user_spec.rb 23.6 KB
Newer Older
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
1 2
require 'spec_helper'

3
describe Gitlab::OAuth::User do
4
  let(:oauth_user) { described_class.new(auth_hash) }
5 6
  let(:gl_user) { oauth_user.gl_user }
  let(:uid) { 'my-uid' }
7
  let(:dn) { 'uid=user1,ou=people,dc=example' }
8
  let(:provider) { 'my-provider' }
9
  let(:auth_hash) { OmniAuth::AuthHash.new(uid: uid, provider: provider, info: info_hash) }
10 11
  let(:info_hash) do
    {
12
      nickname: '-john+gitlab-ETC%.git@gmail.com',
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
13
      name: 'John',
14 15 16 17 18
      email: 'john@mail.com',
      address: {
        locality: 'locality',
        country: 'country'
      }
19
    }
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
20
  end
21
  let(:ldap_user) { Gitlab::LDAP::Person.new(Net::LDAP::Entry.new, 'ldapmain') }
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
22

23
  describe '#persisted?' do
24
    let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }
25 26

    it "finds an existing user based on uid and provider (facebook)" do
27
      expect( oauth_user.persisted? ).to be_truthy
28 29
    end

30
    it 'returns false if user is not found in database' do
31
      allow(auth_hash).to receive(:uid).and_return('non-existing')
32
      expect( oauth_user.persisted? ).to be_falsey
33 34 35
    end
  end

36 37 38
  def stub_omniauth_config(messages)
    allow(Gitlab.config.omniauth).to receive_messages(messages)
  end
39

40
  describe '#save' do
41 42 43 44
    def stub_ldap_config(messages)
      allow(Gitlab::LDAP::Config).to receive_messages(messages)
    end

45
    let(:provider) { 'twitter' }
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
46

47 48 49 50 51 52 53 54 55 56 57 58
    describe 'when account exists on server' do
      it 'does not mark the user as external' do
        create(:omniauth_user, extern_uid: 'my-uid', provider: provider)
        stub_omniauth_config(allow_single_sign_on: [provider], external_providers: [provider])

        oauth_user.save

        expect(gl_user).to be_valid
        expect(gl_user.external).to be_falsey
      end
    end

59
    describe 'signup' do
60 61 62 63 64 65
      context 'when signup is disabled' do
        before do
          stub_application_setting signup_enabled: false
        end

        it 'creates the user' do
66
          stub_omniauth_config(allow_single_sign_on: [provider])
67 68 69 70 71 72 73

          oauth_user.save

          expect(gl_user).to be_persisted
        end
      end

74 75 76 77 78 79
      context 'when user confirmation email is enabled' do
        before do
          stub_application_setting send_user_confirmation_email: true
        end

        it 'creates and confirms the user anyway' do
80
          stub_omniauth_config(allow_single_sign_on: [provider])
81 82 83 84 85 86 87 88

          oauth_user.save

          expect(gl_user).to be_persisted
          expect(gl_user).to be_confirmed
        end
      end

89
      it 'marks user as having password_automatically_set' do
90
        stub_omniauth_config(allow_single_sign_on: [provider], external_providers: [provider])
91 92 93 94 95 96 97

        oauth_user.save

        expect(gl_user).to be_persisted
        expect(gl_user).to be_password_automatically_set
      end

98 99
      shared_examples 'to verify compliance with allow_single_sign_on' do
        context 'provider is marked as external' do
100
          it 'marks user as external' do
101
            stub_omniauth_config(allow_single_sign_on: [provider], external_providers: [provider])
102 103 104 105 106 107 108
            oauth_user.save
            expect(gl_user).to be_valid
            expect(gl_user.external).to be_truthy
          end
        end

        context 'provider was external, now has been removed' do
109
          it 'does not mark external user as internal' do
110 111
            create(:omniauth_user, extern_uid: 'my-uid', provider: provider, external: true)
            stub_omniauth_config(allow_single_sign_on: [provider], external_providers: ['facebook'])
112 113
            oauth_user.save
            expect(gl_user).to be_valid
114 115 116 117 118 119
            expect(gl_user.external).to be_truthy
          end
        end

        context 'provider is not external' do
          context 'when adding a new OAuth identity' do
120
            it 'does not promote an external user to internal' do
121 122 123 124 125 126 127
              user = create(:user, email: 'john@mail.com', external: true)
              user.identities.create(provider: provider, extern_uid: uid)

              oauth_user.save
              expect(gl_user).to be_valid
              expect(gl_user.external).to be_truthy
            end
128 129 130 131
          end
        end

        context 'with new allow_single_sign_on enabled syntax' do
132
          before do
133
            stub_omniauth_config(allow_single_sign_on: [provider])
134
          end
135

136 137
          it "creates a user from Omniauth" do
            oauth_user.save
138

139 140 141
            expect(gl_user).to be_valid
            identity = gl_user.identities.first
            expect(identity.extern_uid).to eql uid
142
            expect(identity.provider).to eql provider
143 144 145
          end
        end

146
        context "with old allow_single_sign_on enabled syntax" do
147 148 149
          before do
            stub_omniauth_config(allow_single_sign_on: true)
          end
150 151 152 153 154 155 156

          it "creates a user from Omniauth" do
            oauth_user.save

            expect(gl_user).to be_valid
            identity = gl_user.identities.first
            expect(identity.extern_uid).to eql uid
157
            expect(identity.provider).to eql provider
158 159 160
          end
        end

161
        context 'with new allow_single_sign_on disabled syntax' do
162 163 164 165
          before do
            stub_omniauth_config(allow_single_sign_on: [])
          end

166
          it 'throws an error' do
167
            expect { oauth_user.save }.to raise_error StandardError
168
          end
169
        end
170

171
        context 'with old allow_single_sign_on disabled (Default)' do
172 173 174 175
          before do
            stub_omniauth_config(allow_single_sign_on: false)
          end

176
          it 'throws an error' do
177
            expect { oauth_user.save }.to raise_error StandardError
178 179
          end
        end
180
      end
181

182
      context "with auto_link_ldap_user disabled (default)" do
183 184 185 186
        before do
          stub_omniauth_config(auto_link_ldap_user: false)
        end

187 188 189 190
        include_examples "to verify compliance with allow_single_sign_on"
      end

      context "with auto_link_ldap_user enabled" do
191 192 193
        before do
          stub_omniauth_config(auto_link_ldap_user: true)
        end
194

195
        context "and no LDAP provider defined" do
196 197 198
          before do
            stub_ldap_config(providers: [])
          end
199

200 201
          include_examples "to verify compliance with allow_single_sign_on"
        end
202

203
        context "and at least one LDAP provider is defined" do
204 205 206
          before do
            stub_ldap_config(providers: %w(ldapmain))
          end
207 208 209

          context "and a corresponding LDAP person" do
            before do
210 211
              allow(ldap_user).to receive(:uid) { uid }
              allow(ldap_user).to receive(:username) { uid }
212
              allow(ldap_user).to receive(:email) { ['johndoe@example.com', 'john2@example.com'] }
213
              allow(ldap_user).to receive(:dn) { dn }
214
            end
215

216
            context "and no account for the LDAP user" do
217
              before do
218 219
                allow(Gitlab::LDAP::Person).to receive(:find_by_uid).and_return(ldap_user)

220
                oauth_user.save
221
              end
222

223
              it "creates a user with dual LDAP and omniauth identities" do
224 225 226
                expect(gl_user).to be_valid
                expect(gl_user.username).to eql uid
                expect(gl_user.email).to eql 'johndoe@example.com'
227
                expect(gl_user.identities.length).to be 2
228 229
                identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } }
                expect(identities_as_hash).to match_array(
230
                  [
231
                    { provider: 'ldapmain', extern_uid: dn },
232 233 234
                    { provider: 'twitter', extern_uid: uid }
                  ]
                )
235
              end
236 237 238 239 240 241 242 243 244 245 246 247

              it "has email set as synced" do
                expect(gl_user.user_synced_attributes_metadata.email_synced).to be_truthy
              end

              it "has email set as read-only" do
                expect(gl_user.read_only_attribute?(:email)).to be_truthy
              end

              it "has synced attributes provider set to ldapmain" do
                expect(gl_user.user_synced_attributes_metadata.provider).to eql 'ldapmain'
              end
248
            end
249

250
            context "and LDAP user has an account already" do
251
              let!(:existing_user) { create(:omniauth_user, email: 'john@example.com', extern_uid: dn, provider: 'ldapmain', username: 'john') }
252
              it "adds the omniauth identity to the LDAP account" do
253 254
                allow(Gitlab::LDAP::Person).to receive(:find_by_uid).and_return(ldap_user)

255
                oauth_user.save
256

257 258 259
                expect(gl_user).to be_valid
                expect(gl_user.username).to eql 'john'
                expect(gl_user.email).to eql 'john@example.com'
260
                expect(gl_user.identities.length).to be 2
261 262
                identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } }
                expect(identities_as_hash).to match_array(
263
                  [
264
                    { provider: 'ldapmain', extern_uid: dn },
265 266 267
                    { provider: 'twitter', extern_uid: uid }
                  ]
                )
268
              end
269
            end
270 271 272 273 274 275 276 277 278

            context 'when an LDAP person is not found by uid' do
              it 'tries to find an LDAP person by DN and adds the omniauth identity to the user' do
                allow(Gitlab::LDAP::Person).to receive(:find_by_uid).and_return(nil)
                allow(Gitlab::LDAP::Person).to receive(:find_by_dn).and_return(ldap_user)

                oauth_user.save

                identities_as_hash = gl_user.identities.map { |id| { provider: id.provider, extern_uid: id.extern_uid } }
279 280
                expect(identities_as_hash)
                  .to match_array(
281
                    [
282
                      { provider: 'ldapmain', extern_uid: dn },
283 284 285 286 287
                      { provider: 'twitter', extern_uid: uid }
                    ]
                  )
              end
            end
288
          end
289

290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309
          context 'and a corresponding LDAP person with a non-default username' do
            before do
              allow(ldap_user).to receive(:uid) { uid }
              allow(ldap_user).to receive(:username) { 'johndoe@example.com' }
              allow(ldap_user).to receive(:email) { %w(johndoe@example.com john2@example.com) }
              allow(ldap_user).to receive(:dn) { dn }
            end

            context 'and no account for the LDAP user' do
              it 'creates a user favoring the LDAP username and strips email domain' do
                allow(Gitlab::LDAP::Person).to receive(:find_by_uid).and_return(ldap_user)

                oauth_user.save

                expect(gl_user).to be_valid
                expect(gl_user.username).to eql 'johndoe'
              end
            end
          end

310
          context "and no corresponding LDAP person" do
311 312 313
            before do
              allow(Gitlab::LDAP::Person).to receive(:find_by_uid).and_return(nil)
            end
314

315 316
            include_examples "to verify compliance with allow_single_sign_on"
          end
317
        end
318
      end
319
    end
320

321 322
    describe 'blocking' do
      let(:provider) { 'twitter' }
323 324 325 326

      before do
        stub_omniauth_config(allow_single_sign_on: ['twitter'])
      end
327

328
      context 'signup with omniauth only' do
329
        context 'dont block on create' do
330 331 332
          before do
            stub_omniauth_config(block_auto_created_users: false)
          end
333 334 335

          it do
            oauth_user.save
336 337
            expect(gl_user).to be_valid
            expect(gl_user).not_to be_blocked
338 339 340 341
          end
        end

        context 'block on create' do
342 343 344
          before do
            stub_omniauth_config(block_auto_created_users: true)
          end
345 346 347

          it do
            oauth_user.save
348 349
            expect(gl_user).to be_valid
            expect(gl_user).to be_blocked
350 351 352 353
          end
        end
      end

354 355
      context 'signup with linked omniauth and LDAP account' do
        before do
356 357 358
          stub_omniauth_config(auto_link_ldap_user: true)
          allow(ldap_user).to receive(:uid) { uid }
          allow(ldap_user).to receive(:username) { uid }
359
          allow(ldap_user).to receive(:email) { ['johndoe@example.com', 'john2@example.com'] }
360 361
          allow(ldap_user).to receive(:dn) { dn }
          allow(Gitlab::LDAP::Person).to receive(:find_by_uid).and_return(ldap_user)
362 363 364 365
        end

        context "and no account for the LDAP user" do
          context 'dont block on create (LDAP)' do
366 367 368
            before do
              allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: false)
            end
369 370 371 372 373 374 375 376 377

            it do
              oauth_user.save
              expect(gl_user).to be_valid
              expect(gl_user).not_to be_blocked
            end
          end

          context 'block on create (LDAP)' do
378 379 380
            before do
              allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: true)
            end
381 382 383 384 385 386 387 388 389 390

            it do
              oauth_user.save
              expect(gl_user).to be_valid
              expect(gl_user).to be_blocked
            end
          end
        end

        context 'and LDAP user has an account already' do
391
          let!(:existing_user) { create(:omniauth_user, email: 'john@example.com', extern_uid: dn, provider: 'ldapmain', username: 'john') }
392 393

          context 'dont block on create (LDAP)' do
394 395 396
            before do
              allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: false)
            end
397 398 399 400 401 402 403 404 405

            it do
              oauth_user.save
              expect(gl_user).to be_valid
              expect(gl_user).not_to be_blocked
            end
          end

          context 'block on create (LDAP)' do
406 407 408
            before do
              allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: true)
            end
409 410 411 412 413 414 415 416 417 418

            it do
              oauth_user.save
              expect(gl_user).to be_valid
              expect(gl_user).not_to be_blocked
            end
          end
        end
      end

419 420 421 422 423 424 425
      context 'sign-in' do
        before do
          oauth_user.save
          oauth_user.gl_user.activate
        end

        context 'dont block on create' do
426 427 428
          before do
            stub_omniauth_config(block_auto_created_users: false)
          end
429 430 431

          it do
            oauth_user.save
432 433
            expect(gl_user).to be_valid
            expect(gl_user).not_to be_blocked
434 435 436 437
          end
        end

        context 'block on create' do
438 439 440
          before do
            stub_omniauth_config(block_auto_created_users: true)
          end
441 442 443

          it do
            oauth_user.save
444 445
            expect(gl_user).to be_valid
            expect(gl_user).not_to be_blocked
446 447
          end
        end
448 449

        context 'dont block on create (LDAP)' do
450 451 452
          before do
            allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: false)
          end
453 454 455 456 457 458 459 460 461

          it do
            oauth_user.save
            expect(gl_user).to be_valid
            expect(gl_user).not_to be_blocked
          end
        end

        context 'block on create (LDAP)' do
462 463 464
          before do
            allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: true)
          end
465 466 467 468 469 470 471

          it do
            oauth_user.save
            expect(gl_user).to be_valid
            expect(gl_user).not_to be_blocked
          end
        end
472 473
      end
    end
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
474
  end
475

476
  describe 'ensure backwards compatibility with with sync email from provider option' do
477 478 479 480
    let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }

    before do
      stub_omniauth_config(sync_email_from_provider: 'my-provider')
481
      stub_omniauth_config(sync_profile_from_provider: ['my-provider'])
482 483 484 485 486 487 488
    end

    context "when provider sets an email" do
      it "updates the user email" do
        expect(gl_user.email).to eq(info_hash[:email])
      end

489 490 491 492 493 494
      it "has email set as synced" do
        expect(gl_user.user_synced_attributes_metadata.email_synced).to be_truthy
      end

      it "has email set as read-only" do
        expect(gl_user.read_only_attribute?(:email)).to be_truthy
495 496
      end

497
      it "has synced attributes provider set to my-provider" do
498
        expect(gl_user.user_synced_attributes_metadata.provider).to eql 'my-provider'
499 500 501 502 503 504 505 506 507 508 509 510
      end
    end

    context "when provider doesn't set an email" do
      before do
        info_hash.delete(:email)
      end

      it "does not update the user email" do
        expect(gl_user.email).not_to eq(info_hash[:email])
      end

511
      it "has email set as not synced" do
512
        expect(gl_user.user_synced_attributes_metadata.email_synced).to be_falsey
513
      end
514 515 516 517

      it "does not have email set as read-only" do
        expect(gl_user.read_only_attribute?(:email)).to be_falsey
      end
518 519
    end
  end
520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543

  describe 'generating username' do
    context 'when no collision with existing user' do
      it 'generates the username with no counter' do
        expect(gl_user.username).to eq('johngitlab-ETC')
      end
    end

    context 'when collision with existing user' do
      it 'generates the username with a counter' do
        oauth_user.save
        oauth_user2 = described_class.new(OmniAuth::AuthHash.new(uid: 'my-uid2', provider: provider, info: { nickname: 'johngitlab-ETC@othermail.com', email: 'john@othermail.com' }))

        expect(oauth_user2.gl_user.username).to eq('johngitlab-ETC1')
      end
    end

    context 'when username is a reserved word' do
      let(:info_hash) do
        {
          nickname: 'admin@othermail.com',
          email: 'admin@othermail.com'
        }
      end
544

545 546 547 548 549
      it 'generates the username with a counter' do
        expect(gl_user.username).to eq('admin1')
      end
    end
  end
550 551 552 553 554 555 556 557 558 559 560 561 562 563

  describe 'updating email with sync profile' do
    let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }

    before do
      stub_omniauth_config(sync_profile_from_provider: ['my-provider'])
      stub_omniauth_config(sync_profile_attributes: true)
    end

    context "when provider sets an email" do
      it "updates the user email" do
        expect(gl_user.email).to eq(info_hash[:email])
      end

564
      it "has email set as synced" do
565 566 567
        expect(gl_user.user_synced_attributes_metadata.email_synced).to be(true)
      end

568 569 570 571 572
      it "has email set as read-only" do
        expect(gl_user.read_only_attribute?(:email)).to be_truthy
      end

      it "has synced attributes provider set to my-provider" do
573 574 575 576 577 578 579 580 581 582 583
        expect(gl_user.user_synced_attributes_metadata.provider).to eql 'my-provider'
      end
    end

    context "when provider doesn't set an email" do
      before do
        info_hash.delete(:email)
      end

      it "does not update the user email" do
        expect(gl_user.email).not_to eq(info_hash[:email])
584 585 586 587 588 589 590 591
      end

      it "has email set as not synced" do
        expect(gl_user.user_synced_attributes_metadata.email_synced).to be_falsey
      end

      it "does not have email set as read-only" do
        expect(gl_user.read_only_attribute?(:email)).to be_falsey
592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728
      end
    end
  end

  describe 'updating name' do
    let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }

    before do
      stub_omniauth_setting(sync_profile_from_provider: ['my-provider'])
      stub_omniauth_setting(sync_profile_attributes: true)
    end

    context "when provider sets a name" do
      it "updates the user name" do
        expect(gl_user.name).to eq(info_hash[:name])
      end
    end

    context "when provider doesn't set a name" do
      before do
        info_hash.delete(:name)
      end

      it "does not update the user name" do
        expect(gl_user.name).not_to eq(info_hash[:name])
        expect(gl_user.user_synced_attributes_metadata.name_synced).to be(false)
      end
    end
  end

  describe 'updating location' do
    let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }

    before do
      stub_omniauth_setting(sync_profile_from_provider: ['my-provider'])
      stub_omniauth_setting(sync_profile_attributes: true)
    end

    context "when provider sets a location" do
      it "updates the user location" do
        expect(gl_user.location).to eq(info_hash[:address][:locality] + ', ' + info_hash[:address][:country])
        expect(gl_user.user_synced_attributes_metadata.location_synced).to be(true)
      end
    end

    context "when provider doesn't set a location" do
      before do
        info_hash[:address].delete(:country)
        info_hash[:address].delete(:locality)
      end

      it "does not update the user location" do
        expect(gl_user.location).to be_nil
        expect(gl_user.user_synced_attributes_metadata.location_synced).to be(false)
      end
    end
  end

  describe 'updating user info' do
    let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }

    context "update all info" do
      before do
        stub_omniauth_setting(sync_profile_from_provider: ['my-provider'])
        stub_omniauth_setting(sync_profile_attributes: true)
      end

      it "updates the user email" do
        expect(gl_user.email).to eq(info_hash[:email])
        expect(gl_user.user_synced_attributes_metadata.email_synced).to be(true)
      end

      it "updates the user name" do
        expect(gl_user.name).to eq(info_hash[:name])
        expect(gl_user.user_synced_attributes_metadata.name_synced).to be(true)
      end

      it "updates the user location" do
        expect(gl_user.location).to eq(info_hash[:address][:locality] + ', ' + info_hash[:address][:country])
        expect(gl_user.user_synced_attributes_metadata.location_synced).to be(true)
      end

      it "sets my-provider as the attributes provider" do
        expect(gl_user.user_synced_attributes_metadata.provider).to eql('my-provider')
      end
    end

    context "update only requested info" do
      before do
        stub_omniauth_setting(sync_profile_from_provider: ['my-provider'])
        stub_omniauth_setting(sync_profile_attributes: %w(name location))
      end

      it "updates the user name" do
        expect(gl_user.name).to eq(info_hash[:name])
        expect(gl_user.user_synced_attributes_metadata.name_synced).to be(true)
      end

      it "updates the user location" do
        expect(gl_user.location).to eq(info_hash[:address][:locality] + ', ' + info_hash[:address][:country])
        expect(gl_user.user_synced_attributes_metadata.location_synced).to be(true)
      end

      it "does not update the user email" do
        expect(gl_user.user_synced_attributes_metadata.email_synced).to be(false)
      end
    end

    context "update default_scope" do
      before do
        stub_omniauth_setting(sync_profile_from_provider: ['my-provider'])
      end

      it "updates the user email" do
        expect(gl_user.email).to eq(info_hash[:email])
        expect(gl_user.user_synced_attributes_metadata.email_synced).to be(true)
      end
    end

    context "update no info when profile sync is nil" do
      it "does not have sync_attribute" do
        expect(gl_user.user_synced_attributes_metadata).to be(nil)
      end

      it "does not update the user email" do
        expect(gl_user.email).not_to eq(info_hash[:email])
      end

      it "does not update the user name" do
        expect(gl_user.name).not_to eq(info_hash[:name])
      end

      it "does not update the user location" do
        expect(gl_user.location).not_to eq(info_hash[:address][:country])
      end
    end
  end
729 730 731 732 733 734 735 736 737

  describe '.find_by_uid_and_provider' do
    let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }

    it 'normalizes extern_uid' do
      allow(oauth_user.auth_hash).to receive(:uid).and_return('MY-UID')
      expect(oauth_user.find_user).to eql gl_user
    end
  end
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
738
end