File: omniauth_callbacks_controller_spec.rb

package info (click to toggle)
gitlab 17.6.5-19
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 629,368 kB
  • sloc: ruby: 1,915,304; javascript: 557,307; sql: 60,639; xml: 6,509; sh: 4,567; makefile: 1,239; python: 406
file content (106 lines) | stat: -rw-r--r-- 3,224 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
# frozen_string_literal: true

require 'spec_helper'

RSpec.describe OmniauthCallbacksController, :aggregate_failures, feature_category: :system_access do
  include LoginHelpers
  include SessionHelpers

  let(:user) { create(:user) }
  let(:extern_uid) { generate(:username) }

  describe 'GET /users/auth/jwt/callback' do
    before do
      mock_auth_hash('jwt', extern_uid, user.email)
    end

    around do |example|
      with_omniauth_full_host { example.run }
    end

    context 'when the user is already signed in' do
      before do
        sign_in(user)
      end

      context 'when the user has a JWT identity' do
        before do
          create(:identity, provider: 'jwt', extern_uid: extern_uid, user: user)
        end

        it 'redirects to root path' do
          get user_jwt_omniauth_callback_path

          expect(response).to redirect_to root_path
        end
      end

      context 'when the user does not have a JWT identity' do
        it 'redirects to identities path to receive user authorization before linking the identity' do
          state = SecureRandom.uuid
          allow(SecureRandom).to receive(:uuid).and_return(state)

          get user_jwt_omniauth_callback_path

          expect(response).to redirect_to new_user_settings_identities_path(state: state)
          expect(session['identity_link_state']).to eq(state)
          expect(session['identity_link_extern_uid']).to eq(extern_uid)
          expect(session['identity_link_provider']).to eq('jwt')
        end
      end
    end
  end

  describe '#atlassian_oauth2' do
    describe 'omniauth with strategies for atlassian_oauth2 when the user and identity already exist' do
      shared_context 'with sign_up' do
        let(:extern_uid) { 'my-uid' }
        let(:user) { create(:atlassian_user, extern_uid: extern_uid) }
        let(:expected_context) do
          { 'meta.caller_id' => 'OmniauthCallbacksController#atlassian_oauth2',
            'meta.user' => user.username }
        end

        subject do
          stub_omniauth_setting(block_auto_created_users: false)

          post '/users/auth/atlassian_oauth2/callback'
        end

        include_examples 'set_current_context'
      end
    end
  end

  describe '#saml' do
    let(:last_request_id) { 'ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685' }
    let(:user) { create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: 'saml') }
    let(:mock_saml_response) { File.read('spec/fixtures/authentication/saml_response.xml') }
    let(:saml_config) { mock_saml_config_with_upstream_two_factor_authn_contexts }

    before do
      stub_omniauth_saml_config(
        enabled: true,
        auto_link_saml_user: true,
        allow_single_sign_on: ['saml'],
        providers: [saml_config]
      )
      mock_auth_hash_with_saml_xml('saml', +'my-uid', user.email, mock_saml_response)
    end

    describe 'with IdP initiated request' do
      let(:expected_context) do
        { 'meta.caller_id' => 'OmniauthCallbacksController#saml',
          'meta.user' => user.username }
      end

      subject do
        sign_in user

        post '/users/auth/saml'
      end

      include_examples 'set_current_context'
    end
  end
end