlassian.net
       project_key: PROJECT
+
+  omniauth:
+    enabled: true
+    allow_single_sign_on: true
+    block_auto_created_users: false
+    auto_link_saml_user: true
+    external_providers: []
+
+    providers:
+      - { name: 'cas3',
+          label: 'cas3',
+          args: {
+                  url: 'https://sso.example.com',
+                  disable_ssl_verification: false,
+                  login_url: '/cas/login',
+                  service_validate_url: '/cas/p3/serviceValidate',
+                  logout_url: '/cas/logout'} }
+      - { name: 'authentiq',
+          app_id: 'YOUR_CLIENT_ID',
+          app_secret: 'YOUR_CLIENT_SECRET',
+          args: {
+                  scope: 'aq:name email~rs address aq:push'
+                }
+        }
+
+      - { name: 'github',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET',
+          url: "https://github.com/",
+          verify_ssl: false,
+          args: { scope: 'user:email' } }
+      - { name: 'bitbucket',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET' }
+      - { name: 'gitlab',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET',
+          args: { scope: 'api' } }
+      - { name: 'google_oauth2',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET',
+          args: { access_type: 'offline', approval_prompt: '' } }
+      - { name: 'facebook',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET' }
+      - { name: 'twitter',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET' }
+      
+      - { name: 'saml',
+          label: 'Our SAML Provider',
+          groups_attribute: 'Groups',
+          external_groups: ['Contractors', 'Freelancers'],
+          args: {
+                  assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
+                  idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
+                  idp_sso_target_url: 'https://login.example.com/idp',
+                  issuer: 'https://gitlab.example.com',
+                  name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
+                } }
+      
+      - { name: 'auth0',
+          args: {
+            client_id: 'YOUR_AUTH0_CLIENT_ID',
+            client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
+            namespace: 'YOUR_AUTH0_DOMAIN' } }
   ldap:
     enabled: false
     servers:
-- 
cgit v1.2.3


From 7c2f5bb48d98426b8458782216311f24aa705209 Mon Sep 17 00:00:00 2001
From: Timothy Andrew <mail@timothyandrew.net>
Date: Mon, 3 Jul 2017 19:37:37 +0000
Subject: Fix build for !11963.

- Don't use `request.env['omniauth.params']` if it isn't present.

- Remove the `saml` section from the `gitlab.yml` test section. Some tests
  depend on this section not being initially present, so it can be overridden
  in the test. This MR doesn't add any tests for SAML, so we didn't really need
  this in the first place anyway.

- Clean up the test -> omniauth section of `gitlab.yml`
---
 config/gitlab.yml.example | 25 +++----------------------
 1 file changed, 3 insertions(+), 22 deletions(-)

(limited to 'config/gitlab.yml.example')

diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index b58a173bccb..950a58bb0dd 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -619,15 +619,12 @@ test:
   omniauth:
     enabled: true
     allow_single_sign_on: true
-    block_auto_created_users: false
-    auto_link_saml_user: true
     external_providers: []
 
     providers:
       - { name: 'cas3',
           label: 'cas3',
-          args: {
-                  url: 'https://sso.example.com',
+          args: { url: 'https://sso.example.com',
                   disable_ssl_verification: false,
                   login_url: '/cas/login',
                   service_validate_url: '/cas/p3/serviceValidate',
@@ -635,11 +632,7 @@ test:
       - { name: 'authentiq',
           app_id: 'YOUR_CLIENT_ID',
           app_secret: 'YOUR_CLIENT_SECRET',
-          args: {
-                  scope: 'aq:name email~rs address aq:push'
-                }
-        }
-
+          args: { scope: 'aq:name email~rs address aq:push' } }
       - { name: 'github',
           app_id: 'YOUR_APP_ID',
           app_secret: 'YOUR_APP_SECRET',
@@ -663,24 +656,12 @@ test:
       - { name: 'twitter',
           app_id: 'YOUR_APP_ID',
           app_secret: 'YOUR_APP_SECRET' }
-      
-      - { name: 'saml',
-          label: 'Our SAML Provider',
-          groups_attribute: 'Groups',
-          external_groups: ['Contractors', 'Freelancers'],
-          args: {
-                  assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
-                  idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
-                  idp_sso_target_url: 'https://login.example.com/idp',
-                  issuer: 'https://gitlab.example.com',
-                  name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
-                } }
-      
       - { name: 'auth0',
           args: {
             client_id: 'YOUR_AUTH0_CLIENT_ID',
             client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
             namespace: 'YOUR_AUTH0_DOMAIN' } }
+
   ldap:
     enabled: false
     servers:
-- 
cgit v1.2.3


From 89b0c987fcba5692842f83cfaba90a9004ac91de Mon Sep 17 00:00:00 2001
From: Timothy Andrew <mail@timothyandrew.net>
Date: Thu, 6 Jul 2017 06:23:20 +0000
Subject: Remove Authentiq from the OAuth login integration tests.

- This is causing autoload-related errors in the `migration:path` builds. We
  need to find a better way of testing this provider.
---
 config/gitlab.yml.example | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'config/gitlab.yml.example')

diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 950a58bb0dd..bdf8bcf4931 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -629,10 +629,6 @@ test:
                   login_url: '/cas/login',
                   service_validate_url: '/cas/p3/serviceValidate',
                   logout_url: '/cas/logout'} }
-      - { name: 'authentiq',
-          app_id: 'YOUR_CLIENT_ID',
-          app_secret: 'YOUR_CLIENT_SECRET',
-          args: { scope: 'aq:name email~rs address aq:push' } }
       - { name: 'github',
           app_id: 'YOUR_APP_ID',
           app_secret: 'YOUR_APP_SECRET',
-- 
cgit v1.2.3