Commit 4cd1e372 authored by Etienne Baqué's avatar Etienne Baqué

Refactored tests related to Omniauth users

Also added an ldap trait to the omniauth_user factory.
parent f9caa6a1
...@@ -5,7 +5,7 @@ require 'spec_helper' ...@@ -5,7 +5,7 @@ require 'spec_helper'
RSpec.describe Gitlab::Auth::Ldap::Access do RSpec.describe Gitlab::Auth::Ldap::Access do
include LdapHelpers include LdapHelpers
let(:user) { create(:omniauth_user) } let(:user) { create(:omniauth_user, :ldap) }
let(:provider) { user.ldap_identity.provider } let(:provider) { user.ldap_identity.provider }
subject(:access) { described_class.new(user) } subject(:access) { described_class.new(user) }
......
...@@ -12,7 +12,7 @@ module Gitlab ...@@ -12,7 +12,7 @@ module Gitlab
class User < Gitlab::Auth::OAuth::User class User < Gitlab::Auth::OAuth::User
extend ::Gitlab::Utils::Override extend ::Gitlab::Utils::Override
def save def save
super('LDAP') super(protocol_name)
end end
# instance methods # instance methods
...@@ -44,6 +44,10 @@ module Gitlab ...@@ -44,6 +44,10 @@ module Gitlab
def auth_hash=(auth_hash) def auth_hash=(auth_hash)
@auth_hash = Gitlab::Auth::Ldap::AuthHash.new(auth_hash) @auth_hash = Gitlab::Auth::Ldap::AuthHash.new(auth_hash)
end end
def protocol_name
'LDAP'
end
end end
end end
end end
......
...@@ -96,6 +96,10 @@ module Gitlab ...@@ -96,6 +96,10 @@ module Gitlab
end end
end end
def protocol_name
''
end
protected protected
def should_save? def should_save?
......
...@@ -12,7 +12,7 @@ module Gitlab ...@@ -12,7 +12,7 @@ module Gitlab
extend ::Gitlab::Utils::Override extend ::Gitlab::Utils::Override
def save def save
super('SAML') super(protocol_name)
end end
def find_user def find_user
...@@ -40,6 +40,10 @@ module Gitlab ...@@ -40,6 +40,10 @@ module Gitlab
saml_config.upstream_two_factor_authn_contexts&.include?(auth_hash.authn_context) saml_config.upstream_two_factor_authn_contexts&.include?(auth_hash.authn_context)
end end
def protocol_name
'SAML'
end
protected protected
def saml_config def saml_config
......
...@@ -151,7 +151,7 @@ FactoryBot.define do ...@@ -151,7 +151,7 @@ FactoryBot.define do
transient do transient do
extern_uid { '123456' } extern_uid { '123456' }
provider { 'ldapmain' } provider { 'twitter' }
end end
after(:create) do |user, evaluator| after(:create) do |user, evaluator|
...@@ -166,6 +166,12 @@ FactoryBot.define do ...@@ -166,6 +166,12 @@ FactoryBot.define do
user.identities << create(:identity, identity_attrs) user.identities << create(:identity, identity_attrs)
end end
trait :ldap do
transient do
provider { 'ldapmain' }
end
end
end end
factory :atlassian_user do factory :atlassian_user do
......
...@@ -5,7 +5,7 @@ require 'spec_helper' ...@@ -5,7 +5,7 @@ require 'spec_helper'
RSpec.describe Gitlab::Auth::Ldap::Access do RSpec.describe Gitlab::Auth::Ldap::Access do
include LdapHelpers include LdapHelpers
let(:user) { create(:omniauth_user) } let(:user) { create(:omniauth_user, :ldap) }
subject(:access) { described_class.new(user) } subject(:access) { described_class.new(user) }
......
...@@ -4,7 +4,7 @@ require 'spec_helper' ...@@ -4,7 +4,7 @@ require 'spec_helper'
RSpec.describe Gitlab::Auth::Ldap::Authentication do RSpec.describe Gitlab::Auth::Ldap::Authentication do
let(:dn) { 'uid=John Smith, ou=People, dc=example, dc=com' } let(:dn) { 'uid=John Smith, ou=People, dc=example, dc=com' }
let(:user) { create(:omniauth_user, extern_uid: Gitlab::Auth::Ldap::Person.normalize_dn(dn)) } let(:user) { create(:omniauth_user, :ldap, extern_uid: Gitlab::Auth::Ldap::Person.normalize_dn(dn)) }
let(:login) { 'john' } let(:login) { 'john' }
let(:password) { 'password' } let(:password) { 'password' }
......
...@@ -577,28 +577,66 @@ RSpec.describe Gitlab::Auth::OAuth::User do ...@@ -577,28 +577,66 @@ RSpec.describe Gitlab::Auth::OAuth::User do
stub_omniauth_config(allow_single_sign_on: ['twitter']) stub_omniauth_config(allow_single_sign_on: ['twitter'])
end end
context 'signup with omniauth only' do shared_examples 'being blocked on creation' do
context 'dont block on create' do context 'when blocking on creation' do
before do it 'creates a blocked user' do
stub_omniauth_config(block_auto_created_users: false) oauth_user.save # rubocop:disable Rails/SaveBang
expect(gl_user).to be_valid
expect(gl_user).to be_blocked
end end
it do context 'when a sign up user cap has been set up but has not been reached yet' do
it 'still creates a blocked user' do
allow(Gitlab::CurrentSettings).to receive(:new_user_signups_cap).and_return(999)
oauth_user.save # rubocop:disable Rails/SaveBang
expect(gl_user).to be_valid
expect(gl_user).to be_blocked
end
end
end
end
shared_examples 'not being blocked on creation' do
context 'when not blocking on creation' do
it 'creates a non-blocked user' do
oauth_user.save # rubocop:disable Rails/SaveBang oauth_user.save # rubocop:disable Rails/SaveBang
expect(gl_user).to be_valid expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked expect(gl_user).not_to be_blocked
end end
end end
end
context 'signup with SAML' do
let(:provider) { 'saml' }
before do
stub_omniauth_config({
allow_single_sign_on: ['saml'],
auto_link_saml_user: true,
block_auto_created_users: block_auto_created_users
})
end
it_behaves_like 'being blocked on creation' do
let(:block_auto_created_users) { true }
end
it_behaves_like 'not being blocked on creation' do
let(:block_auto_created_users) { false }
end
end
context 'block on create' do context 'signup with omniauth only' do
it_behaves_like 'being blocked on creation' do
before do before do
stub_omniauth_config(block_auto_created_users: true) stub_omniauth_config(block_auto_created_users: true)
end end
end
it do it_behaves_like 'not being blocked on creation' do
oauth_user.save # rubocop:disable Rails/SaveBang before do
expect(gl_user).to be_valid stub_omniauth_config(block_auto_created_users: false)
expect(gl_user).to be_blocked
end end
end end
end end
...@@ -614,64 +652,40 @@ RSpec.describe Gitlab::Auth::OAuth::User do ...@@ -614,64 +652,40 @@ RSpec.describe Gitlab::Auth::OAuth::User do
end end
context "and no account for the LDAP user" do context "and no account for the LDAP user" do
context 'dont block on create (LDAP)' do it_behaves_like 'being blocked on creation' do
before do before do
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance| allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive_messages(block_auto_created_users: false) allow(instance).to receive_messages(block_auto_created_users: true)
end end
end end
it do
oauth_user.save # rubocop:disable Rails/SaveBang
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end end
context 'block on create (LDAP)' do it_behaves_like 'not being blocked on creation' do
before do before do
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance| allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive_messages(block_auto_created_users: true) allow(instance).to receive_messages(block_auto_created_users: false)
end end
end end
it do
oauth_user.save # rubocop:disable Rails/SaveBang
expect(gl_user).to be_valid
expect(gl_user).to be_blocked
end
end end
end end
context 'and LDAP user has an account already' do context 'and LDAP user has an account already' do
let!(:existing_user) { create(:omniauth_user, email: 'john@example.com', extern_uid: dn, provider: 'ldapmain', username: 'john') } let!(:existing_user) { create(:omniauth_user, email: 'john@example.com', extern_uid: dn, provider: 'ldapmain', username: 'john') }
context 'dont block on create (LDAP)' do it_behaves_like 'not being blocked on creation' do
before do before do
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance| allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive_messages(block_auto_created_users: false) allow(instance).to receive_messages(block_auto_created_users: false)
end end
end end
it do
oauth_user.save # rubocop:disable Rails/SaveBang
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end end
context 'block on create (LDAP)' do it_behaves_like 'not being blocked on creation' do
before do before do
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance| allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive_messages(block_auto_created_users: true) allow(instance).to receive_messages(block_auto_created_users: true)
end end
end end
it do
oauth_user.save # rubocop:disable Rails/SaveBang
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end end
end end
end end
...@@ -682,56 +696,32 @@ RSpec.describe Gitlab::Auth::OAuth::User do ...@@ -682,56 +696,32 @@ RSpec.describe Gitlab::Auth::OAuth::User do
oauth_user.gl_user.activate oauth_user.gl_user.activate
end end
context 'dont block on create' do it_behaves_like 'not being blocked on creation' do
before do before do
stub_omniauth_config(block_auto_created_users: false) stub_omniauth_config(block_auto_created_users: false)
end end
it do
oauth_user.save # rubocop:disable Rails/SaveBang
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end end
context 'block on create' do it_behaves_like 'not being blocked on creation' do
before do before do
stub_omniauth_config(block_auto_created_users: true) stub_omniauth_config(block_auto_created_users: true)
end end
it do
oauth_user.save # rubocop:disable Rails/SaveBang
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end end
context 'dont block on create (LDAP)' do it_behaves_like 'not being blocked on creation' do
before do before do
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance| allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive_messages(block_auto_created_users: false) allow(instance).to receive_messages(block_auto_created_users: false)
end end
end end
it do
oauth_user.save # rubocop:disable Rails/SaveBang
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end end
context 'block on create (LDAP)' do it_behaves_like 'not being blocked on creation' do
before do before do
allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance| allow_next_instance_of(Gitlab::Auth::Ldap::Config) do |instance|
allow(instance).to receive_messages(block_auto_created_users: true) allow(instance).to receive_messages(block_auto_created_users: true)
end end
end end
it do
oauth_user.save # rubocop:disable Rails/SaveBang
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end end
end end
end end
...@@ -1057,4 +1047,10 @@ RSpec.describe Gitlab::Auth::OAuth::User do ...@@ -1057,4 +1047,10 @@ RSpec.describe Gitlab::Auth::OAuth::User do
expect(oauth_user.bypass_two_factor?).to be_falsey expect(oauth_user.bypass_two_factor?).to be_falsey
end end
end end
describe '#protocol_name' do
it 'is empty' do
expect(oauth_user.protocol_name).to eq('')
end
end
end end
...@@ -3090,7 +3090,7 @@ RSpec.describe User do ...@@ -3090,7 +3090,7 @@ RSpec.describe User do
describe '#ldap_identity' do describe '#ldap_identity' do
it 'returns ldap identity' do it 'returns ldap identity' do
user = create :omniauth_user user = create(:omniauth_user, :ldap)
expect(user.ldap_identity.provider).not_to be_empty expect(user.ldap_identity.provider).not_to be_empty
end end
......
...@@ -11,6 +11,7 @@ RSpec.describe API::Users do ...@@ -11,6 +11,7 @@ RSpec.describe API::Users do
let(:blocked_user) { create(:user, :blocked) } let(:blocked_user) { create(:user, :blocked) }
let(:omniauth_user) { create(:omniauth_user) } let(:omniauth_user) { create(:omniauth_user) }
let(:ldap_user) { create(:omniauth_user, provider: 'ldapmain') }
let(:ldap_blocked_user) { create(:omniauth_user, provider: 'ldapmain', state: 'ldap_blocked') } let(:ldap_blocked_user) { create(:omniauth_user, provider: 'ldapmain', state: 'ldap_blocked') }
let(:private_user) { create(:user, private_profile: true) } let(:private_user) { create(:user, private_profile: true) }
let(:deactivated_user) { create(:user, state: 'deactivated') } let(:deactivated_user) { create(:user, state: 'deactivated') }
...@@ -1293,10 +1294,10 @@ RSpec.describe API::Users do ...@@ -1293,10 +1294,10 @@ RSpec.describe API::Users do
end end
it "updates user's existing identity" do it "updates user's existing identity" do
put api("/users/#{omniauth_user.id}", admin), params: { provider: 'ldapmain', extern_uid: '654321' } put api("/users/#{ldap_user.id}", admin), params: { provider: 'ldapmain', extern_uid: '654321' }
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
expect(omniauth_user.reload.identities.first.extern_uid).to eq('654321') expect(ldap_user.reload.identities.first.extern_uid).to eq('654321')
end end
it 'updates user with new identity' do it 'updates user with new identity' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment