PageRenderTime 50ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 0ms

/spec/features/oauth_login_spec.rb

https://gitlab.com/wolfgang42/gitlab-ce
Ruby | 128 lines | 96 code | 31 blank | 1 comment | 2 complexity | 43c5afab4bd089337494cffdddf2fb0b MD5 | raw file
    

  1. # frozen_string_literal: true
    2. 

  2. 

  3. require 'spec_helper'
    4. 

  4. 

  5. describe 'OAuth Login', :js, :allow_forgery_protection do
    6. 

  6.   include DeviseHelpers
    7. 

  7. 

  8.   def enter_code(code)
    9. 

  9.     fill_in 'user_otp_attempt', with: code
    10. 

  10.     click_button 'Verify code'
    11. 

  11.   end
    12. 

  12. 

  13.   def stub_omniauth_config(provider)
    14. 

  14.     OmniAuth.config.add_mock(provider, OmniAuth::AuthHash.new(provider: provider.to_s, uid: "12345"))
    15. 

  15.     stub_omniauth_provider(provider)
    16. 

  16.   end
    17. 

  17. 

  18.   providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2,
    19. 

  19.                :facebook, :cas3, :auth0, :authentiq, :salesforce]
    20. 

  20. 

  21.   around(:all) do |example|
    22. 

  22.     with_omniauth_full_host { example.run }
    23. 

  23.   end
    24. 

  24. 

  25.   def login_with_provider(provider, enter_two_factor: false, additional_info: {})
    26. 

  26.     login_via(provider.to_s, user, uid, remember_me: remember_me, additional_info: additional_info)
    27. 

  27.     enter_code(user.current_otp) if enter_two_factor
    28. 

  28.   end
    29. 

  29. 

  30.   providers.each do |provider|
    31. 

  31.     context "when the user logs in using the #{provider} provider" do
    32. 

  32.       let(:uid) { 'my-uid' }
    33. 

  33.       let(:remember_me) { false }
    34. 

  34.       let(:user) { create(:omniauth_user, extern_uid: uid, provider: provider.to_s) }
    35. 

  35.       let(:two_factor_user) { create(:omniauth_user, :two_factor, extern_uid: uid, provider: provider.to_s) }
    36. 

  36.       provider == :salesforce ? let(:additional_info) { { extra: { email_verified: true } } } : let(:additional_info) { {} }
    37. 

  37. 

  38.       before do
    39. 

  39.         stub_omniauth_config(provider)
    40. 

  40.         expect(ActiveSession).to receive(:cleanup).with(user).at_least(:once).and_call_original
    41. 

  41.       end
    42. 

  42. 

  43.       context 'when two-factor authentication is disabled' do
    44. 

  44.         it 'logs the user in' do
    45. 

  45.           login_with_provider(provider, additional_info: additional_info)
    46. 

  46. 

  47.           expect(current_path).to eq root_path
    48. 

  48.         end
    49. 

  49.       end
    50. 

  50. 

  51.       context 'when two-factor authentication is enabled' do
    52. 

  52.         let(:user) { two_factor_user }
    53. 

  53. 

  54.         it 'logs the user in' do
    55. 

  55.           login_with_provider(provider, additional_info: additional_info, enter_two_factor: true)
    56. 

  56. 

  57.           expect(current_path).to eq root_path
    58. 

  58.         end
    59. 

  59. 

  60.         it 'when bypass-two-factor is enabled' do
    61. 

  61.           allow(Gitlab.config.omniauth).to receive_messages(allow_bypass_two_factor: true)
    62. 

  62.           login_via(provider.to_s, user, uid, remember_me: false, additional_info: additional_info)
    63. 

  63.           expect(current_path).to eq root_path
    64. 

  64.         end
    65. 

  65. 

  66.         it 'when bypass-two-factor is disabled' do
    67. 

  67.           allow(Gitlab.config.omniauth).to receive_messages(allow_bypass_two_factor: false)
    68. 

  68.           login_with_provider(provider, enter_two_factor: true, additional_info: additional_info)
    69. 

  69.           expect(current_path).to eq root_path
    70. 

  70.         end
    71. 

  71.       end
    72. 

  72. 

  73.       context 'when "remember me" is checked' do
    74. 

  74.         let(:remember_me) { true }
    75. 

  75. 

  76.         context 'when two-factor authentication is disabled' do
    77. 

  77.           it 'remembers the user after a browser restart' do
    78. 

  78.             login_with_provider(provider, additional_info: additional_info)
    79. 

  79. 

  80.             clear_browser_session
    81. 

  81. 

  82.             visit(root_path)
    83. 

  83.             expect(current_path).to eq root_path
    84. 

  84.           end
    85. 

  85.         end
    86. 

  86. 

  87.         context 'when two-factor authentication is enabled' do
    88. 

  88.           let(:user) { two_factor_user }
    89. 

  89. 

  90.           it 'remembers the user after a browser restart' do
    91. 

  91.             login_with_provider(provider, enter_two_factor: true, additional_info: additional_info)
    92. 

  92. 

  93.             clear_browser_session
    94. 

  94. 

  95.             visit(root_path)
    96. 

  96.             expect(current_path).to eq root_path
    97. 

  97.           end
    98. 

  98.         end
    99. 

  99.       end
    100. 

  100. 

  101.       context 'when "remember me" is not checked' do
    102. 

  102.         context 'when two-factor authentication is disabled' do
    103. 

  103.           it 'does not remember the user after a browser restart' do
    104. 

  104.             login_with_provider(provider, additional_info: additional_info)
    105. 

  105. 

  106.             clear_browser_session
    107. 

  107. 

  108.             visit(root_path)
    109. 

  109.             expect(current_path).to eq new_user_session_path
    110. 

  110.           end
    111. 

  111.         end
    112. 

  112. 

  113.         context 'when two-factor authentication is enabled' do
    114. 

  114.           let(:user) { two_factor_user }
    115. 

  115. 

  116.           it 'does not remember the user after a browser restart' do
    117. 

  117.             login_with_provider(provider, enter_two_factor: true, additional_info: additional_info)
    118. 

  118. 

  119.             clear_browser_session
    120. 

  120. 

  121.             visit(root_path)
    122. 

  122.             expect(current_path).to eq new_user_session_path
    123. 

  123.           end
    124. 

  124.         end
    125. 

  125.       end
    126. 

  126.     end
    127. 

  127.   end
    128. 

  128. end
    129. 

  129.