debian-mirror-gitlab/spec/lib/gitlab/ldap/user_spec.rb

require 'spec_helper'

describe Gitlab::LDAP::User do
  let(:ldap_user) { described_class.new(auth_hash) }
  let(:gl_user) { ldap_user.gl_user }
  let(:info) do
    {
      name: 'John',
      email: 'john@example.com',
      nickname: 'john'
    }
  end
  let(:auth_hash) do
    OmniAuth::AuthHash.new(uid: 'my-uid', provider: 'ldapmain', info: info)
  end
  let(:ldap_user_upper_case) { described_class.new(auth_hash_upper_case) }
  let(:info_upper_case) do
    {
      name: 'John',
      email: 'John@Example.com', # Email address has upper case chars
      nickname: 'john'
    }
  end
  let(:auth_hash_upper_case) do
    OmniAuth::AuthHash.new(uid: 'my-uid', provider: 'ldapmain', info: info_upper_case)
  end

  describe '#changed?' do
    it "marks existing ldap user as changed" do
      create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain')
      expect(ldap_user.changed?).to be_truthy
    end

    it "marks existing non-ldap user if the email matches as changed" do
      create(:user, email: 'john@example.com')
      expect(ldap_user.changed?).to be_truthy
    end

    it "does not mark existing ldap user as changed" do
      create(:omniauth_user, email: 'john@example.com', extern_uid: 'my-uid', provider: 'ldapmain', external_email: true, email_provider: 'ldapmain')
      expect(ldap_user.changed?).to be_falsey
    end
  end

  describe '.find_by_uid_and_provider' do
    it 'retrieves the correct user' do
      special_info = {
        name: 'John Åström',
        email: 'john@example.com',
        nickname: 'jastrom'
      }
      special_hash = OmniAuth::AuthHash.new(uid: 'CN=John Åström,CN=Users,DC=Example,DC=com', provider: 'ldapmain', info: special_info)
      special_chars_user = described_class.new(special_hash)
      user = special_chars_user.save

      expect(described_class.find_by_uid_and_provider(special_hash.uid, special_hash.provider)).to eq user
    end
  end

  describe 'find or create' do
    it "finds the user if already existing" do
      create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain')

      expect{ ldap_user.save }.not_to change{ User.count }
    end

    it "connects to existing non-ldap user if the email matches" do
      existing_user = create(:omniauth_user, email: 'john@example.com', provider: "twitter")
      expect{ ldap_user.save }.not_to change{ User.count }

      existing_user.reload
      expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
      expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
    end

    it 'connects to existing ldap user if the extern_uid changes' do
      existing_user = create(:omniauth_user, email: 'john@example.com', extern_uid: 'old-uid', provider: 'ldapmain')
      expect{ ldap_user.save }.not_to change{ User.count }

      existing_user.reload
      expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
      expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
      expect(existing_user.id).to eql ldap_user.gl_user.id
    end

    it 'connects to existing ldap user if the extern_uid changes and email address has upper case characters' do
      existing_user = create(:omniauth_user, email: 'john@example.com', extern_uid: 'old-uid', provider: 'ldapmain')
      expect{ ldap_user_upper_case.save }.not_to change{ User.count }

      existing_user.reload
      expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
      expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
      expect(existing_user.id).to eql ldap_user.gl_user.id
    end

    it 'maintains an identity per provider' do
      existing_user = create(:omniauth_user, email: 'john@example.com', provider: 'twitter')
      expect(existing_user.identities.count).to be(1)

      ldap_user.save
      expect(ldap_user.gl_user.identities.count).to be(2)

      # Expect that find_by provider only returns a single instance of an identity and not an Enumerable
      expect(ldap_user.gl_user.identities.find_by(provider: 'twitter')).to be_instance_of Identity
      expect(ldap_user.gl_user.identities.find_by(provider: auth_hash.provider)).to be_instance_of Identity
    end

    it "creates a new user if not found" do
      expect{ ldap_user.save }.to change{ User.count }.by(1)
    end

    context 'when signup is disabled' do
      before do
        stub_application_setting signup_enabled: false
      end

      it 'creates the user' do
        ldap_user.save

        expect(gl_user).to be_persisted
      end
    end

    context 'when user confirmation email is enabled' do
      before do
        stub_application_setting send_user_confirmation_email: true
      end

      it 'creates and confirms the user anyway' do
        ldap_user.save

        expect(gl_user).to be_persisted
        expect(gl_user).to be_confirmed
      end
    end
  end

  describe 'updating email' do
    context "when LDAP sets an email" do
      it "has a real email" do
        expect(ldap_user.gl_user.email).to eq(info[:email])
      end

      it "has external_email set to true" do
        expect(ldap_user.gl_user.external_email?).to be(true)
      end

      it "has email_provider set to provider" do
        expect(ldap_user.gl_user.email_provider).to eql 'ldapmain'
      end
    end

    context "when LDAP doesn't set an email" do
      before do
        info.delete(:email)
      end

      it "has a temp email" do
        expect(ldap_user.gl_user.temp_oauth_email?).to be(true)
      end

      it "has external_email set to false" do
        expect(ldap_user.gl_user.external_email?).to be(false)
      end
    end
  end

  describe 'blocking' do
    def configure_block(value)
      allow_any_instance_of(Gitlab::LDAP::Config)
        .to receive(:block_auto_created_users).and_return(value)
    end

    context 'signup' do
      context 'dont block on create' do
        before do
          configure_block(false)
        end

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).not_to be_blocked
        end
      end

      context 'block on create' do
        before do
          configure_block(true)
        end

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).to be_blocked
        end
      end
    end

    context 'sign-in' do
      before do
        ldap_user.save
        ldap_user.gl_user.activate
      end

      context 'dont block on create' do
        before do
          configure_block(false)
        end

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).not_to be_blocked
        end
      end

      context 'block on create' do
        before do
          configure_block(true)
        end

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).not_to be_blocked
        end
      end
    end
  end
end
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`require 'spec_helper'`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`describe Gitlab::LDAP::User do`
			`let(:ldap_user) { described_class.new(auth_hash) }`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`let(:gl_user) { ldap_user.gl_user }`
			`let(:info) do`
			`{`
			`name: 'John',`
			`email: 'john@example.com',`
			`nickname: 'john'`
			`}`
			`end`
			`let(:auth_hash) do`
Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30			`OmniAuth::AuthHash.new(uid: 'my-uid', provider: 'ldapmain', info: info)`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`let(:ldap_user_upper_case) { described_class.new(auth_hash_upper_case) }`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30			`let(:info_upper_case) do`
			`{`
			`name: 'John',`
			`email: 'John@Example.com', # Email address has upper case chars`
			`nickname: 'john'`
			`}`
			`end`
			`let(:auth_hash_upper_case) do`
			`OmniAuth::AuthHash.new(uid: 'my-uid', provider: 'ldapmain', info: info_upper_case)`
			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30			`describe '#changed?' do`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`it "marks existing ldap user as changed" do`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain')`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`expect(ldap_user.changed?).to be_truthy`
			`end`

			`it "marks existing non-ldap user if the email matches as changed" do`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`create(:user, email: 'john@example.com')`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`expect(ldap_user.changed?).to be_truthy`
			`end`

New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30			`it "does not mark existing ldap user as changed" do`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`create(:omniauth_user, email: 'john@example.com', extern_uid: 'my-uid', provider: 'ldapmain', external_email: true, email_provider: 'ldapmain')`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`expect(ldap_user.changed?).to be_falsey`
			`end`
			`end`

Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`describe '.find_by_uid_and_provider' do`
			`it 'retrieves the correct user' do`
			`special_info = {`
			`name: 'John Åström',`
			`email: 'john@example.com',`
			`nickname: 'jastrom'`
			`}`
			`special_hash = OmniAuth::AuthHash.new(uid: 'CN=John Åström,CN=Users,DC=Example,DC=com', provider: 'ldapmain', info: special_info)`
			`special_chars_user = described_class.new(special_hash)`
			`user = special_chars_user.save`

			`expect(described_class.find_by_uid_and_provider(special_hash.uid, special_hash.provider)).to eq user`
			`end`
			`end`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`describe 'find or create' do`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`it "finds the user if already existing" do`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain')`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`expect{ ldap_user.save }.not_to change{ User.count }`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`

			`it "connects to existing non-ldap user if the email matches" do`
			`existing_user = create(:omniauth_user, email: 'john@example.com', provider: "twitter")`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`expect{ ldap_user.save }.not_to change{ User.count }`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
			`existing_user.reload`
			`expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'`
			`expect(existing_user.ldap_identity.provider).to eql 'ldapmain'`
			`end`

Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30			`it 'connects to existing ldap user if the extern_uid changes' do`
			`existing_user = create(:omniauth_user, email: 'john@example.com', extern_uid: 'old-uid', provider: 'ldapmain')`
			`expect{ ldap_user.save }.not_to change{ User.count }`

			`existing_user.reload`
			`expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'`
			`expect(existing_user.ldap_identity.provider).to eql 'ldapmain'`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30			`expect(existing_user.id).to eql ldap_user.gl_user.id`
			`end`

			`it 'connects to existing ldap user if the extern_uid changes and email address has upper case characters' do`
			`existing_user = create(:omniauth_user, email: 'john@example.com', extern_uid: 'old-uid', provider: 'ldapmain')`
			`expect{ ldap_user_upper_case.save }.not_to change{ User.count }`

			`existing_user.reload`
			`expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'`
			`expect(existing_user.ldap_identity.provider).to eql 'ldapmain'`
Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30			`expect(existing_user.id).to eql ldap_user.gl_user.id`
			`end`

			`it 'maintains an identity per provider' do`
			`existing_user = create(:omniauth_user, email: 'john@example.com', provider: 'twitter')`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`expect(existing_user.identities.count).to be(1)`
Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30
			`ldap_user.save`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`expect(ldap_user.gl_user.identities.count).to be(2)`
Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30
			`# Expect that find_by provider only returns a single instance of an identity and not an Enumerable`
			`expect(ldap_user.gl_user.identities.find_by(provider: 'twitter')).to be_instance_of Identity`
			`expect(ldap_user.gl_user.identities.find_by(provider: auth_hash.provider)).to be_instance_of Identity`
			`end`

Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`it "creates a new user if not found" do`
			`expect{ ldap_user.save }.to change{ User.count }.by(1)`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
			`context 'when signup is disabled' do`
			`before do`
			`stub_application_setting signup_enabled: false`
			`end`

			`it 'creates the user' do`
			`ldap_user.save`

			`expect(gl_user).to be_persisted`
			`end`
			`end`

			`context 'when user confirmation email is enabled' do`
			`before do`
			`stub_application_setting send_user_confirmation_email: true`
			`end`

			`it 'creates and confirms the user anyway' do`
			`ldap_user.save`

			`expect(gl_user).to be_persisted`
			`expect(gl_user).to be_confirmed`
			`end`
			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`

Imported Upstream version 8.4.0+dfsg 2016-01-29 22:53:50 +05:30			`describe 'updating email' do`
			`context "when LDAP sets an email" do`
			`it "has a real email" do`
			`expect(ldap_user.gl_user.email).to eq(info[:email])`
			`end`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`it "has external_email set to true" do`
			`expect(ldap_user.gl_user.external_email?).to be(true)`
			`end`

			`it "has email_provider set to provider" do`
			`expect(ldap_user.gl_user.email_provider).to eql 'ldapmain'`
Imported Upstream version 8.4.0+dfsg 2016-01-29 22:53:50 +05:30			`end`
			`end`

			`context "when LDAP doesn't set an email" do`
			`before do`
			`info.delete(:email)`
			`end`

			`it "has a temp email" do`
			`expect(ldap_user.gl_user.temp_oauth_email?).to be(true)`
			`end`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`it "has external_email set to false" do`
			`expect(ldap_user.gl_user.external_email?).to be(false)`
Imported Upstream version 8.4.0+dfsg 2016-01-29 22:53:50 +05:30			`end`
			`end`
			`end`

Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`describe 'blocking' do`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`def configure_block(value)`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`allow_any_instance_of(Gitlab::LDAP::Config)`
			`.to receive(:block_auto_created_users).and_return(value)`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`context 'signup' do`
			`context 'dont block on create' do`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`before do`
			`configure_block(false)`
			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
			`it do`
			`ldap_user.save`
			`expect(gl_user).to be_valid`
			`expect(gl_user).not_to be_blocked`
			`end`
			`end`

			`context 'block on create' do`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`before do`
			`configure_block(true)`
			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
			`it do`
			`ldap_user.save`
			`expect(gl_user).to be_valid`
			`expect(gl_user).to be_blocked`
			`end`
			`end`
			`end`

			`context 'sign-in' do`
			`before do`
			`ldap_user.save`
			`ldap_user.gl_user.activate`
			`end`

			`context 'dont block on create' do`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`before do`
			`configure_block(false)`
			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
			`it do`
			`ldap_user.save`
			`expect(gl_user).to be_valid`
			`expect(gl_user).not_to be_blocked`
			`end`
			`end`

			`context 'block on create' do`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`before do`
			`configure_block(true)`
			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
			`it do`
			`ldap_user.save`
			`expect(gl_user).to be_valid`
			`expect(gl_user).not_to be_blocked`
			`end`
			`end`
			`end`
			`end`
			`end`