spec/lib/gitlab/auth/o_auth/auth_hash_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Gitlab::Auth::OAuth::AuthHash do
  let(:provider) { 'ldap' }
  let(:auth_hash) do
    described_class.new(
      OmniAuth::AuthHash.new(
        provider: provider,
        uid: uid_ascii,
        info: info_hash
      )
    )
  end

  let(:provider_config) { { 'args' => { 'gitlab_username_claim' => 'first_name' } } }
  let(:uid_raw) do
    +"CN=Onur K\xC3\xBC\xC3\xA7\xC3\xBCk,OU=Test,DC=example,DC=net"
  end

  let(:email_raw) { +"onur.k\xC3\xBC\xC3\xA7\xC3\xBCk_ABC-123@example.net" }
  let(:nickname_raw) { +"ok\xC3\xBC\xC3\xA7\xC3\xBCk" }
  let(:first_name_raw) { +'Onur' }
  let(:last_name_raw) { +"K\xC3\xBC\xC3\xA7\xC3\xBCk" }
  let(:name_raw) { +"Onur K\xC3\xBC\xC3\xA7\xC3\xBCk" }

  let(:uid_ascii) { uid_raw.force_encoding(Encoding::ASCII_8BIT) }
  let(:email_ascii) { email_raw.force_encoding(Encoding::ASCII_8BIT) }
  let(:nickname_ascii) { nickname_raw.force_encoding(Encoding::ASCII_8BIT) }
  let(:first_name_ascii) { first_name_raw.force_encoding(Encoding::ASCII_8BIT) }
  let(:last_name_ascii) { last_name_raw.force_encoding(Encoding::ASCII_8BIT) }
  let(:name_ascii) { name_raw.force_encoding(Encoding::ASCII_8BIT) }

  let(:uid_utf8) { uid_ascii.force_encoding(Encoding::UTF_8) }
  let(:email_utf8) { email_ascii.force_encoding(Encoding::UTF_8) }
  let(:nickname_utf8) { nickname_ascii.force_encoding(Encoding::UTF_8) }
  let(:name_utf8) { name_ascii.force_encoding(Encoding::UTF_8) }
  let(:first_name_utf8) { first_name_ascii.force_encoding(Encoding::UTF_8) }

  let(:info_hash) do
    {
      email: email_ascii,
      first_name: first_name_ascii,
      last_name: last_name_ascii,
      name: name_ascii,
      nickname: nickname_ascii,
      uid: uid_ascii,
      address: {
        locality: 'some locality',
        country: 'some country'
      }
    }
  end

  context 'defaults' do
    it { expect(auth_hash.provider).to eq provider }
    it { expect(auth_hash.uid).to eql uid_utf8 }
    it { expect(auth_hash.email).to eql email_utf8 }
    it { expect(auth_hash.username).to eql nickname_utf8 }
    it { expect(auth_hash.name).to eql name_utf8 }
    it { expect(auth_hash.password).not_to be_empty }
    it { expect(auth_hash.location).to eq 'some locality, some country' }
  end

  context 'email not provided' do
    before do
      info_hash.delete(:email)
    end

    it 'generates a temp email' do
      expect( auth_hash.email).to start_with('temp-email-for-oauth')
    end
  end

  context 'username not provided' do
    before do
      info_hash.delete(:nickname)
    end

    it 'takes the first part of the email as username' do
      expect(auth_hash.username).to eql 'onur.kucuk_ABC-123'
    end
  end

  context 'name not provided' do
    before do
      info_hash.delete(:name)
    end

    it 'concats first and lastname as the name' do
      expect(auth_hash.name).to eql name_utf8
    end
  end

  context 'custom username field provided' do
    before do
      allow(Gitlab::Auth::OAuth::Provider).to receive(:config_for).and_return(provider_config)
    end

    it 'uses the custom field for the username' do
      expect(auth_hash.username).to eql first_name_utf8
    end

    it 'uses the default claim for the username when the custom claim is not found' do
      provider_config['args']['gitlab_username_claim'] = 'nonexistent'

      expect(auth_hash.username).to eql nickname_utf8
    end

    it 'uses the default claim for the username when the custom claim is empty' do
      info_hash[:first_name] = ''

      expect(auth_hash.username).to eql nickname_utf8
    end

    it 'uses the default claim for the username when the custom claim is nil' do
      info_hash[:first_name] = nil

      expect(auth_hash.username).to eql nickname_utf8
    end
  end

  context 'auth_hash constructed with ASCII-8BIT encoding' do
    it 'forces utf8 encoding on uid' do
      expect(auth_hash.uid.encoding).to eql Encoding::UTF_8
    end

    it 'forces utf8 encoding on provider' do
      expect(auth_hash.provider.encoding).to eql Encoding::UTF_8
    end

    it 'forces utf8 encoding on name' do
      expect(auth_hash.name.encoding).to eql Encoding::UTF_8
    end

    it 'forces utf8 encoding on username' do
      expect(auth_hash.username.encoding).to eql Encoding::UTF_8
    end

    it 'forces utf8 encoding on email' do
      expect(auth_hash.email.encoding).to eql Encoding::UTF_8
    end

    it 'forces utf8 encoding on password' do
      expect(auth_hash.password.encoding).to eql Encoding::UTF_8
    end
  end
end