diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-24 15:09:37 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-24 15:09:37 +0000 |
| commit | 8a840df2e433bc39d033b20e64402fa3f56445d3 (patch) | |
| tree | 92a941d06b5ddd3ad3f7ad846bf83f0c33d57dbb /spec/controllers/ldap | |
| parent | 5c8c561ac63d7b8f372316b4409500474220fcda (diff) | |
| download | gitlab-ce-8a840df2e433bc39d033b20e64402fa3f56445d3.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/controllers/ldap')
| -rw-r--r-- | spec/controllers/ldap/omniauth_callbacks_controller_spec.rb | 53 |
1 files changed, 52 insertions, 1 deletions
diff --git a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb index ceab9754617..2e7d3746031 100644 --- a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb +++ b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Ldap::OmniauthCallbacksController do +describe Ldap::OmniauthCallbacksController, :do_not_mock_admin_mode do include_context 'Ldap::OmniauthCallbacksController' it 'allows sign in' do @@ -65,4 +65,55 @@ describe Ldap::OmniauthCallbacksController do expect(request.env['warden']).to be_authenticated end end + + describe 'enable admin mode' do + include_context 'custom session' + + before do + sign_in user + end + + context 'with a regular user' do + it 'cannot be enabled' do + reauthenticate_and_check_admin_mode(expected_admin_mode: false) + + expect(response).to redirect_to(root_path) + end + end + + context 'with an admin user' do + let(:user) { create(:omniauth_user, :admin, extern_uid: uid, provider: provider) } + + context 'when requested first' do + before do + subject.current_user_mode.request_admin_mode! + end + + it 'can be enabled' do + reauthenticate_and_check_admin_mode(expected_admin_mode: true) + + expect(response).to redirect_to(admin_root_path) + end + end + + context 'when not requested first' do + it 'cannot be enabled' do + reauthenticate_and_check_admin_mode(expected_admin_mode: false) + + expect(response).to redirect_to(root_path) + end + end + end + end + + def reauthenticate_and_check_admin_mode(expected_admin_mode:) + # Initially admin mode disabled + expect(subject.current_user_mode.admin_mode?).to be(false) + + # Trigger OmniAuth admin mode flow and expect admin mode status + post provider + + expect(request.env['warden']).to be_authenticated + expect(subject.current_user_mode.admin_mode?).to be(expected_admin_mode) + end end |