debian-mirror-gitlab/spec/controllers/omniauth_callbacks_controller_spec.rb

93 lines
2.3 KiB
Ruby
Raw Normal View History

2018-03-17 18:26:18 +05:30
require 'spec_helper'
describe OmniauthCallbacksController do
include LoginHelpers
2018-03-26 14:24:53 +05:30
let(:user) { create(:omniauth_user, extern_uid: extern_uid, provider: provider) }
2018-03-17 18:26:18 +05:30
before do
2018-03-26 14:24:53 +05:30
mock_auth_hash(provider.to_s, extern_uid, user.email)
2018-03-17 18:26:18 +05:30
stub_omniauth_provider(provider, context: request)
end
2018-03-26 14:24:53 +05:30
context 'github' do
let(:extern_uid) { 'my-uid' }
let(:provider) { :github }
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
it 'allows sign in' do
post provider
expect(request.env['warden']).to be_authenticated
end
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
shared_context 'sign_up' do
let(:user) { double(email: 'new@example.com') }
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
before do
stub_omniauth_setting(block_auto_created_users: false)
end
2018-03-17 18:26:18 +05:30
end
2018-03-26 14:24:53 +05:30
context 'sign up' do
include_context 'sign_up'
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
it 'is allowed' do
post provider
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
expect(request.env['warden']).to be_authenticated
end
2018-03-17 18:26:18 +05:30
end
2018-03-26 14:24:53 +05:30
context 'when OAuth is disabled' do
before do
stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
settings = Gitlab::CurrentSettings.current_application_settings
settings.update(disabled_oauth_sign_in_sources: [provider.to_s])
end
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
it 'prevents login via POST' do
post provider
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
expect(request.env['warden']).not_to be_authenticated
end
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
it 'shows warning when attempting login' do
post provider
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
expect(response).to redirect_to new_user_session_path
expect(flash[:alert]).to eq('Signing in using GitHub has been disabled')
end
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
it 'allows linking the disabled provider' do
user.identities.destroy_all
sign_in(user)
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
expect { post provider }.to change { user.reload.identities.count }.by(1)
end
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
context 'sign up' do
include_context 'sign_up'
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
it 'is prevented' do
post provider
2018-03-17 18:26:18 +05:30
2018-03-26 14:24:53 +05:30
expect(request.env['warden']).not_to be_authenticated
end
2018-03-17 18:26:18 +05:30
end
end
end
2018-03-26 14:24:53 +05:30
context 'auth0' do
let(:extern_uid) { '' }
let(:provider) { :auth0 }
it 'does not allow sign in without extern_uid' do
post 'auth0'
expect(request.env['warden']).not_to be_authenticated
expect(response.status).to eq(302)
expect(controller).to set_flash[:alert].to('Wrong extern UID provided. Make sure Auth0 is configured correctly.')
end
end
2018-03-17 18:26:18 +05:30
end