spec/lib/gitlab/auth/ldap/auth_hash_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Gitlab::Auth::Ldap::AuthHash do
  include LdapHelpers

  let(:auth_hash) do
    described_class.new(
      OmniAuth::AuthHash.new(
        uid: given_uid,
        provider: 'ldapmain',
        info: info,
        extra: {
          raw_info: raw_info
        }
      )
    )
  end

  let(:info) do
    {
      name: 'Smith, J.',
      email: 'johnsmith@example.com',
      nickname: '123456'
    }
  end

  let(:raw_info) do
    {
      uid: ['123456'],
      email: ['johnsmith@example.com'],
      cn: ['Smith, J.'],
      fullName: ['John Smith']
    }
  end

  context "without overridden attributes" do
    let(:given_uid) { 'uid=John Smith,ou=People,dc=example,dc=com' }

    it "has the correct username" do
      expect(auth_hash.username).to eq("123456")
    end

    it "has the correct name" do
      expect(auth_hash.name).to eq("Smith, J.")
    end
  end

  context "with overridden attributes" do
    let(:given_uid) { 'uid=John Smith,ou=People,dc=example,dc=com' }

    let(:attributes) do
      {
        'username' => %w(mail email),
        'name' => 'fullName'
      }
    end

    before do
      allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
        allow(instance).to receive(:attributes).and_return(attributes)
      end
    end

    it "has the correct username" do
      expect(auth_hash.username).to eq("johnsmith@example.com")
    end

    it "has the correct name" do
      expect(auth_hash.name).to eq("John Smith")
    end
  end

  describe '#uid' do
    context 'when there is extraneous (but valid) whitespace' do
      let(:given_uid) { 'uid     =john smith ,  ou = people, dc=  example,dc =com' }

      it 'removes the extraneous whitespace' do
        expect(auth_hash.uid).to eq('uid=john smith,ou=people,dc=example,dc=com')
      end
    end

    context 'when there are upper case characters' do
      let(:given_uid) { 'UID=John Smith,ou=People,dc=example,dc=com' }

      it 'downcases' do
        expect(auth_hash.uid).to eq('uid=john smith,ou=people,dc=example,dc=com')
      end
    end
  end

  describe '#username' do
    context 'if lowercase_usernames setting is' do
      let(:given_uid) { 'uid=John Smith,ou=People,dc=example,dc=com' }

      before do
        raw_info[:uid] = [+'JOHN']
      end

      it 'enabled the username attribute is lower cased' do
        stub_ldap_config(lowercase_usernames: true)

        expect(auth_hash.username).to eq 'john'
      end

      it 'disabled the username attribute is not lower cased' do
        stub_ldap_config(lowercase_usernames: false)

        expect(auth_hash.username).to eq 'JOHN'
      end
    end
  end
end