2019-12-26 22:10:19 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-07-28 23:09:34 +05:30
|
|
|
RSpec.describe Gitlab::ExternalAuthorization::Client do
|
2019-07-07 11:18:12 +05:30
|
|
|
let(:user) { build(:user, email: 'dummy_user@example.com') }
|
|
|
|
let(:dummy_url) { 'https://dummy.net/' }
|
2020-01-01 13:55:28 +05:30
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
subject(:client) { described_class.new(user, 'dummy_label') }
|
|
|
|
|
|
|
|
before do
|
|
|
|
stub_application_setting(external_authorization_service_url: dummy_url)
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#request_access' do
|
|
|
|
it 'performs requests to the configured endpoint' do
|
2020-10-24 23:57:45 +05:30
|
|
|
expect(Gitlab::HTTP).to receive(:post).with(dummy_url, any_args)
|
2019-07-07 11:18:12 +05:30
|
|
|
|
|
|
|
client.request_access
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'adds the correct params for the user to the body of the request' do
|
|
|
|
expected_body = {
|
|
|
|
user_identifier: 'dummy_user@example.com',
|
2019-09-30 21:07:59 +05:30
|
|
|
project_classification_label: 'dummy_label',
|
|
|
|
identities: []
|
2019-07-07 11:18:12 +05:30
|
|
|
}.to_json
|
2020-10-24 23:57:45 +05:30
|
|
|
expect(Gitlab::HTTP).to receive(:post)
|
2019-07-07 11:18:12 +05:30
|
|
|
.with(dummy_url, hash_including(body: expected_body))
|
|
|
|
|
|
|
|
client.request_access
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'respects the the timeout' do
|
|
|
|
stub_application_setting(
|
|
|
|
external_authorization_service_timeout: 3
|
|
|
|
)
|
|
|
|
|
2020-10-24 23:57:45 +05:30
|
|
|
expect(Gitlab::HTTP).to receive(:post).with(dummy_url,
|
2019-07-07 11:18:12 +05:30
|
|
|
hash_including(
|
|
|
|
connect_timeout: 3,
|
|
|
|
read_timeout: 3,
|
|
|
|
write_timeout: 3
|
|
|
|
))
|
|
|
|
|
|
|
|
client.request_access
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'adds the mutual tls params when they are present' do
|
|
|
|
stub_application_setting(
|
|
|
|
external_auth_client_cert: 'the certificate data',
|
|
|
|
external_auth_client_key: 'the key data',
|
|
|
|
external_auth_client_key_pass: 'open sesame'
|
|
|
|
)
|
|
|
|
expected_params = {
|
|
|
|
client_cert_data: 'the certificate data',
|
|
|
|
client_key_data: 'the key data',
|
|
|
|
client_key_pass: 'open sesame'
|
|
|
|
}
|
|
|
|
|
2020-10-24 23:57:45 +05:30
|
|
|
expect(Gitlab::HTTP).to receive(:post).with(dummy_url, hash_including(expected_params))
|
2019-07-07 11:18:12 +05:30
|
|
|
|
|
|
|
client.request_access
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns an expected response' do
|
2020-10-24 23:57:45 +05:30
|
|
|
expect(Gitlab::HTTP).to receive(:post)
|
2019-07-07 11:18:12 +05:30
|
|
|
|
|
|
|
expect(client.request_access)
|
|
|
|
.to be_kind_of(::Gitlab::ExternalAuthorization::Response)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'wraps exceptions if the request fails' do
|
2021-06-08 01:23:25 +05:30
|
|
|
expect(Gitlab::HTTP).to receive(:post) { raise Gitlab::HTTP::BlockedUrlError, 'the request broke' }
|
2019-07-07 11:18:12 +05:30
|
|
|
|
|
|
|
expect { client.request_access }
|
|
|
|
.to raise_error(::Gitlab::ExternalAuthorization::RequestFailed)
|
|
|
|
end
|
|
|
|
|
2020-10-24 23:57:45 +05:30
|
|
|
it 'passes local request setting to Gitlab::HTTP' do
|
|
|
|
stub_application_setting(allow_local_requests_from_system_hooks: false)
|
|
|
|
|
|
|
|
expect(Gitlab::HTTP).to receive(:post).with(dummy_url, hash_including(allow_local_requests: false))
|
|
|
|
|
|
|
|
client.request_access
|
|
|
|
end
|
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
describe 'for ldap users' do
|
|
|
|
let(:user) do
|
|
|
|
create(:omniauth_user,
|
|
|
|
email: 'dummy_user@example.com',
|
|
|
|
extern_uid: 'external id',
|
|
|
|
provider: 'ldapprovider')
|
|
|
|
end
|
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
it 'includes the ldap dn and identities for ldap users' do
|
2019-07-07 11:18:12 +05:30
|
|
|
expected_body = {
|
|
|
|
user_identifier: 'dummy_user@example.com',
|
|
|
|
project_classification_label: 'dummy_label',
|
2019-09-30 21:07:59 +05:30
|
|
|
identities: [{ provider: 'ldapprovider', extern_uid: 'external id' }],
|
2019-07-07 11:18:12 +05:30
|
|
|
user_ldap_dn: 'external id'
|
|
|
|
}.to_json
|
2020-10-24 23:57:45 +05:30
|
|
|
expect(Gitlab::HTTP).to receive(:post)
|
2019-07-07 11:18:12 +05:30
|
|
|
.with(dummy_url, hash_including(body: expected_body))
|
|
|
|
|
|
|
|
client.request_access
|
|
|
|
end
|
|
|
|
end
|
2019-09-30 21:07:59 +05:30
|
|
|
|
|
|
|
describe 'for non-ldap users with identities' do
|
|
|
|
before do
|
|
|
|
%w(twitter facebook).each do |provider|
|
|
|
|
create(:identity, provider: provider, extern_uid: "#{provider}_external_id", user: user)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'includes all the identities' do
|
|
|
|
expected_body = {
|
|
|
|
user_identifier: 'dummy_user@example.com',
|
|
|
|
project_classification_label: 'dummy_label',
|
|
|
|
identities: [
|
|
|
|
{ provider: 'twitter', extern_uid: 'twitter_external_id' },
|
|
|
|
{ provider: 'facebook', extern_uid: 'facebook_external_id' }
|
|
|
|
]
|
|
|
|
}.to_json
|
2020-10-24 23:57:45 +05:30
|
|
|
expect(Gitlab::HTTP).to receive(:post)
|
2019-09-30 21:07:59 +05:30
|
|
|
.with(dummy_url, hash_including(body: expected_body))
|
|
|
|
|
|
|
|
client.request_access
|
|
|
|
end
|
|
|
|
end
|
2019-07-07 11:18:12 +05:30
|
|
|
end
|
|
|
|
end
|