Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
4cd1e372
Commit
4cd1e372
authored
Feb 28, 2022
by
Etienne Baqué
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactored tests related to Omniauth users
Also added an ldap trait to the omniauth_user factory.
parent
f9caa6a1
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
92 additions
and
77 deletions
+92
-77
ee/spec/lib/gitlab/auth/ldap/access_spec.rb
ee/spec/lib/gitlab/auth/ldap/access_spec.rb
+1
-1
lib/gitlab/auth/ldap/user.rb
lib/gitlab/auth/ldap/user.rb
+5
-1
lib/gitlab/auth/o_auth/user.rb
lib/gitlab/auth/o_auth/user.rb
+4
-0
lib/gitlab/auth/saml/user.rb
lib/gitlab/auth/saml/user.rb
+5
-1
spec/factories/users.rb
spec/factories/users.rb
+7
-1
spec/lib/gitlab/auth/ldap/access_spec.rb
spec/lib/gitlab/auth/ldap/access_spec.rb
+1
-1
spec/lib/gitlab/auth/ldap/authentication_spec.rb
spec/lib/gitlab/auth/ldap/authentication_spec.rb
+1
-1
spec/lib/gitlab/auth/o_auth/user_spec.rb
spec/lib/gitlab/auth/o_auth/user_spec.rb
+64
-68
spec/models/user_spec.rb
spec/models/user_spec.rb
+1
-1
spec/requests/api/users_spec.rb
spec/requests/api/users_spec.rb
+3
-2
No files found.
ee/spec/lib/gitlab/auth/ldap/access_spec.rb
View file @
4cd1e372
...
@@ -5,7 +5,7 @@ require 'spec_helper'
...
@@ -5,7 +5,7 @@ require 'spec_helper'
RSpec
.
describe
Gitlab
::
Auth
::
Ldap
::
Access
do
RSpec
.
describe
Gitlab
::
Auth
::
Ldap
::
Access
do
include
LdapHelpers
include
LdapHelpers
let
(
:user
)
{
create
(
:omniauth_user
)
}
let
(
:user
)
{
create
(
:omniauth_user
,
:ldap
)
}
let
(
:provider
)
{
user
.
ldap_identity
.
provider
}
let
(
:provider
)
{
user
.
ldap_identity
.
provider
}
subject
(
:access
)
{
described_class
.
new
(
user
)
}
subject
(
:access
)
{
described_class
.
new
(
user
)
}
...
...
lib/gitlab/auth/ldap/user.rb
View file @
4cd1e372
...
@@ -12,7 +12,7 @@ module Gitlab
...
@@ -12,7 +12,7 @@ module Gitlab
class
User
<
Gitlab
::
Auth
::
OAuth
::
User
class
User
<
Gitlab
::
Auth
::
OAuth
::
User
extend
::
Gitlab
::
Utils
::
Override
extend
::
Gitlab
::
Utils
::
Override
def
save
def
save
super
(
'LDAP'
)
super
(
protocol_name
)
end
end
# instance methods
# instance methods
...
@@ -44,6 +44,10 @@ module Gitlab
...
@@ -44,6 +44,10 @@ module Gitlab
def
auth_hash
=
(
auth_hash
)
def
auth_hash
=
(
auth_hash
)
@auth_hash
=
Gitlab
::
Auth
::
Ldap
::
AuthHash
.
new
(
auth_hash
)
@auth_hash
=
Gitlab
::
Auth
::
Ldap
::
AuthHash
.
new
(
auth_hash
)
end
end
def
protocol_name
'LDAP'
end
end
end
end
end
end
end
...
...
lib/gitlab/auth/o_auth/user.rb
View file @
4cd1e372
...
@@ -96,6 +96,10 @@ module Gitlab
...
@@ -96,6 +96,10 @@ module Gitlab
end
end
end
end
def
protocol_name
''
end
protected
protected
def
should_save?
def
should_save?
...
...
lib/gitlab/auth/saml/user.rb
View file @
4cd1e372
...
@@ -12,7 +12,7 @@ module Gitlab
...
@@ -12,7 +12,7 @@ module Gitlab
extend
::
Gitlab
::
Utils
::
Override
extend
::
Gitlab
::
Utils
::
Override
def
save
def
save
super
(
'SAML'
)
super
(
protocol_name
)
end
end
def
find_user
def
find_user
...
@@ -40,6 +40,10 @@ module Gitlab
...
@@ -40,6 +40,10 @@ module Gitlab
saml_config
.
upstream_two_factor_authn_contexts
&
.
include?
(
auth_hash
.
authn_context
)
saml_config
.
upstream_two_factor_authn_contexts
&
.
include?
(
auth_hash
.
authn_context
)
end
end
def
protocol_name
'SAML'
end
protected
protected
def
saml_config
def
saml_config
...
...
spec/factories/users.rb
View file @
4cd1e372
...
@@ -151,7 +151,7 @@ FactoryBot.define do
...
@@ -151,7 +151,7 @@ FactoryBot.define do
transient
do
transient
do
extern_uid
{
'123456'
}
extern_uid
{
'123456'
}
provider
{
'
ldapmain
'
}
provider
{
'
twitter
'
}
end
end
after
(
:create
)
do
|
user
,
evaluator
|
after
(
:create
)
do
|
user
,
evaluator
|
...
@@ -166,6 +166,12 @@ FactoryBot.define do
...
@@ -166,6 +166,12 @@ FactoryBot.define do
user
.
identities
<<
create
(
:identity
,
identity_attrs
)
user
.
identities
<<
create
(
:identity
,
identity_attrs
)
end
end
trait
:ldap
do
transient
do
provider
{
'ldapmain'
}
end
end
end
end
factory
:atlassian_user
do
factory
:atlassian_user
do
...
...
spec/lib/gitlab/auth/ldap/access_spec.rb
View file @
4cd1e372
...
@@ -5,7 +5,7 @@ require 'spec_helper'
...
@@ -5,7 +5,7 @@ require 'spec_helper'
RSpec
.
describe
Gitlab
::
Auth
::
Ldap
::
Access
do
RSpec
.
describe
Gitlab
::
Auth
::
Ldap
::
Access
do
include
LdapHelpers
include
LdapHelpers
let
(
:user
)
{
create
(
:omniauth_user
)
}
let
(
:user
)
{
create
(
:omniauth_user
,
:ldap
)
}
subject
(
:access
)
{
described_class
.
new
(
user
)
}
subject
(
:access
)
{
described_class
.
new
(
user
)
}
...
...
spec/lib/gitlab/auth/ldap/authentication_spec.rb
View file @
4cd1e372
...
@@ -4,7 +4,7 @@ require 'spec_helper'
...
@@ -4,7 +4,7 @@ require 'spec_helper'
RSpec
.
describe
Gitlab
::
Auth
::
Ldap
::
Authentication
do
RSpec
.
describe
Gitlab
::
Auth
::
Ldap
::
Authentication
do
let
(
:dn
)
{
'uid=John Smith, ou=People, dc=example, dc=com'
}
let
(
:dn
)
{
'uid=John Smith, ou=People, dc=example, dc=com'
}
let
(
:user
)
{
create
(
:omniauth_user
,
extern_uid:
Gitlab
::
Auth
::
Ldap
::
Person
.
normalize_dn
(
dn
))
}
let
(
:user
)
{
create
(
:omniauth_user
,
:ldap
,
extern_uid:
Gitlab
::
Auth
::
Ldap
::
Person
.
normalize_dn
(
dn
))
}
let
(
:login
)
{
'john'
}
let
(
:login
)
{
'john'
}
let
(
:password
)
{
'password'
}
let
(
:password
)
{
'password'
}
...
...
spec/lib/gitlab/auth/o_auth/user_spec.rb
View file @
4cd1e372
...
@@ -577,28 +577,66 @@ RSpec.describe Gitlab::Auth::OAuth::User do
...
@@ -577,28 +577,66 @@ RSpec.describe Gitlab::Auth::OAuth::User do
stub_omniauth_config
(
allow_single_sign_on:
[
'twitter'
])
stub_omniauth_config
(
allow_single_sign_on:
[
'twitter'
])
end
end
context
'signup with omniauth only'
do
shared_examples
'being blocked on creation'
do
context
'dont block on create'
do
context
'when blocking on creation'
do
before
do
it
'creates a blocked user'
do
stub_omniauth_config
(
block_auto_created_users:
false
)
oauth_user
.
save
# rubocop:disable Rails/SaveBang
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
).
to
be_blocked
end
end
it
do
context
'when a sign up user cap has been set up but has not been reached yet'
do
it
'still creates a blocked user'
do
allow
(
Gitlab
::
CurrentSettings
).
to
receive
(
:new_user_signups_cap
).
and_return
(
999
)
oauth_user
.
save
# rubocop:disable Rails/SaveBang
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
).
to
be_blocked
end
end
end
end
shared_examples
'not being blocked on creation'
do
context
'when not blocking on creation'
do
it
'creates a non-blocked user'
do
oauth_user
.
save
# rubocop:disable Rails/SaveBang
oauth_user
.
save
# rubocop:disable Rails/SaveBang
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
).
not_to
be_blocked
expect
(
gl_user
).
not_to
be_blocked
end
end
end
end
end
context
'signup with SAML'
do
let
(
:provider
)
{
'saml'
}
before
do
stub_omniauth_config
({
allow_single_sign_on:
[
'saml'
],
auto_link_saml_user:
true
,
block_auto_created_users:
block_auto_created_users
})
end
it_behaves_like
'being blocked on creation'
do
let
(
:block_auto_created_users
)
{
true
}
end
it_behaves_like
'not being blocked on creation'
do
let
(
:block_auto_created_users
)
{
false
}
end
end
context
'block on create'
do
context
'signup with omniauth only'
do
it_behaves_like
'being blocked on creation'
do
before
do
before
do
stub_omniauth_config
(
block_auto_created_users:
true
)
stub_omniauth_config
(
block_auto_created_users:
true
)
end
end
end
it
do
it_behaves_like
'not being blocked on creation'
do
oauth_user
.
save
# rubocop:disable Rails/SaveBang
before
do
expect
(
gl_user
).
to
be_valid
stub_omniauth_config
(
block_auto_created_users:
false
)
expect
(
gl_user
).
to
be_blocked
end
end
end
end
end
end
...
@@ -614,64 +652,40 @@ RSpec.describe Gitlab::Auth::OAuth::User do
...
@@ -614,64 +652,40 @@ RSpec.describe Gitlab::Auth::OAuth::User do
end
end
context
"and no account for the LDAP user"
do
context
"and no account for the LDAP user"
do
context
'dont block on create (LDAP)
'
do
it_behaves_like
'being blocked on creation
'
do
before
do
before
do
allow_next_instance_of
(
Gitlab
::
Auth
::
Ldap
::
Config
)
do
|
instance
|
allow_next_instance_of
(
Gitlab
::
Auth
::
Ldap
::
Config
)
do
|
instance
|
allow
(
instance
).
to
receive_messages
(
block_auto_created_users:
fals
e
)
allow
(
instance
).
to
receive_messages
(
block_auto_created_users:
tru
e
)
end
end
end
end
it
do
oauth_user
.
save
# rubocop:disable Rails/SaveBang
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
).
not_to
be_blocked
end
end
end
context
'block on create (LDAP)
'
do
it_behaves_like
'not being blocked on creation
'
do
before
do
before
do
allow_next_instance_of
(
Gitlab
::
Auth
::
Ldap
::
Config
)
do
|
instance
|
allow_next_instance_of
(
Gitlab
::
Auth
::
Ldap
::
Config
)
do
|
instance
|
allow
(
instance
).
to
receive_messages
(
block_auto_created_users:
tru
e
)
allow
(
instance
).
to
receive_messages
(
block_auto_created_users:
fals
e
)
end
end
end
end
it
do
oauth_user
.
save
# rubocop:disable Rails/SaveBang
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
).
to
be_blocked
end
end
end
end
end
context
'and LDAP user has an account already'
do
context
'and LDAP user has an account already'
do
let!
(
:existing_user
)
{
create
(
:omniauth_user
,
email:
'john@example.com'
,
extern_uid:
dn
,
provider:
'ldapmain'
,
username:
'john'
)
}
let!
(
:existing_user
)
{
create
(
:omniauth_user
,
email:
'john@example.com'
,
extern_uid:
dn
,
provider:
'ldapmain'
,
username:
'john'
)
}
context
'dont block on create (LDAP)
'
do
it_behaves_like
'not being blocked on creation
'
do
before
do
before
do
allow_next_instance_of
(
Gitlab
::
Auth
::
Ldap
::
Config
)
do
|
instance
|
allow_next_instance_of
(
Gitlab
::
Auth
::
Ldap
::
Config
)
do
|
instance
|
allow
(
instance
).
to
receive_messages
(
block_auto_created_users:
false
)
allow
(
instance
).
to
receive_messages
(
block_auto_created_users:
false
)
end
end
end
end
it
do
oauth_user
.
save
# rubocop:disable Rails/SaveBang
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
).
not_to
be_blocked
end
end
end
context
'block on create (LDAP)
'
do
it_behaves_like
'not being blocked on creation
'
do
before
do
before
do
allow_next_instance_of
(
Gitlab
::
Auth
::
Ldap
::
Config
)
do
|
instance
|
allow_next_instance_of
(
Gitlab
::
Auth
::
Ldap
::
Config
)
do
|
instance
|
allow
(
instance
).
to
receive_messages
(
block_auto_created_users:
true
)
allow
(
instance
).
to
receive_messages
(
block_auto_created_users:
true
)
end
end
end
end
it
do
oauth_user
.
save
# rubocop:disable Rails/SaveBang
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
).
not_to
be_blocked
end
end
end
end
end
end
end
...
@@ -682,56 +696,32 @@ RSpec.describe Gitlab::Auth::OAuth::User do
...
@@ -682,56 +696,32 @@ RSpec.describe Gitlab::Auth::OAuth::User do
oauth_user
.
gl_user
.
activate
oauth_user
.
gl_user
.
activate
end
end
context
'dont block on create
'
do
it_behaves_like
'not being blocked on creation
'
do
before
do
before
do
stub_omniauth_config
(
block_auto_created_users:
false
)
stub_omniauth_config
(
block_auto_created_users:
false
)
end
end
it
do
oauth_user
.
save
# rubocop:disable Rails/SaveBang
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
).
not_to
be_blocked
end
end
end
context
'block on create
'
do
it_behaves_like
'not being blocked on creation
'
do
before
do
before
do
stub_omniauth_config
(
block_auto_created_users:
true
)
stub_omniauth_config
(
block_auto_created_users:
true
)
end
end
it
do
oauth_user
.
save
# rubocop:disable Rails/SaveBang
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
).
not_to
be_blocked
end
end
end
context
'dont block on create (LDAP)
'
do
it_behaves_like
'not being blocked on creation
'
do
before
do
before
do
allow_next_instance_of
(
Gitlab
::
Auth
::
Ldap
::
Config
)
do
|
instance
|
allow_next_instance_of
(
Gitlab
::
Auth
::
Ldap
::
Config
)
do
|
instance
|
allow
(
instance
).
to
receive_messages
(
block_auto_created_users:
false
)
allow
(
instance
).
to
receive_messages
(
block_auto_created_users:
false
)
end
end
end
end
it
do
oauth_user
.
save
# rubocop:disable Rails/SaveBang
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
).
not_to
be_blocked
end
end
end
context
'block on create (LDAP)
'
do
it_behaves_like
'not being blocked on creation
'
do
before
do
before
do
allow_next_instance_of
(
Gitlab
::
Auth
::
Ldap
::
Config
)
do
|
instance
|
allow_next_instance_of
(
Gitlab
::
Auth
::
Ldap
::
Config
)
do
|
instance
|
allow
(
instance
).
to
receive_messages
(
block_auto_created_users:
true
)
allow
(
instance
).
to
receive_messages
(
block_auto_created_users:
true
)
end
end
end
end
it
do
oauth_user
.
save
# rubocop:disable Rails/SaveBang
expect
(
gl_user
).
to
be_valid
expect
(
gl_user
).
not_to
be_blocked
end
end
end
end
end
end
end
...
@@ -1057,4 +1047,10 @@ RSpec.describe Gitlab::Auth::OAuth::User do
...
@@ -1057,4 +1047,10 @@ RSpec.describe Gitlab::Auth::OAuth::User do
expect
(
oauth_user
.
bypass_two_factor?
).
to
be_falsey
expect
(
oauth_user
.
bypass_two_factor?
).
to
be_falsey
end
end
end
end
describe
'#protocol_name'
do
it
'is empty'
do
expect
(
oauth_user
.
protocol_name
).
to
eq
(
''
)
end
end
end
end
spec/models/user_spec.rb
View file @
4cd1e372
...
@@ -3090,7 +3090,7 @@ RSpec.describe User do
...
@@ -3090,7 +3090,7 @@ RSpec.describe User do
describe
'#ldap_identity'
do
describe
'#ldap_identity'
do
it
'returns ldap identity'
do
it
'returns ldap identity'
do
user
=
create
:omniauth_user
user
=
create
(
:omniauth_user
,
:ldap
)
expect
(
user
.
ldap_identity
.
provider
).
not_to
be_empty
expect
(
user
.
ldap_identity
.
provider
).
not_to
be_empty
end
end
...
...
spec/requests/api/users_spec.rb
View file @
4cd1e372
...
@@ -11,6 +11,7 @@ RSpec.describe API::Users do
...
@@ -11,6 +11,7 @@ RSpec.describe API::Users do
let
(
:blocked_user
)
{
create
(
:user
,
:blocked
)
}
let
(
:blocked_user
)
{
create
(
:user
,
:blocked
)
}
let
(
:omniauth_user
)
{
create
(
:omniauth_user
)
}
let
(
:omniauth_user
)
{
create
(
:omniauth_user
)
}
let
(
:ldap_user
)
{
create
(
:omniauth_user
,
provider:
'ldapmain'
)
}
let
(
:ldap_blocked_user
)
{
create
(
:omniauth_user
,
provider:
'ldapmain'
,
state:
'ldap_blocked'
)
}
let
(
:ldap_blocked_user
)
{
create
(
:omniauth_user
,
provider:
'ldapmain'
,
state:
'ldap_blocked'
)
}
let
(
:private_user
)
{
create
(
:user
,
private_profile:
true
)
}
let
(
:private_user
)
{
create
(
:user
,
private_profile:
true
)
}
let
(
:deactivated_user
)
{
create
(
:user
,
state:
'deactivated'
)
}
let
(
:deactivated_user
)
{
create
(
:user
,
state:
'deactivated'
)
}
...
@@ -1293,10 +1294,10 @@ RSpec.describe API::Users do
...
@@ -1293,10 +1294,10 @@ RSpec.describe API::Users do
end
end
it
"updates user's existing identity"
do
it
"updates user's existing identity"
do
put
api
(
"/users/
#{
omniauth
_user
.
id
}
"
,
admin
),
params:
{
provider:
'ldapmain'
,
extern_uid:
'654321'
}
put
api
(
"/users/
#{
ldap
_user
.
id
}
"
,
admin
),
params:
{
provider:
'ldapmain'
,
extern_uid:
'654321'
}
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
expect
(
omniauth
_user
.
reload
.
identities
.
first
.
extern_uid
).
to
eq
(
'654321'
)
expect
(
ldap
_user
.
reload
.
identities
.
first
.
extern_uid
).
to
eq
(
'654321'
)
end
end
it
'updates user with new identity'
do
it
'updates user with new identity'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment