1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::ExternalAuthorization::Client do
let(:user) { build(:user, email: 'dummy_user@example.com') }
let(:dummy_url) { 'https://dummy.net/' }
subject(:client) { described_class.new(user, 'dummy_label') }
before do
stub_application_setting(external_authorization_service_url: dummy_url)
end
describe '#request_access' do
it 'performs requests to the configured endpoint' do
expect(Gitlab::HTTP).to receive(:post).with(dummy_url, any_args)
client.request_access
end
it 'adds the correct params for the user to the body of the request' do
expected_body = {
user_identifier: 'dummy_user@example.com',
project_classification_label: 'dummy_label',
identities: []
}.to_json
expect(Gitlab::HTTP).to receive(:post)
.with(dummy_url, hash_including(body: expected_body))
client.request_access
end
it 'respects the the timeout' do
stub_application_setting(
external_authorization_service_timeout: 3
)
expect(Gitlab::HTTP).to receive(:post).with(dummy_url,
hash_including(
connect_timeout: 3,
read_timeout: 3,
write_timeout: 3
))
client.request_access
end
it 'adds the mutual tls params when they are present' do
stub_application_setting(
external_auth_client_cert: 'the certificate data',
external_auth_client_key: 'the key data',
external_auth_client_key_pass: 'open sesame'
)
expected_params = {
client_cert_data: 'the certificate data',
client_key_data: 'the key data',
client_key_pass: 'open sesame'
}
expect(Gitlab::HTTP).to receive(:post).with(dummy_url, hash_including(expected_params))
client.request_access
end
it 'returns an expected response' do
expect(Gitlab::HTTP).to receive(:post)
expect(client.request_access)
.to be_kind_of(::Gitlab::ExternalAuthorization::Response)
end
it 'wraps exceptions if the request fails' do
expect(Gitlab::HTTP).to receive(:post) { raise Gitlab::HTTP::BlockedUrlError, 'the request broke' }
expect { client.request_access }
.to raise_error(::Gitlab::ExternalAuthorization::RequestFailed)
end
it 'passes local request setting to Gitlab::HTTP' do
stub_application_setting(allow_local_requests_from_system_hooks: false)
expect(Gitlab::HTTP).to receive(:post).with(dummy_url, hash_including(allow_local_requests: false))
client.request_access
end
describe 'for ldap users' do
let(:user) do
create(:omniauth_user,
email: 'dummy_user@example.com',
extern_uid: 'external id',
provider: 'ldapprovider')
end
it 'includes the ldap dn and identities for ldap users' do
expected_body = {
user_identifier: 'dummy_user@example.com',
project_classification_label: 'dummy_label',
identities: [{ provider: 'ldapprovider', extern_uid: 'external id' }],
user_ldap_dn: 'external id'
}.to_json
expect(Gitlab::HTTP).to receive(:post)
.with(dummy_url, hash_including(body: expected_body))
client.request_access
end
end
describe 'for non-ldap users with identities' do
before do
%w(twitter facebook).each do |provider|
create(:identity, provider: provider, extern_uid: "#{provider}_external_id", user: user)
end
end
it 'includes all the identities' do
expected_body = {
user_identifier: 'dummy_user@example.com',
project_classification_label: 'dummy_label',
identities: [
{ provider: 'twitter', extern_uid: 'twitter_external_id' },
{ provider: 'facebook', extern_uid: 'facebook_external_id' }
]
}.to_json
expect(Gitlab::HTTP).to receive(:post)
.with(dummy_url, hash_including(body: expected_body))
client.request_access
end
end
end
end
|
