debian-mirror-gitlab/spec/helpers/auth_helper_spec.rb

317 lines
9.8 KiB
Ruby
Raw Normal View History

2019-07-07 11:18:12 +05:30
# frozen_string_literal: true
2015-09-11 14:41:01 +05:30
require "spec_helper"
2020-07-28 23:09:34 +05:30
RSpec.describe AuthHelper do
2015-09-11 14:41:01 +05:30
describe "button_based_providers" do
2016-06-02 11:05:42 +05:30
it 'returns all enabled providers from devise' do
2015-09-11 14:41:01 +05:30
allow(helper).to receive(:auth_providers) { [:twitter, :github] }
expect(helper.button_based_providers).to include(*[:twitter, :github])
end
it 'does not return ldap provider' do
allow(helper).to receive(:auth_providers) { [:twitter, :ldapmain] }
expect(helper.button_based_providers).to include(:twitter)
end
it 'returns empty array' do
allow(helper).to receive(:auth_providers) { [] }
expect(helper.button_based_providers).to eq([])
end
end
2016-06-02 11:05:42 +05:30
2018-10-15 14:42:47 +05:30
describe "providers_for_base_controller" do
it 'returns all enabled providers from devise' do
allow(helper).to receive(:auth_providers) { [:twitter, :github] }
expect(helper.providers_for_base_controller).to include(*[:twitter, :github])
end
it 'excludes ldap providers' do
allow(helper).to receive(:auth_providers) { [:twitter, :ldapmain] }
expect(helper.providers_for_base_controller).not_to include(:ldapmain)
end
end
describe "form_based_providers" do
it 'includes LDAP providers' do
allow(helper).to receive(:auth_providers) { [:twitter, :ldapmain] }
expect(helper.form_based_providers).to eq %i(ldapmain)
end
it 'includes crowd provider' do
allow(helper).to receive(:auth_providers) { [:twitter, :crowd] }
expect(helper.form_based_providers).to eq %i(crowd)
end
end
2019-02-15 15:39:39 +05:30
describe 'form_based_auth_provider_has_active_class?' do
it 'selects main LDAP server' do
allow(helper).to receive(:auth_providers) { [:twitter, :ldapprimary, :ldapsecondary, :kerberos] }
expect(helper.form_based_auth_provider_has_active_class?(:twitter)).to be(false)
expect(helper.form_based_auth_provider_has_active_class?(:ldapprimary)).to be(true)
expect(helper.form_based_auth_provider_has_active_class?(:ldapsecondary)).to be(false)
expect(helper.form_based_auth_provider_has_active_class?(:kerberos)).to be(false)
end
end
2019-12-26 22:10:19 +05:30
describe 'any_form_based_providers_enabled?' do
before do
2020-04-08 14:13:33 +05:30
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
2019-12-26 22:10:19 +05:30
end
it 'detects form-based providers' do
allow(helper).to receive(:auth_providers) { [:twitter, :ldapmain] }
expect(helper.any_form_based_providers_enabled?).to be(true)
end
it 'ignores ldap providers when ldap web sign in is disabled' do
allow(helper).to receive(:auth_providers) { [:twitter, :ldapmain] }
allow(helper).to receive(:ldap_sign_in_enabled?).and_return(false)
expect(helper.any_form_based_providers_enabled?).to be(false)
end
end
2016-06-02 11:05:42 +05:30
describe 'enabled_button_based_providers' do
before do
2021-03-11 19:13:27 +05:30
allow(helper).to receive(:auth_providers) { [:twitter, :github, :google_oauth2, :openid_connect] }
2016-06-02 11:05:42 +05:30
end
context 'all providers are enabled to sign in' do
it 'returns all the enabled providers from settings' do
2021-03-11 19:13:27 +05:30
expect(helper.enabled_button_based_providers).to include('twitter', 'github', 'google_oauth2', 'openid_connect')
2020-03-13 15:44:24 +05:30
end
it 'puts google and github in the beginning' do
expect(helper.enabled_button_based_providers.first).to eq('google_oauth2')
expect(helper.enabled_button_based_providers.second).to eq('github')
2016-06-02 11:05:42 +05:30
end
end
context 'GitHub OAuth sign in is disabled from application setting' do
it "doesn't return github as provider" do
stub_application_setting(
disabled_oauth_sign_in_sources: ['github']
)
expect(helper.enabled_button_based_providers).to include('twitter')
expect(helper.enabled_button_based_providers).not_to include('github')
2016-06-02 11:05:42 +05:30
end
end
end
2021-02-22 17:27:13 +05:30
describe 'experiment_enabled_button_based_providers' do
it 'returns the intersection set of github & google_oauth2 with enabled providers' do
allow(helper).to receive(:enabled_button_based_providers) { %w(twitter github google_oauth2) }
expect(helper.experiment_enabled_button_based_providers).to eq(%w(github google_oauth2))
allow(helper).to receive(:enabled_button_based_providers) { %w(google_oauth2 bitbucket) }
expect(helper.experiment_enabled_button_based_providers).to eq(%w(google_oauth2))
allow(helper).to receive(:enabled_button_based_providers) { %w(bitbucket) }
expect(helper.experiment_enabled_button_based_providers).to be_empty
end
end
2016-06-02 11:05:42 +05:30
describe 'button_based_providers_enabled?' do
before do
allow(helper).to receive(:auth_providers) { [:twitter, :github] }
end
context 'button based providers enabled' do
it 'returns true' do
expect(helper.button_based_providers_enabled?).to be true
end
end
context 'all the button based providers are disabled via application_setting' do
it 'returns false' do
stub_application_setting(
2017-08-17 22:00:37 +05:30
disabled_oauth_sign_in_sources: %w(github twitter)
2016-06-02 11:05:42 +05:30
)
expect(helper.button_based_providers_enabled?).to be false
end
end
end
2017-08-17 22:00:37 +05:30
2019-07-07 11:18:12 +05:30
describe '#link_provider_allowed?' do
let(:policy) { instance_double('IdentityProviderPolicy') }
let(:current_user) { instance_double('User') }
let(:provider) { double }
before do
allow(helper).to receive(:current_user).and_return(current_user)
allow(IdentityProviderPolicy).to receive(:new).with(current_user, provider).and_return(policy)
2019-05-18 00:54:41 +05:30
end
2019-07-07 11:18:12 +05:30
it 'delegates to identity provider policy' do
allow(policy).to receive(:can?).with(:link).and_return('policy_link_result')
expect(helper.link_provider_allowed?(provider)).to eq 'policy_link_result'
end
end
describe '#unlink_provider_allowed?' do
let(:policy) { instance_double('IdentityProviderPolicy') }
let(:current_user) { instance_double('User') }
let(:provider) { double }
before do
allow(helper).to receive(:current_user).and_return(current_user)
allow(IdentityProviderPolicy).to receive(:new).with(current_user, provider).and_return(policy)
end
it 'delegates to identity provider policy' do
allow(policy).to receive(:can?).with(:unlink).and_return('policy_unlink_result')
expect(helper.unlink_provider_allowed?(provider)).to eq 'policy_unlink_result'
2017-08-17 22:00:37 +05:30
end
end
2020-04-08 14:13:33 +05:30
describe '#provider_has_icon?' do
it 'returns true for defined providers' do
expect(helper.provider_has_icon?(described_class::PROVIDERS_WITH_ICONS.sample)).to eq true
end
it 'returns false for undefined providers' do
expect(helper.provider_has_icon?('test')).to be_falsey
end
context 'when provider is defined by config' do
before do
allow(Gitlab::Auth::OAuth::Provider).to receive(:icon_for).with('test').and_return('icon')
end
it 'returns true' do
expect(helper.provider_has_icon?('test')).to be_truthy
end
end
context 'when provider is not defined by config' do
before do
allow(Gitlab::Auth::OAuth::Provider).to receive(:icon_for).with('test').and_return(nil)
end
it 'returns true' do
expect(helper.provider_has_icon?('test')).to be_falsey
end
end
end
2020-05-24 23:13:21 +05:30
describe '#allow_admin_mode_password_authentication_for_web?' do
let(:user) { create(:user) }
subject { helper.allow_admin_mode_password_authentication_for_web? }
before do
allow(helper).to receive(:current_user).and_return(user)
end
it { is_expected.to be(true) }
context 'when password authentication for web is disabled' do
before do
stub_application_setting(password_authentication_enabled_for_web: false)
end
it { is_expected.to be(false) }
end
context 'when current_user is an ldap user' do
before do
allow(user).to receive(:ldap_user?).and_return(true)
end
it { is_expected.to be(false) }
end
context 'when user got password automatically set' do
before do
user.update_attribute(:password_automatically_set, true)
end
it { is_expected.to be(false) }
end
end
2020-11-24 15:15:51 +05:30
describe '#auth_active?' do
let(:user) { create(:user) }
def auth_active?
helper.auth_active?(provider)
end
before do
allow(helper).to receive(:current_user).and_return(user)
end
context 'for atlassian_oauth2 provider' do
let_it_be(:provider) { :atlassian_oauth2 }
it 'returns true when present' do
create(:atlassian_identity, user: user)
expect(auth_active?).to be true
end
it 'returns false when not present' do
expect(auth_active?).to be false
end
end
context 'for other omniauth providers' do
let_it_be(:provider) { 'google_oauth2' }
it 'returns true when present' do
create(:identity, provider: provider, user: user)
expect(auth_active?).to be true
end
it 'returns false when not present' do
expect(auth_active?).to be false
end
end
end
2021-01-29 00:20:46 +05:30
describe '#google_tag_manager_enabled?' do
let(:is_gitlab_com) { true }
let(:user) { nil }
before do
allow(Gitlab).to receive(:com?).and_return(is_gitlab_com)
stub_config(extra: { google_tag_manager_id: 'key' })
allow(helper).to receive(:current_user).and_return(user)
end
subject(:google_tag_manager_enabled?) { helper.google_tag_manager_enabled? }
context 'on gitlab.com and a key set without a current user' do
it { is_expected.to be_truthy }
end
context 'when not on gitlab.com' do
let(:is_gitlab_com) { false }
it { is_expected.to be_falsey }
end
context 'when current user is set' do
let(:user) { instance_double('User') }
it { is_expected.to be_falsey }
end
context 'when no key is set' do
before do
stub_config(extra: {})
end
it { is_expected.to be_falsey }
end
end
2015-09-11 14:41:01 +05:30
end