Test the "Remember Me" flow for OAuth-based login.

spec/features/oauth_login_spec.rb

@@ -19,7 +19,7 @@ feature 'OAuth Login', feature: true, js: true do
   providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2, :facebook]
 
   before do
-    OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') }
+    OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(/#{request['REQUEST_PATH']}.*/, '') }
 
     messages = {
       enabled: true,
@@ -39,7 +39,6 @@ feature 'OAuth Login', feature: true, js: true do
           login_via(provider.to_s, user, 'my-uid')
 
           expect(current_path).to eq root_path
-          save_screenshot
         end
       end
 
@@ -53,6 +52,64 @@ feature 'OAuth Login', feature: true, js: true do
           expect(current_path).to eq root_path
         end
       end
+
+      context 'when "remember me" is checked' do
+        context "when two-factor authentication is disabled" do
+          it 'remembers the user after a browser restart' do
+            stub_omniauth_config(provider)
+            user = create(:omniauth_user, extern_uid: 'my-uid', provider: provider.to_s)
+            login_via(provider.to_s, user, 'my-uid', remember_me: true)
+
+            restart_browser
+
+            visit(root_path)
+            expect(current_path).to eq root_path
+          end
+        end
+
+        context "when two-factor authentication is enabled" do
+          it 'remembers the user after a browser restart' do
+            stub_omniauth_config(provider)
+            user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: provider.to_s)
+            login_via(provider.to_s, user, 'my-uid', remember_me: true)
+            enter_code(user.current_otp)
+
+            restart_browser
+
+            visit(root_path)
+            expect(current_path).to eq root_path
+          end
+        end
+      end
+
+      context 'when "remember me" is not checked' do
+        context "when two-factor authentication is disabled" do
+          it 'does not remember the user after a browser restart' do
+            stub_omniauth_config(provider)
+            user = create(:omniauth_user, extern_uid: 'my-uid', provider: provider.to_s)
+            login_via(provider.to_s, user, 'my-uid', remember_me: false)
+
+            restart_browser
+
+            visit(root_path)
+            expect(current_path).to eq new_user_session_path
+          end
+        end
+
+        context "when two-factor authentication is enabled" do
+          it 'remembers the user after a browser restart' do
+            stub_omniauth_config(provider)
+            user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: provider.to_s)
+            login_via(provider.to_s, user, 'my-uid', remember_me: false)
+            enter_code(user.current_otp)
+
+            restart_browser
+
+            visit(root_path)
+            expect(current_path).to eq new_user_session_path
+          end
+        end
+      end
     end
   end
 end

spec/support/capybara_helpers.rb

@@ -35,6 +35,11 @@ module CapybaraHelpers
     visit 'about:blank'
     visit url
   end
+
+  # Simulate a browser restart by clearing the session cookie.
+  def restart_browser
+    page.driver.remove_cookie('_gitlab_session')
+  end
 end
 
 RSpec.configure do |config|

spec/support/login_helpers.rb

@@ -62,10 +62,13 @@ module LoginHelpers
     Thread.current[:current_user] = user
   end
 
-  def login_via(provider, user, uid)
+  def login_via(provider, user, uid, remember_me: false)
     mock_auth_hash(provider, uid, user.email)
     visit new_user_session_path
     expect(page).to have_content('Sign in with')
+
+    check "Remember Me" if remember_me
+
     click_link "oauth-login-#{provider}"
   end