Merge branch 'if-293668-fix_forti_authenticator_access_token' into 'master'

FortiAuthenticator strategy to rely on the correct config See merge request gitlab-org/gitlab!49943

Merge branch 'if-293668-fix_forti_authenticator_access_token' into 'master'
FortiAuthenticator strategy to rely on the correct config See merge request gitlab-org/gitlab!49943
82313885 · Mayra Cabrera · 54cc5473 · d727491e · 82313885 · 82313885
Commit 82313885 authored Dec 14, 2020 by Mayra Cabrera
2 changed files
--- a/lib/gitlab/auth/otp/strategies/forti_authenticator.rb
+++ b/lib/gitlab/auth/otp/strategies/forti_authenticator.rb
@@ -18,6 +18,9 @@ module Gitlab
            # Successful authentication results in HTTP 200: OK
            # https://docs.fortinet.com/document/fortiauthenticator/6.2.0/rest-api-solution-guide/704555/authentication-auth
            response.ok? ? success : error_from_response(response)
+          rescue StandardError => ex
+            Gitlab::AppLogger.error(ex)
+            error(ex.message)
          end

          private
@@ -32,7 +35,7 @@ module Gitlab

          def api_credentials
            { username: ::Gitlab.config.forti_authenticator.username,
-              password: ::Gitlab.config.forti_authenticator.token }
+              password: ::Gitlab.config.forti_authenticator.access_token }
          end
        end
      end

--- a/spec/lib/gitlab/auth/otp/strategies/forti_authenticator_spec.rb
+++ b/spec/lib/gitlab/auth/otp/strategies/forti_authenticator_spec.rb
@@ -12,6 +12,7 @@ RSpec.describe Gitlab::Auth::Otp::Strategies::FortiAuthenticator do
  let(:api_token) { 's3cr3t' }

  let(:forti_authenticator_auth_url) { "https://#{host}:#{port}/api/v1/auth/" }
+  let(:response_status) { 200 }

  subject(:validate) { described_class.new(user).validate(otp_code) }

@@ -23,20 +24,20 @@ RSpec.describe Gitlab::Auth::Otp::Strategies::FortiAuthenticator do
      host: host,
      port: port,
      username: api_username,
-      token: api_token
+      access_token: api_token
    )

    request_body = { username: user.username,
                     token_code: otp_code }

    stub_request(:post, forti_authenticator_auth_url)
-      .with(body: JSON(request_body), headers: { 'Content-Type' => 'application/json' })
-      .to_return(status: response_status, body: '', headers: {})
+      .with(body: JSON(request_body),
+            headers: { 'Content-Type': 'application/json' },
+            basic_auth: [api_username, api_token])
+      .to_return(status: response_status, body: '')
  end

  context 'successful validation' do
-    let(:response_status) { 200 }
-
    it 'returns success' do
      expect(validate[:status]).to eq(:success)
    end
@@ -50,6 +51,16 @@ RSpec.describe Gitlab::Auth::Otp::Strategies::FortiAuthenticator do
    end
  end

+  context 'unexpected error' do
+    it 'returns error' do
+      error_message = 'boom!'
+      stub_request(:post, forti_authenticator_auth_url).to_raise(StandardError.new(error_message))
+
+      expect(validate[:status]).to eq(:error)
+      expect(validate[:message]).to eq(error_message)
+    end
+  end
+
  def stub_forti_authenticator_config(forti_authenticator_settings)
    allow(::Gitlab.config.forti_authenticator).to(receive_messages(forti_authenticator_settings))
  end