1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe UserSettings::IdentitiesController, feature_category: :system_access do
include LoginHelpers
include SessionHelpers
let(:user) { create(:user) }
let(:state) { SecureRandom.uuid }
before do
sign_in(user)
end
describe 'GET /-/user_settings/identities/new', :clean_gitlab_redis_sessions do
subject(:request) { get new_user_settings_identities_path(state: state) }
context 'when the state matches' do
before do
stub_session(
session_data: {
identity_link_state: state,
identity_link_provider: 'jwt',
identity_link_extern_uid: 'jwt-uid'
}
)
end
it 'returns 200 OK' do
request
expect(response).to have_gitlab_http_status(:ok)
end
context 'when the user has an existing matching identity' do
before do
create(:identity, user: user, provider: 'jwt', extern_uid: 'jwt-uid')
end
it 'redirects to profile account path' do
request
expect(response).to redirect_to profile_account_path
end
end
end
context 'when the state does not match' do
it 'returns 403 forbidden' do
request
expect(response).to have_gitlab_http_status(:forbidden)
end
end
end
describe 'POST /-/user_settings/identities', :clean_gitlab_redis_sessions do
subject(:request) { post user_settings_identities_path }
context 'with valid parameters' do
before do
stub_session(
session_data: {
identity_link_state: state,
identity_link_provider: 'jwt',
identity_link_extern_uid: 'jwt-uid'
}
)
end
it 'redirects and notifies the user that authentication method was updated' do
request
expect(response).to redirect_to profile_account_path
expect(flash[:notice]).to eq(_('Authentication method updated'))
end
end
context 'when required session data is not present' do
before do
stub_session(
session_data: {
identity_link_state: state,
identity_link_provider: 'jwt'
}
)
end
it 'redirects and notifies the user that errors occurred' do
request
expect(response).to redirect_to profile_account_path
expect(flash[:notice]).to eq(
format(_('Error linking identity: %{errors}'), errors: 'Provider and Extern UID must be in the session.')
)
end
end
context 'when saving the identity produces errors' do
before do
create(:identity, provider: 'jwt', extern_uid: 'jwt-uid')
stub_session(
session_data: {
identity_link_state: state,
identity_link_extern_uid: 'jwt-uid',
identity_link_provider: 'jwt'
}
)
end
it 'redirects and notifies the user that errors occurred' do
request
expect(response).to redirect_to profile_account_path
expect(flash[:notice]).to eq(
format(_('Error linking identity: %{errors}'),
errors: "Extern uid has already been taken. " \
"Please contact your administrator to generate a unique extern_uid / NameID")
)
end
end
end
end
|
