debian-mirror-gitlab/spec/lib/gitlab/external_authorization/client_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Gitlab::ExternalAuthorization::Client do
  let(:user) { build(:user, email: 'dummy_user@example.com') }
  let(:dummy_url) { 'https://dummy.net/' }

  subject(:client) { described_class.new(user, 'dummy_label') }

  before do
    stub_application_setting(external_authorization_service_url: dummy_url)
  end

  describe '#request_access' do
    it 'performs requests to the configured endpoint' do
      expect(Gitlab::HTTP).to receive(:post).with(dummy_url, any_args)

      client.request_access
    end

    it 'adds the correct params for the user to the body of the request' do
      expected_body = {
        user_identifier: 'dummy_user@example.com',
        project_classification_label: 'dummy_label',
        identities: []
      }.to_json
      expect(Gitlab::HTTP).to receive(:post)
                         .with(dummy_url, hash_including(body: expected_body))

      client.request_access
    end

    it 'respects the the timeout' do
      stub_application_setting(
        external_authorization_service_timeout: 3
      )

      expect(Gitlab::HTTP).to receive(:post).with(dummy_url,
                                           hash_including(
                                             connect_timeout: 3,
                                             read_timeout: 3,
                                             write_timeout: 3
                                           ))

      client.request_access
    end

    it 'adds the mutual tls params when they are present' do
      stub_application_setting(
        external_auth_client_cert: 'the certificate data',
        external_auth_client_key: 'the key data',
        external_auth_client_key_pass: 'open sesame'
      )
      expected_params = {
        client_cert_data: 'the certificate data',
        client_key_data: 'the key data',
        client_key_pass: 'open sesame'
      }

      expect(Gitlab::HTTP).to receive(:post).with(dummy_url, hash_including(expected_params))

      client.request_access
    end

    it 'returns an expected response' do
      expect(Gitlab::HTTP).to receive(:post)

      expect(client.request_access)
        .to be_kind_of(::Gitlab::ExternalAuthorization::Response)
    end

    it 'wraps exceptions if the request fails' do
      expect(Gitlab::HTTP).to receive(:post) { raise Gitlab::HTTP::BlockedUrlError.new('the request broke') }

      expect { client.request_access }
        .to raise_error(::Gitlab::ExternalAuthorization::RequestFailed)
    end

    it 'passes local request setting to Gitlab::HTTP' do
      stub_application_setting(allow_local_requests_from_system_hooks: false)

      expect(Gitlab::HTTP).to receive(:post).with(dummy_url, hash_including(allow_local_requests: false))

      client.request_access
    end

    describe 'for ldap users' do
      let(:user) do
        create(:omniauth_user,
               email: 'dummy_user@example.com',
               extern_uid: 'external id',
               provider: 'ldapprovider')
      end

      it 'includes the ldap dn and identities for ldap users' do
        expected_body = {
          user_identifier: 'dummy_user@example.com',
          project_classification_label: 'dummy_label',
          identities: [{ provider: 'ldapprovider', extern_uid: 'external id' }],
          user_ldap_dn: 'external id'
        }.to_json
        expect(Gitlab::HTTP).to receive(:post)
                           .with(dummy_url, hash_including(body: expected_body))

        client.request_access
      end
    end

    describe 'for non-ldap users with identities' do
      before do
        %w(twitter facebook).each do |provider|
          create(:identity, provider: provider, extern_uid: "#{provider}_external_id", user: user)
        end
      end

      it 'includes all the identities' do
        expected_body = {
          user_identifier: 'dummy_user@example.com',
          project_classification_label: 'dummy_label',
          identities: [
            { provider: 'twitter', extern_uid: 'twitter_external_id' },
            { provider: 'facebook', extern_uid: 'facebook_external_id' }
          ]
        }.to_json
        expect(Gitlab::HTTP).to receive(:post)
                           .with(dummy_url, hash_including(body: expected_body))

        client.request_access
      end
    end
  end
end
New upstream version 12.5.4 2019-12-26 22:10:19 +05:30			`# frozen_string_literal: true`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`require 'spec_helper'`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`RSpec.describe Gitlab::ExternalAuthorization::Client do`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`let(:user) { build(:user, email: 'dummy_user@example.com') }`
			`let(:dummy_url) { 'https://dummy.net/' }`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`subject(:client) { described_class.new(user, 'dummy_label') }`

			`before do`
			`stub_application_setting(external_authorization_service_url: dummy_url)`
			`end`

			`describe '#request_access' do`
			`it 'performs requests to the configured endpoint' do`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`expect(Gitlab::HTTP).to receive(:post).with(dummy_url, any_args)`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30
			`client.request_access`
			`end`

			`it 'adds the correct params for the user to the body of the request' do`
			`expected_body = {`
			`user_identifier: 'dummy_user@example.com',`
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`project_classification_label: 'dummy_label',`
			`identities: []`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`}.to_json`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`expect(Gitlab::HTTP).to receive(:post)`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`.with(dummy_url, hash_including(body: expected_body))`

			`client.request_access`
			`end`

			`it 'respects the the timeout' do`
			`stub_application_setting(`
			`external_authorization_service_timeout: 3`
			`)`

New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`expect(Gitlab::HTTP).to receive(:post).with(dummy_url,`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`hash_including(`
			`connect_timeout: 3,`
			`read_timeout: 3,`
			`write_timeout: 3`
			`))`

			`client.request_access`
			`end`

			`it 'adds the mutual tls params when they are present' do`
			`stub_application_setting(`
			`external_auth_client_cert: 'the certificate data',`
			`external_auth_client_key: 'the key data',`
			`external_auth_client_key_pass: 'open sesame'`
			`)`
			`expected_params = {`
			`client_cert_data: 'the certificate data',`
			`client_key_data: 'the key data',`
			`client_key_pass: 'open sesame'`
			`}`

New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`expect(Gitlab::HTTP).to receive(:post).with(dummy_url, hash_including(expected_params))`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30
			`client.request_access`
			`end`

			`it 'returns an expected response' do`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`expect(Gitlab::HTTP).to receive(:post)`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30
			`expect(client.request_access)`
			`.to be_kind_of(::Gitlab::ExternalAuthorization::Response)`
			`end`

			`it 'wraps exceptions if the request fails' do`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`expect(Gitlab::HTTP).to receive(:post) { raise Gitlab::HTTP::BlockedUrlError.new('the request broke') }`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30
			`expect { client.request_access }`
			`.to raise_error(::Gitlab::ExternalAuthorization::RequestFailed)`
			`end`

New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`it 'passes local request setting to Gitlab::HTTP' do`
			`stub_application_setting(allow_local_requests_from_system_hooks: false)`

			`expect(Gitlab::HTTP).to receive(:post).with(dummy_url, hash_including(allow_local_requests: false))`

			`client.request_access`
			`end`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`describe 'for ldap users' do`
			`let(:user) do`
			`create(:omniauth_user,`
			`email: 'dummy_user@example.com',`
			`extern_uid: 'external id',`
			`provider: 'ldapprovider')`
			`end`

New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`it 'includes the ldap dn and identities for ldap users' do`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`expected_body = {`
			`user_identifier: 'dummy_user@example.com',`
			`project_classification_label: 'dummy_label',`
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`identities: [{ provider: 'ldapprovider', extern_uid: 'external id' }],`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`user_ldap_dn: 'external id'`
			`}.to_json`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`expect(Gitlab::HTTP).to receive(:post)`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`.with(dummy_url, hash_including(body: expected_body))`

			`client.request_access`
			`end`
			`end`
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30
			`describe 'for non-ldap users with identities' do`
			`before do`
			`%w(twitter facebook).each do \|provider\|`
			`create(:identity, provider: provider, extern_uid: "#{provider}_external_id", user: user)`
			`end`
			`end`

			`it 'includes all the identities' do`
			`expected_body = {`
			`user_identifier: 'dummy_user@example.com',`
			`project_classification_label: 'dummy_label',`
			`identities: [`
			`{ provider: 'twitter', extern_uid: 'twitter_external_id' },`
			`{ provider: 'facebook', extern_uid: 'facebook_external_id' }`
			`]`
			`}.to_json`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`expect(Gitlab::HTTP).to receive(:post)`
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`.with(dummy_url, hash_including(body: expected_body))`

			`client.request_access`
			`end`
			`end`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`end`
			`end`