Commit e1f1e062 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'multi_provider' into 'master'

Supporting for multiple omniauth provider for the same user

fixes https://dev.gitlab.org/gitlab/gitlabhq/issues/1721

and https://dev.gitlab.org/gitlab/gitlabhq/issues/1760

See merge request !1296
parents 490ae737 f9a730eb
...@@ -42,10 +42,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -42,10 +42,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def handle_omniauth def handle_omniauth
if current_user if current_user
# Change a logged-in user's authentication method: # Add new authentication method
current_user.extern_uid = oauth['uid'] current_user.identities.find_or_create_by(extern_uid: oauth['uid'], provider: oauth['provider'])
current_user.provider = oauth['provider']
current_user.save
redirect_to profile_path redirect_to profile_path
else else
@user = Gitlab::OAuth::User.new(oauth) @user = Gitlab::OAuth::User.new(oauth)
...@@ -67,8 +65,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -67,8 +65,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return
end end
end end
rescue StandardError rescue ForbiddenAction => e
flash[:notice] = "There's no such user!" flash[:notice] = e.message
redirect_to new_user_session_path redirect_to new_user_session_path
end end
......
...@@ -16,4 +16,8 @@ module OauthHelper ...@@ -16,4 +16,8 @@ module OauthHelper
[:twitter, :github, :google_oauth2].include?(name.to_sym) [:twitter, :github, :google_oauth2].include?(name.to_sym)
end end
end end
def additional_providers
enabled_oauth_providers.reject{|provider| provider.to_s.starts_with?('ldap')}
end
end end
module ProfileHelper module ProfileHelper
def oauth_active_class(provider) def oauth_active_class(provider)
if current_user.provider == provider.to_s if current_user.identities.exists?(provider: provider.to_s)
'active' 'active'
end end
end end
...@@ -10,10 +10,10 @@ module ProfileHelper ...@@ -10,10 +10,10 @@ module ProfileHelper
end end
def show_profile_social_tab? def show_profile_social_tab?
enabled_social_providers.any? && !current_user.ldap_user? enabled_social_providers.any?
end end
def show_profile_remove_tab? def show_profile_remove_tab?
gitlab_config.signup_enabled && !current_user.ldap_user? gitlab_config.signup_enabled
end end
end end
class Identity < ActiveRecord::Base
belongs_to :user
validates :extern_uid, allow_blank: true, uniqueness: {scope: :provider}
end
\ No newline at end of file
...@@ -79,6 +79,7 @@ class User < ActiveRecord::Base ...@@ -79,6 +79,7 @@ class User < ActiveRecord::Base
# Profile # Profile
has_many :keys, dependent: :destroy has_many :keys, dependent: :destroy
has_many :emails, dependent: :destroy has_many :emails, dependent: :destroy
has_many :identities, dependent: :destroy
# Groups # Groups
has_many :members, dependent: :destroy has_many :members, dependent: :destroy
...@@ -113,7 +114,6 @@ class User < ActiveRecord::Base ...@@ -113,7 +114,6 @@ class User < ActiveRecord::Base
validates :name, presence: true validates :name, presence: true
validates :email, presence: true, email: {strict_mode: true}, uniqueness: true validates :email, presence: true, email: {strict_mode: true}, uniqueness: true
validates :bio, length: { maximum: 255 }, allow_blank: true validates :bio, length: { maximum: 255 }, allow_blank: true
validates :extern_uid, allow_blank: true, uniqueness: {scope: :provider}
validates :projects_limit, presence: true, numericality: {greater_than_or_equal_to: 0} validates :projects_limit, presence: true, numericality: {greater_than_or_equal_to: 0}
validates :username, presence: true, uniqueness: { case_sensitive: false }, validates :username, presence: true, uniqueness: { case_sensitive: false },
exclusion: { in: Gitlab::Blacklist.path }, exclusion: { in: Gitlab::Blacklist.path },
...@@ -178,7 +178,6 @@ class User < ActiveRecord::Base ...@@ -178,7 +178,6 @@ class User < ActiveRecord::Base
scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) } scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) }
scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all } scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all }
scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') } scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') }
scope :ldap, -> { where('provider LIKE ?', 'ldap%') }
scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active } scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active }
# #
...@@ -407,7 +406,11 @@ class User < ActiveRecord::Base ...@@ -407,7 +406,11 @@ class User < ActiveRecord::Base
end end
def ldap_user? def ldap_user?
extern_uid && provider.start_with?('ldap') identities.exists?(["provider LIKE ? AND extern_uid IS NOT NULL", "ldap%"])
end
def ldap_identity
@ldap_identity ||= identities.find_by(["provider LIKE ?", "ldap%"])
end end
def accessible_deploy_keys def accessible_deploy_keys
......
...@@ -107,7 +107,7 @@ class NotificationService ...@@ -107,7 +107,7 @@ class NotificationService
# Notify new user with email after creation # Notify new user with email after creation
def new_user(user, token = nil) def new_user(user, token = nil)
# Don't email omniauth created users # Don't email omniauth created users
mailer.new_user_email(user.id, token) unless user.extern_uid? mailer.new_user_email(user.id, token) unless user.identities.any?
end end
# Notify users on new note in system # Notify users on new note in system
......
...@@ -95,7 +95,7 @@ ...@@ -95,7 +95,7 @@
%li %li
%span.light LDAP uid: %span.light LDAP uid:
%strong %strong
= @user.extern_uid = @user.ldap_identity.extern_uid
- if @user.created_by - if @user.created_by
%li %li
......
- providers = (enabled_oauth_providers - [:ldap]) - providers = additional_providers
- if providers.present? - if providers.present?
.bs-callout.bs-callout-info{:'data-no-turbolink' => 'data-no-turbolink'} .bs-callout.bs-callout-info{:'data-no-turbolink' => 'data-no-turbolink'}
%span Sign in with: &nbsp; %span Sign in with: &nbsp;
......
class AddIdentityTable < ActiveRecord::Migration
def up
create_table :identities do |t|
t.string :extern_uid
t.string :provider
t.references :user
end
add_index :identities, :user_id
User.where("provider IS NOT NULL").find_each do |user|
execute "INSERT INTO identities(provider, extern_uid, user_id) VALUES('#{user.provider}', '#{user.extern_uid}', '#{user.id}')"
end
remove_column :users, :extern_uid
remove_column :users, :provider
end
def down
add_column :users, :extern_uid, :string
add_column :users, :provider, :string
User.where("id IN(SELECT user_id FROM identities)").find_each do |user|
identity = user.identities.last
user.extern_uid = identity.extern_uid
user.provider = identity.provider
user.save
end
drop_table :identities
end
end
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20141121133009) do ActiveRecord::Schema.define(version: 20141121161704) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
...@@ -74,6 +74,14 @@ ActiveRecord::Schema.define(version: 20141121133009) do ...@@ -74,6 +74,14 @@ ActiveRecord::Schema.define(version: 20141121133009) do
add_index "forked_project_links", ["forked_to_project_id"], name: "index_forked_project_links_on_forked_to_project_id", unique: true, using: :btree add_index "forked_project_links", ["forked_to_project_id"], name: "index_forked_project_links_on_forked_to_project_id", unique: true, using: :btree
create_table "identities", force: true do |t|
t.string "extern_uid"
t.string "provider"
t.integer "user_id"
end
add_index "identities", ["user_id"], name: "index_identities_on_user_id", using: :btree
create_table "issues", force: true do |t| create_table "issues", force: true do |t|
t.string "title" t.string "title"
t.integer "assignee_id" t.integer "assignee_id"
...@@ -350,8 +358,6 @@ ActiveRecord::Schema.define(version: 20141121133009) do ...@@ -350,8 +358,6 @@ ActiveRecord::Schema.define(version: 20141121133009) do
t.string "bio" t.string "bio"
t.integer "failed_attempts", default: 0 t.integer "failed_attempts", default: 0
t.datetime "locked_at" t.datetime "locked_at"
t.string "extern_uid"
t.string "provider"
t.string "username" t.string "username"
t.boolean "can_create_group", default: true, null: false t.boolean "can_create_group", default: true, null: false
t.boolean "can_create_team", default: true, null: false t.boolean "can_create_team", default: true, null: false
...@@ -360,6 +366,7 @@ ActiveRecord::Schema.define(version: 20141121133009) do ...@@ -360,6 +366,7 @@ ActiveRecord::Schema.define(version: 20141121133009) do
t.integer "notification_level", default: 1, null: false t.integer "notification_level", default: 1, null: false
t.datetime "password_expires_at" t.datetime "password_expires_at"
t.integer "created_by_id" t.integer "created_by_id"
t.datetime "last_credential_check_at"
t.string "avatar" t.string "avatar"
t.string "confirmation_token" t.string "confirmation_token"
t.datetime "confirmed_at" t.datetime "confirmed_at"
...@@ -367,7 +374,6 @@ ActiveRecord::Schema.define(version: 20141121133009) do ...@@ -367,7 +374,6 @@ ActiveRecord::Schema.define(version: 20141121133009) do
t.string "unconfirmed_email" t.string "unconfirmed_email"
t.boolean "hide_no_ssh_key", default: false t.boolean "hide_no_ssh_key", default: false
t.string "website_url", default: "", null: false t.string "website_url", default: "", null: false
t.datetime "last_credential_check_at"
end end
add_index "users", ["admin"], name: "index_users_on_admin", using: :btree add_index "users", ["admin"], name: "index_users_on_admin", using: :btree
...@@ -375,7 +381,6 @@ ActiveRecord::Schema.define(version: 20141121133009) do ...@@ -375,7 +381,6 @@ ActiveRecord::Schema.define(version: 20141121133009) do
add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true, using: :btree add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true, using: :btree
add_index "users", ["current_sign_in_at"], name: "index_users_on_current_sign_in_at", using: :btree add_index "users", ["current_sign_in_at"], name: "index_users_on_current_sign_in_at", using: :btree
add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree
add_index "users", ["extern_uid", "provider"], name: "index_users_on_extern_uid_and_provider", unique: true, using: :btree
add_index "users", ["name"], name: "index_users_on_name", using: :btree add_index "users", ["name"], name: "index_users_on_name", using: :btree
add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree
add_index "users", ["username"], name: "index_users_on_username", using: :btree add_index "users", ["username"], name: "index_users_on_username", using: :btree
......
...@@ -170,7 +170,7 @@ class Spinach::Features::Profile < Spinach::FeatureSteps ...@@ -170,7 +170,7 @@ class Spinach::Features::Profile < Spinach::FeatureSteps
end end
step "I am not an ldap user" do step "I am not an ldap user" do
current_user.update_attributes(extern_uid: nil, provider: '') current_user.identities.delete
current_user.ldap_user?.should be_false current_user.ldap_user?.should be_false
end end
......
...@@ -14,10 +14,14 @@ module API ...@@ -14,10 +14,14 @@ module API
expose :bio, :skype, :linkedin, :twitter, :website_url expose :bio, :skype, :linkedin, :twitter, :website_url
end end
class Identity < Grape::Entity
expose :provider, :extern_uid
end
class UserFull < User class UserFull < User
expose :email expose :email
expose :theme_id, :color_scheme_id, :extern_uid, :provider, \ expose :theme_id, :color_scheme_id, :projects_limit
:projects_limit expose :identities, using: Entities::Identity
expose :can_create_group?, as: :can_create_group expose :can_create_group?, as: :can_create_group
expose :can_create_project?, as: :can_create_project expose :can_create_project?, as: :can_create_project
end end
......
...@@ -59,10 +59,16 @@ module API ...@@ -59,10 +59,16 @@ module API
post do post do
authenticated_as_admin! authenticated_as_admin!
required_attributes! [:email, :password, :name, :username] required_attributes! [:email, :password, :name, :username]
attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin] attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :bio, :can_create_group, :admin]
user = User.build_user(attrs) user = User.build_user(attrs)
admin = attrs.delete(:admin) admin = attrs.delete(:admin)
user.admin = admin unless admin.nil? user.admin = admin unless admin.nil?
identity_attrs = attributes_for_keys [:provider, :extern_uid]
if identity_attrs.any?
user.identities.build(identity_attrs)
end
if user.save if user.save
present user, with: Entities::UserFull present user, with: Entities::UserFull
else else
...@@ -89,8 +95,6 @@ module API ...@@ -89,8 +95,6 @@ module API
# twitter - Twitter account # twitter - Twitter account
# website_url - Website url # website_url - Website url
# projects_limit - Limit projects each user can create # projects_limit - Limit projects each user can create
# extern_uid - External authentication provider UID
# provider - External provider
# bio - Bio # bio - Bio
# admin - User is admin - true or false (default) # admin - User is admin - true or false (default)
# can_create_group - User can create groups - true or false # can_create_group - User can create groups - true or false
...@@ -99,7 +103,7 @@ module API ...@@ -99,7 +103,7 @@ module API
put ":id" do put ":id" do
authenticated_as_admin! authenticated_as_admin!
attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :website_url, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin] attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :website_url, :projects_limit, :username, :bio, :can_create_group, :admin]
user = User.find(params[:id]) user = User.find(params[:id])
not_found!('User') unless user not_found!('User') unless user
......
...@@ -8,7 +8,7 @@ module Gitlab ...@@ -8,7 +8,7 @@ module Gitlab
attr_reader :adapter, :provider, :user attr_reader :adapter, :provider, :user
def self.open(user, &block) def self.open(user, &block)
Gitlab::LDAP::Adapter.open(user.provider) do |adapter| Gitlab::LDAP::Adapter.open(user.ldap_identity.provider) do |adapter|
block.call(self.new(user, adapter)) block.call(self.new(user, adapter))
end end
end end
...@@ -28,13 +28,13 @@ module Gitlab ...@@ -28,13 +28,13 @@ module Gitlab
def initialize(user, adapter=nil) def initialize(user, adapter=nil)
@adapter = adapter @adapter = adapter
@user = user @user = user
@provider = user.provider @provider = user.ldap_identity.provider
end end
def allowed? def allowed?
if Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter) if Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter)
return true unless ldap_config.active_directory return true unless ldap_config.active_directory
!Gitlab::LDAP::Person.disabled_via_active_directory?(user.extern_uid, adapter) !Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter)
else else
false false
end end
......
...@@ -12,9 +12,10 @@ module Gitlab ...@@ -12,9 +12,10 @@ module Gitlab
class << self class << self
def find_by_uid_and_provider(uid, provider) def find_by_uid_and_provider(uid, provider)
# LDAP distinguished name is case-insensitive # LDAP distinguished name is case-insensitive
::User. identity = ::Identity.
where(provider: [provider, :ldap]). where(provider: [provider, :ldap]).
where('lower(extern_uid) = ?', uid.downcase).last where('lower(extern_uid) = ?', uid.downcase).last
identity && identity.user
end end
end end
...@@ -34,15 +35,13 @@ module Gitlab ...@@ -34,15 +35,13 @@ module Gitlab
end end
def find_by_email def find_by_email
model.find_by(email: auth_hash.email) ::User.find_by(email: auth_hash.email)
end end
def update_user_attributes def update_user_attributes
gl_user.attributes = { gl_user.email = auth_hash.email
extern_uid: auth_hash.uid, gl_user.identities.build(provider: auth_hash.provider, extern_uid: auth_hash.uid)
provider: auth_hash.provider, gl_user
email: auth_hash.email
}
end end
def changed? def changed?
......
...@@ -5,6 +5,8 @@ ...@@ -5,6 +5,8 @@
# #
module Gitlab module Gitlab
module OAuth module OAuth
class ForbiddenAction < StandardError; end
class User class User
attr_accessor :auth_hash, :gl_user attr_accessor :auth_hash, :gl_user
...@@ -70,24 +72,24 @@ module Gitlab ...@@ -70,24 +72,24 @@ module Gitlab
end end
def find_by_uid_and_provider def find_by_uid_and_provider
model.where(provider: auth_hash.provider, extern_uid: auth_hash.uid).last identity = Identity.find_by(provider: auth_hash.provider, extern_uid: auth_hash.uid)
identity && identity.user
end end
def build_new_user def build_new_user
model.new(user_attributes).tap do |user| user = ::User.new(user_attributes)
user.skip_confirmation! user.skip_confirmation!
end user.identities.new(extern_uid: auth_hash.uid, provider: auth_hash.provider)
user
end end
def user_attributes def user_attributes
{ {
extern_uid: auth_hash.uid,
provider: auth_hash.provider,
name: auth_hash.name, name: auth_hash.name,
username: auth_hash.username, username: auth_hash.username,
email: auth_hash.email, email: auth_hash.email,
password: auth_hash.password, password: auth_hash.password,
password_confirmation: auth_hash.password, password_confirmation: auth_hash.password
} }
end end
...@@ -95,12 +97,8 @@ module Gitlab ...@@ -95,12 +97,8 @@ module Gitlab
Gitlab::AppLogger Gitlab::AppLogger
end end
def model def unauthorized_to_create
::User raise ForbiddenAction.new("Unauthorized to create user, signup disabled for #{auth_hash.provider}")
end
def raise_unauthorized_to_create
raise StandardError.new("Unauthorized to create user, signup disabled for #{auth_hash.provider}")
end end
end end
end end
......
...@@ -18,15 +18,24 @@ FactoryGirl.define do ...@@ -18,15 +18,24 @@ FactoryGirl.define do
password "12345678" password "12345678"
password_confirmation { password } password_confirmation { password }
confirmed_at { Time.now } confirmed_at { Time.now }
confirmation_token { nil } confirmation_token { nil }
trait :admin do trait :admin do
admin true admin true
end end
trait :ldap do factory :omniauth_user do
provider 'ldapmain' ignore do
extern_uid 'my-ldap-id' extern_uid '123456'
provider 'ldapmain'
end
after(:create) do |user, evaluator|
user.identities << create(:identity,
provider: evaluator.provider,
extern_uid: evaluator.extern_uid
)
end
end end
factory :admin, traits: [:admin] factory :admin, traits: [:admin]
...@@ -182,4 +191,9 @@ FactoryGirl.define do ...@@ -182,4 +191,9 @@ FactoryGirl.define do
deploy_key deploy_key
project project
end end
factory :identity do
provider 'ldapmain'
extern_uid 'my-ldap-id'
end
end end
require "spec_helper"
describe OauthHelper do
describe "additional_providers" do
it 'returns all enabled providers' do
allow(helper).to receive(:enabled_oauth_providers) { [:twitter, :github] }
helper.additional_providers.should include(*[:twitter, :github])
end
it 'does not return ldap provider' do
allow(helper).to receive(:enabled_oauth_providers) { [:twitter, :ldapmain] }
helper.additional_providers.should include(:twitter)
end
it 'returns empty array' do
allow(helper).to receive(:enabled_oauth_providers) { [] }
helper.additional_providers.should == []
end
end
end
\ No newline at end of file
...@@ -2,7 +2,7 @@ require 'spec_helper' ...@@ -2,7 +2,7 @@ require 'spec_helper'
describe Gitlab::LDAP::Access do describe Gitlab::LDAP::Access do
let(:access) { Gitlab::LDAP::Access.new user } let(:access) { Gitlab::LDAP::Access.new user }
let(:user) { create(:user, :ldap) } let(:user) { create(:omniauth_user) }
describe :allowed? do describe :allowed? do
subject { access.allowed? } subject { access.allowed? }
......
...@@ -2,7 +2,7 @@ require 'spec_helper' ...@@ -2,7 +2,7 @@ require 'spec_helper'
describe Gitlab::LDAP::Authentication do describe Gitlab::LDAP::Authentication do
let(:klass) { Gitlab::LDAP::Authentication } let(:klass) { Gitlab::LDAP::Authentication }
let(:user) { create(:user, :ldap, extern_uid: dn) } let(:user) { create(:omniauth_user, extern_uid: dn) }
let(:dn) { 'uid=john,ou=people,dc=example,dc=com' } let(:dn) { 'uid=john,ou=people,dc=example,dc=com' }
let(:login) { 'john' } let(:login) { 'john' }
let(:password) { 'password' } let(:password) { 'password' }
......
...@@ -15,18 +15,18 @@ describe Gitlab::LDAP::User do ...@@ -15,18 +15,18 @@ describe Gitlab::LDAP::User do
describe :find_or_create do describe :find_or_create do
it "finds the user if already existing" do it "finds the user if already existing" do
existing_user = create(:user, extern_uid: 'my-uid', provider: 'ldapmain') existing_user = create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain')
expect{ gl_user.save }.to_not change{ User.count } expect{ gl_user.save }.to_not change{ User.count }
end end
it "connects to existing non-ldap user if the email matches" do it "connects to existing non-ldap user if the email matches" do
existing_user = create(:user, email: 'john@example.com') existing_user = create(:omniauth_user, email: 'john@example.com', provider: "twitter")
expect{ gl_user.save }.to_not change{ User.count } expect{ gl_user.save }.to_not change{ User.count }
existing_user.reload existing_user.reload
expect(existing_user.extern_uid).to eql 'my-uid' expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
expect(existing_user.provider).to eql 'ldapmain' expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
end end
it "creates a new user if not found" do it "creates a new user if not found" do
......
...@@ -15,7 +15,7 @@ describe Gitlab::OAuth::User do ...@@ -15,7 +15,7 @@ describe Gitlab::OAuth::User do
end end
describe :persisted? do describe :persisted? do
let!(:existing_user) { create(:user, extern_uid: 'my-uid', provider: 'my-provider') } let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }
it "finds an existing user based on uid and provider (facebook)" do it "finds an existing user based on uid and provider (facebook)" do
auth = double(info: double(name: 'John'), uid: 'my-uid', provider: 'my-provider') auth = double(info: double(name: 'John'), uid: 'my-uid', provider: 'my-provider')
...@@ -39,8 +39,9 @@ describe Gitlab::OAuth::User do ...@@ -39,8 +39,9 @@ describe Gitlab::OAuth::User do
oauth_user.save oauth_user.save
expect(gl_user).to be_valid expect(gl_user).to be_valid
expect(gl_user.extern_uid).to eql uid identity = gl_user.identities.first
expect(gl_user.provider).to eql 'twitter' expect(identity.extern_uid).to eql uid
expect(identity.provider).to eql 'twitter'
end end
end end
......
...@@ -62,6 +62,7 @@ describe User do ...@@ -62,6 +62,7 @@ describe User do
it { should have_many(:assigned_issues).dependent(:destroy) } it { should have_many(:assigned_issues).dependent(:destroy) }
it { should have_many(:merge_requests).dependent(:destroy) } it { should have_many(:merge_requests).dependent(:destroy) }
it { should have_many(:assigned_merge_requests).dependent(:destroy) } it { should have_many(:assigned_merge_requests).dependent(:destroy) }
it { should have_many(:identities).dependent(:destroy) }
end end
describe "Mass assignment" do describe "Mass assignment" do
...@@ -361,24 +362,29 @@ describe User do ...@@ -361,24 +362,29 @@ describe User do
end end
describe :ldap_user? do describe :ldap_user? do
let(:user) { build(:user, :ldap) }
it "is true if provider name starts with ldap" do it "is true if provider name starts with ldap" do
user.provider = 'ldapmain' user = create(:omniauth_user, provider: 'ldapmain')
expect( user.ldap_user? ).to be_true expect( user.ldap_user? ).to be_true
end end
it "is false for other providers" do it "is false for other providers" do
user.provider = 'other-provider' user = create(:omniauth_user, provider: 'other-provider')
expect( user.ldap_user? ).to be_false expect( user.ldap_user? ).to be_false
end end
it "is false if no extern_uid is provided" do it "is false if no extern_uid is provided" do
user.extern_uid = nil user = create(:omniauth_user, extern_uid: nil)
expect( user.ldap_user? ).to be_false expect( user.ldap_user? ).to be_false
end end
end end
describe :ldap_identity do
it "returns ldap identity" do
user = create :omniauth_user
user.ldap_identity.provider.should_not be_empty
end
end
describe '#full_website_url' do describe '#full_website_url' do
let(:user) { create(:user) } let(:user) { create(:user) }
......
...@@ -33,7 +33,7 @@ describe API::API, api: true do ...@@ -33,7 +33,7 @@ describe API::API, api: true do
response.status.should == 200 response.status.should == 200
json_response.should be_an Array json_response.should be_an Array
json_response.first.keys.should include 'email' json_response.first.keys.should include 'email'
json_response.first.keys.should include 'extern_uid' json_response.first.keys.should include 'identities'
json_response.first.keys.should include 'can_create_project' json_response.first.keys.should include 'can_create_project'
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment