Honor saml assurance level to allow 2FA bypassing

author: Roger Rüttimann <roger.ruettimann@gmail.com> 2018-06-25 15:32:03 +0000
committer: Douwe Maan <douwe@gitlab.com> 2018-06-25 15:32:03 +0000
commit: 2efe27ba181daa18db9e227b13be428ebdfc23f1 (patch)
tree: eea8a62ad5159b63cec5e367f4be49bfd09aec97 /spec/dependencies
parent: 77fe416681a553005f9ec769113555830c8fb07c (diff)
download: gitlab-ce-2efe27ba181daa18db9e227b13be428ebdfc23f1.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/spec/dependencies/omniauth_saml_spec.rb b/spec/dependencies/omniauth_saml_spec.rb
new file mode 100644
index 00000000000..ccc604dc230
--- /dev/null
+++ b/spec/dependencies/omniauth_saml_spec.rb
@@ -0,0 +1,22 @@
+require 'spec_helper'
+require 'omniauth/strategies/saml'
+
+describe 'processing of SAMLResponse in dependencies' do
+  let(:mock_saml_response) { File.read('spec/fixtures/authentication/saml_response.xml') }
+  let(:saml_strategy) { OmniAuth::Strategies::SAML.new({}) }
+  let(:session_mock) { {} }
+  let(:settings) { OpenStruct.new({ soft: false, idp_cert_fingerprint: 'something' }) }
+  let(:auth_hash) { Gitlab::Auth::Saml::AuthHash.new(saml_strategy) }
+
+  subject { auth_hash.authn_context }
+
+  before do
+    allow(saml_strategy).to receive(:session).and_return(session_mock)
+    allow_any_instance_of(OneLogin::RubySaml::Response).to receive(:is_valid?).and_return(true)
+    saml_strategy.send(:handle_response, mock_saml_response, {}, settings ) { }
+  end
+
+  it 'can extract AuthnContextClassRef from SAMLResponse param' do
+    is_expected.to eq 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'
+  end
+end
author	Roger Rüttimann <roger.ruettimann@gmail.com>	2018-06-25 15:32:03 +0000
committer	Douwe Maan <douwe@gitlab.com>	2018-06-25 15:32:03 +0000
commit	2efe27ba181daa18db9e227b13be428ebdfc23f1 (patch)
tree	eea8a62ad5159b63cec5e367f4be49bfd09aec97 /spec/dependencies
parent	77fe416681a553005f9ec769113555830c8fb07c (diff)
download	gitlab-ce-2efe27ba181daa18db9e227b13be428ebdfc23f1.tar.gz