summaryrefslogtreecommitdiff
path: root/spec/controllers/profiles
diff options
context:
space:
mode:
authorTiago Botelho <tiagonbotelho@hotmail.com>2017-03-28 11:33:51 +0100
committerTiago Botelho <tiagonbotelho@hotmail.com>2017-03-31 18:42:34 +0100
commitb9adf92f3c96d5f24fa413944dff3b932740a613 (patch)
treeebb38fe8bfadf720dc1fc4948f5f7fde3749ba2c /spec/controllers/profiles
parent19a4403443ff6217e6a024667f8ef1eea2f38f4a (diff)
downloadgitlab-ce-b9adf92f3c96d5f24fa413944dff3b932740a613.tar.gz
Prevent users from disconnecting gitlab account from CAS
Diffstat (limited to 'spec/controllers/profiles')
-rw-r--r--spec/controllers/profiles/accounts_controller_spec.rb52
1 files changed, 37 insertions, 15 deletions
diff --git a/spec/controllers/profiles/accounts_controller_spec.rb b/spec/controllers/profiles/accounts_controller_spec.rb
index 18148acde3e..2f9d18e3a0e 100644
--- a/spec/controllers/profiles/accounts_controller_spec.rb
+++ b/spec/controllers/profiles/accounts_controller_spec.rb
@@ -1,25 +1,47 @@
require 'spec_helper'
describe Profiles::AccountsController do
- let(:user) { create(:omniauth_user, provider: 'saml') }
+ describe 'DELETE unlink' do
+ let(:user) { create(:omniauth_user) }
- before do
- sign_in(user)
- end
+ before do
+ sign_in(user)
+ end
- it 'does not allow to unlink SAML connected account' do
- identity = user.identities.last
- delete :unlink, provider: 'saml'
- updated_user = User.find(user.id)
+ it 'renders 404 if someone tries to unlink a non existent provider' do
+ delete :unlink, provider: 'github'
- expect(response).to have_http_status(302)
- expect(updated_user.identities.size).to eq(1)
- expect(updated_user.identities).to include(identity)
- end
+ expect(response).to have_http_status(404)
+ end
+
+ [:saml, :cas3].each do |provider|
+ describe "#{provider} provider" do
+ let(:user) { create(:omniauth_user, provider: provider.to_s) }
+
+ it "does not allow to unlink connected account" do
+ identity = user.identities.last
+
+ delete :unlink, provider: provider.to_s
+
+ expect(response).to have_http_status(302)
+ expect(user.reload.identities).to include(identity)
+ end
+ end
+ end
+
+ [:twitter, :facebook, :google_oauth2, :gitlab, :github, :bitbucket, :crowd, :auth0].each do |provider|
+ describe "#{provider} provider" do
+ let(:user) { create(:omniauth_user, provider: provider.to_s) }
+
+ it 'allows to unlink connected account' do
+ identity = user.identities.last
- it 'does allow to delete other linked accounts' do
- user.identities.create(provider: 'twitter', extern_uid: 'twitter_123')
+ delete :unlink, provider: provider.to_s
- expect { delete :unlink, provider: 'twitter' }.to change(Identity.all, :size).by(-1)
+ expect(response).to have_http_status(302)
+ expect(user.reload.identities).not_to include(identity)
+ end
+ end
+ end
end
end
View Lorry Controller Status