Commit 87485e7c authored by Lin Jen-Shin's avatar Lin Jen-Shin

Merge branch '33408-upgrade-devise' into 'master'

Upgrade devise and dependencies

Closes #20175

See merge request gitlab-org/gitlab!18225
parents af24ba11 48d7d967
......@@ -95,7 +95,7 @@ GEM
babosa (1.0.2)
base32 (0.3.2)
batch-loader (1.4.0)
bcrypt (3.1.12)
bcrypt (3.1.13)
bcrypt_pbkdf (1.0.0)
benchmark-ips (2.3.0)
benchmark-memory (0.1.2)
......@@ -209,10 +209,10 @@ GEM
descendants_tracker (0.0.4)
thread_safe (~> 0.3, >= 0.3.1)
device_detector (1.0.0)
devise (4.6.2)
devise (4.7.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0, < 6.0)
railties (>= 4.1.0)
responders
warden (~> 1.2.3)
devise-two-factor (3.0.0)
......@@ -488,7 +488,7 @@ GEM
mime-types (~> 3.0)
multi_xml (>= 0.5.2)
httpclient (2.8.3)
i18n (1.6.0)
i18n (1.7.0)
concurrent-ruby (~> 1.0)
i18n_data (0.8.0)
icalendar (2.4.1)
......@@ -770,8 +770,8 @@ GEM
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.2.0)
loofah (~> 2.2, >= 2.2.2)
rails-html-sanitizer (1.3.0)
loofah (~> 2.3)
rails-i18n (5.1.1)
i18n (>= 0.7, < 2)
railties (>= 5.0, < 6)
......@@ -824,9 +824,9 @@ GEM
declarative-option (< 0.2.0)
uber (< 0.2.0)
request_store (1.3.1)
responders (2.4.0)
actionpack (>= 4.2.0, < 5.3)
railties (>= 4.2.0, < 5.3)
responders (2.4.1)
actionpack (>= 4.2.0, < 6.0)
railties (>= 4.2.0, < 6.0)
rest-client (2.0.2)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 4.0)
......@@ -1058,8 +1058,8 @@ GEM
descendants_tracker (~> 0.0, >= 0.0.3)
equalizer (~> 0.0, >= 0.0.9)
vmstat (2.3.0)
warden (1.2.7)
rack (>= 1.0)
warden (1.2.8)
rack (>= 2.0.6)
webfinger (1.1.0)
activesupport
httpclient (>= 2.4)
......
......@@ -148,34 +148,25 @@ describe 'OpenID Connect requests' do
end
end
# These 2 calls shouldn't actually throw, they should be handled as an
# unauthorized request, so we should be able to check the response.
#
# This was not possible due to an issue with Warden:
# https://github.com/hassox/warden/pull/162
#
# When the patch gets merged and we update Warden, these specs will need to
# updated to check the response instead of a raised exception.
# https://gitlab.com/gitlab-org/gitlab-foss/issues/40218
context 'when user is blocked' do
it 'returns authentication error' do
it 'redirects to login page' do
access_grant
user.block!
expect do
request_access_token!
end.to raise_error UncaughtThrowError
request_access_token!
expect(response).to redirect_to('/users/sign_in')
end
end
context 'when user is ldap_blocked' do
it 'returns authentication error' do
it 'redirects to login page' do
access_grant
user.ldap_block!
expect do
request_access_token!
end.to raise_error UncaughtThrowError
request_access_token!
expect(response).to redirect_to('/users/sign_in')
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment