From edaa33dee2ff2f7ea3fac488d41558eb5f86d68c Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Thu, 20 Jan 2022 09:16:11 +0000 Subject: Add latest changes from gitlab-org/gitlab@14-7-stable-ee --- spec/lib/gitlab/auth/auth_finders_spec.rb | 30 +++++++++++++++--------------- spec/lib/gitlab/auth/ldap/config_spec.rb | 30 ++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 15 deletions(-) (limited to 'spec/lib/gitlab/auth') diff --git a/spec/lib/gitlab/auth/auth_finders_spec.rb b/spec/lib/gitlab/auth/auth_finders_spec.rb index f1c891b2adb..e985f66bfe9 100644 --- a/spec/lib/gitlab/auth/auth_finders_spec.rb +++ b/spec/lib/gitlab/auth/auth_finders_spec.rb @@ -939,21 +939,19 @@ RSpec.describe Gitlab::Auth::AuthFinders do end describe '#cluster_agent_token_from_authorization_token' do - let_it_be(:agent_token, freeze: true) { create(:cluster_agent_token) } + let_it_be(:agent_token) { create(:cluster_agent_token) } + + subject { cluster_agent_token_from_authorization_token } context 'when route_setting is empty' do - it 'returns nil' do - expect(cluster_agent_token_from_authorization_token).to be_nil - end + it { is_expected.to be_nil } end context 'when route_setting allows cluster agent token' do let(:route_authentication_setting) { { cluster_agent_token_allowed: true } } context 'Authorization header is empty' do - it 'returns nil' do - expect(cluster_agent_token_from_authorization_token).to be_nil - end + it { is_expected.to be_nil } end context 'Authorization header is incorrect' do @@ -961,9 +959,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do request.headers['Authorization'] = 'Bearer ABCD' end - it 'returns nil' do - expect(cluster_agent_token_from_authorization_token).to be_nil - end + it { is_expected.to be_nil } end context 'Authorization header is malformed' do @@ -971,9 +967,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do request.headers['Authorization'] = 'Bearer' end - it 'returns nil' do - expect(cluster_agent_token_from_authorization_token).to be_nil - end + it { is_expected.to be_nil } end context 'Authorization header matches agent token' do @@ -981,8 +975,14 @@ RSpec.describe Gitlab::Auth::AuthFinders do request.headers['Authorization'] = "Bearer #{agent_token.token}" end - it 'returns the agent token' do - expect(cluster_agent_token_from_authorization_token).to eq(agent_token) + it { is_expected.to eq(agent_token) } + + context 'agent token has been revoked' do + before do + agent_token.revoked! + end + + it { is_expected.to be_nil } end end end diff --git a/spec/lib/gitlab/auth/ldap/config_spec.rb b/spec/lib/gitlab/auth/ldap/config_spec.rb index 7a657cce597..3039fce6141 100644 --- a/spec/lib/gitlab/auth/ldap/config_spec.rb +++ b/spec/lib/gitlab/auth/ldap/config_spec.rb @@ -121,10 +121,40 @@ AtlErSqafbECNDSwS5BX8yDpu5yRBJ4xegO/rNlmb8ICRYkuJapD1xXicFOsmfUK expect(config.adapter_options).to eq( host: 'ldap.example.com', port: 386, + hosts: nil, encryption: nil ) end + it 'includes failover hosts when set' do + stub_ldap_config( + options: { + 'host' => 'ldap.example.com', + 'port' => 686, + 'hosts' => [ + ['ldap1.example.com', 636], + ['ldap2.example.com', 636] + ], + 'encryption' => 'simple_tls', + 'verify_certificates' => true, + 'bind_dn' => 'uid=admin,dc=example,dc=com', + 'password' => 'super_secret' + } + ) + + expect(config.adapter_options).to include({ + hosts: [ + ['ldap1.example.com', 636], + ['ldap2.example.com', 636] + ], + auth: { + method: :simple, + username: 'uid=admin,dc=example,dc=com', + password: 'super_secret' + } + }) + end + it 'includes authentication options when auth is configured' do stub_ldap_config( options: { -- cgit v1.2.3