WIP: Adding LDAP login feature specsjej/refactor-omniauth-controller

author: James Edwards-Jones <jedwardsjones@gitlab.com> 2018-02-17 18:50:38 +0000
committer: James Edwards-Jones <jedwardsjones@gitlab.com> 2018-02-17 21:02:29 +0000
commit: 1a0b733105c85578d3dfa7fd3950ab4e6164ed29 (patch)
tree: 999fdf572ecd2ac412a8785ea07ba22a9ca9cac3
parent: 2dcf1c10dd6a9f7f852a079f92688aaa75301e30 (diff)
download: gitlab-ce-jej/refactor-omniauth-controller.tar.gz
3 files changed, 70 insertions, 10 deletions
diff --git a/config/routes/user.rb b/config/routes/user.rb
index 4b51b46abf4..0efdbedaa21 100644
--- a/config/routes/user.rb
+++ b/config/routes/user.rb
@@ -1,16 +1,18 @@
 require 'constraints/user_url_constrainer'
 
 # Use custom controller for LDAP omniauth callback
+# This is usually set from `ActionDispatch::Routing::Mapper#devise_omniauth_callback`
 if Gitlab::LDAP::Config.enabled?
   devise_scope :user do
     Gitlab::LDAP::Config.available_servers.each do |server|
       provider = server['provider_name']
+      #path_prefix = Devise.omniauth_path_prefix || "/#{mapping.fullpath}/auth".squeeze("/")
       path_prefix = '/users/auth'
       controller = 'ldap/omniauth_callbacks'
 
       match "#{path_prefix}/#{provider}/callback",
         to: "#{controller}##{provider}",
-        as: "#{provider}_omniauth_callback",
+        #as: "#{provider}_omniauth_callback",
         via: [:get, :post]
     end
   end
diff --git a/spec/features/oauth_login_spec.rb b/spec/features/oauth_login_spec.rb
index 013cdaa6479..4b8d15ec8dc 100644
--- a/spec/features/oauth_login_spec.rb
+++ b/spec/features/oauth_login_spec.rb
@@ -13,9 +13,6 @@ feature 'OAuth Login', :js, :allow_forgery_protection do
     stub_omniauth_provider(provider)
   end
 
-  providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2,
-               :facebook, :cas3, :auth0, :authentiq]
-
   before(:all) do
     # The OmniAuth `full_host` parameter doesn't get set correctly (it gets set to something like `http://localhost`
     # here), and causes integration tests to fail with 404s. We set the `full_host` by removing the request path (and
@@ -29,20 +26,21 @@ feature 'OAuth Login', :js, :allow_forgery_protection do
   end
 
   def login_with_provider(provider, enter_two_factor: false)
-    login_via(provider.to_s, user, uid, remember_me: remember_me)
+    if provider.to_s.starts_with?('ldap')
+      gitlab_ldap_sign_with(user, remember: remember_me)
+    else
+      login_via(provider.to_s, user, uid, remember_me: remember_me)
+    end
+
     enter_code(user.current_otp) if enter_two_factor
   end
 
-  providers.each do |provider|
-    context "when the user logs in using the #{provider} provider" do
+    shared_context 'login_context' do
       let(:uid) { 'my-uid' }
       let(:remember_me) { false }
       let(:user) { create(:omniauth_user, extern_uid: uid, provider: provider.to_s) }
       let(:two_factor_user) { create(:omniauth_user, :two_factor, extern_uid: uid, provider: provider.to_s) }
 
-      before do
-        stub_omniauth_config(provider)
-      end
 
       context 'when two-factor authentication is disabled' do
         it 'logs the user in' do
@@ -116,5 +114,53 @@ feature 'OAuth Login', :js, :allow_forgery_protection do
         end
       end
     end
+
+  providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2,
+               :facebook, :cas3, :auth0, :authentiq]
+  providers.each do |provider|
+    context "when the user logs in using the #{provider} provider" do
+      let(:provider) { provider }
+
+      before do
+        stub_omniauth_config(provider)
+      end
+
+      include_context 'login_context'
+    end
+  end
+
+  context 'via ldap' do
+    before do
+      providers = Gitlab::OAuth::Provider.providers << :ldapmain
+      allow(Gitlab::OAuth::Provider).to receive(:providers).and_return(providers)
+      allow(User).to receive(:omniauth_providers).and_return(providers)
+    end
+
+    #TODO: deduplicate with controller spec
+    let(:provider) { 'ldapmain' }
+    let(:valid_login?) { true }
+    let(:ldap_server_config) do
+      { main: ldap_config_defaults(:main) }
+    end
+    def ldap_config_defaults(key, hash = {})
+      {
+        provider_name: "ldap#{key}",
+        attributes: {},
+        encryption: 'plain'
+      }.merge(hash)
+    end
+    #TODO: De-duplicate this with controller spec
+    before do
+      stub_ldap_setting(enabled: true, servers: ldap_server_config)
+      Ldap::OmniauthCallbacksController.define_providers!
+      Rails.application.reload_routes!
+
+      mock_auth_hash(provider.to_s, uid, user.email)
+      stub_omniauth_provider(provider)
+
+      allow(Gitlab::LDAP::Access).to receive(:allowed?).and_return(valid_login?)
+    end
+
+    include_context 'login_context'
   end
 end
diff --git a/spec/support/login_helpers.rb b/spec/support/login_helpers.rb
index cd01684a76d..09348229a9b 100644
--- a/spec/support/login_helpers.rb
+++ b/spec/support/login_helpers.rb
@@ -77,6 +77,18 @@ module LoginHelpers
     click_button "Sign in"
   end
 
+  def gitlab_ldap_sign_with(user, remember: false)
+    visit new_user_session_path
+
+    within '#new_ldap_user' do
+      fill_in 'username', with: user.username
+      fill_in 'Password', with: "12345678"
+      check 'remember_me' if remember
+    end
+
+    click_button "Sign in"
+  end
+
   def login_via(provider, user, uid, remember_me: false)
     mock_auth_hash(provider, uid, user.email)
     visit new_user_session_path
author	James Edwards-Jones <jedwardsjones@gitlab.com>	2018-02-17 18:50:38 +0000
committer	James Edwards-Jones <jedwardsjones@gitlab.com>	2018-02-17 21:02:29 +0000
commit	1a0b733105c85578d3dfa7fd3950ab4e6164ed29 (patch)
tree	999fdf572ecd2ac412a8785ea07ba22a9ca9cac3
parent	2dcf1c10dd6a9f7f852a079f92688aaa75301e30 (diff)
download	gitlab-ce-jej/refactor-omniauth-controller.tar.gz