Merge branch 'security-bypass-email-verification-using-salesforce' into '12-3-stable'

Prevent Bypassing Email Verification using Salesforce See merge request gitlab/gitlabhq!3395
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-09-26 13:53:31 +0000
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-09-26 13:53:31 +0000
commit: 8f2372d5bebaf724df96a4dda0f1e37d7ad23bff (patch)
tree: 90f8955ef65e175b22604eed9e5b61da74a96af2 /spec/features
parent: fc921391d26120198a81be24389cfc1b8c668cbe (diff)
parent: f554557615fc68082a38df97e8d165a67d8578b9 (diff)
download: gitlab-ce-8f2372d5bebaf724df96a4dda0f1e37d7ad23bff.tar.gz
1 files changed, 11 insertions, 10 deletions
diff --git a/spec/features/oauth_login_spec.rb b/spec/features/oauth_login_spec.rb
index c6e69fa3fb0..4a1e8598131 100644
--- a/spec/features/oauth_login_spec.rb
+++ b/spec/features/oauth_login_spec.rb
@@ -22,8 +22,8 @@ describe 'OAuth Login', :js, :allow_forgery_protection do
     with_omniauth_full_host { example.run }
   end
 
-  def login_with_provider(provider, enter_two_factor: false)
-    login_via(provider.to_s, user, uid, remember_me: remember_me)
+  def login_with_provider(provider, enter_two_factor: false, additional_info: {})
+    login_via(provider.to_s, user, uid, remember_me: remember_me, additional_info: additional_info)
     enter_code(user.current_otp) if enter_two_factor
   end
 
@@ -33,6 +33,7 @@ describe 'OAuth Login', :js, :allow_forgery_protection do
       let(:remember_me) { false }
       let(:user) { create(:omniauth_user, extern_uid: uid, provider: provider.to_s) }
       let(:two_factor_user) { create(:omniauth_user, :two_factor, extern_uid: uid, provider: provider.to_s) }
+      provider == :salesforce ? let(:additional_info) { { extra: { email_verified: true } } } : let(:additional_info) { {} }
 
       before do
         stub_omniauth_config(provider)
@@ -41,7 +42,7 @@ describe 'OAuth Login', :js, :allow_forgery_protection do
 
       context 'when two-factor authentication is disabled' do
         it 'logs the user in' do
-          login_with_provider(provider)
+          login_with_provider(provider, additional_info: additional_info)
 
           expect(current_path).to eq root_path
         end
@@ -51,20 +52,20 @@ describe 'OAuth Login', :js, :allow_forgery_protection do
         let(:user) { two_factor_user }
 
         it 'logs the user in' do
-          login_with_provider(provider, enter_two_factor: true)
+          login_with_provider(provider, additional_info: additional_info, enter_two_factor: true)
 
           expect(current_path).to eq root_path
         end
 
         it 'when bypass-two-factor is enabled' do
           allow(Gitlab.config.omniauth).to receive_messages(allow_bypass_two_factor: true)
-          login_via(provider.to_s, user, uid, remember_me: false)
+          login_via(provider.to_s, user, uid, remember_me: false, additional_info: additional_info)
           expect(current_path).to eq root_path
         end
 
         it 'when bypass-two-factor is disabled' do
           allow(Gitlab.config.omniauth).to receive_messages(allow_bypass_two_factor: false)
-          login_with_provider(provider, enter_two_factor: true)
+          login_with_provider(provider, enter_two_factor: true, additional_info: additional_info)
           expect(current_path).to eq root_path
         end
       end
@@ -74,7 +75,7 @@ describe 'OAuth Login', :js, :allow_forgery_protection do
 
         context 'when two-factor authentication is disabled' do
           it 'remembers the user after a browser restart' do
-            login_with_provider(provider)
+            login_with_provider(provider, additional_info: additional_info)
 
             clear_browser_session
 
@@ -87,7 +88,7 @@ describe 'OAuth Login', :js, :allow_forgery_protection do
           let(:user) { two_factor_user }
 
           it 'remembers the user after a browser restart' do
-            login_with_provider(provider, enter_two_factor: true)
+            login_with_provider(provider, enter_two_factor: true, additional_info: additional_info)
 
             clear_browser_session
 
@@ -100,7 +101,7 @@ describe 'OAuth Login', :js, :allow_forgery_protection do
       context 'when "remember me" is not checked' do
         context 'when two-factor authentication is disabled' do
           it 'does not remember the user after a browser restart' do
-            login_with_provider(provider)
+            login_with_provider(provider, additional_info: additional_info)
 
             clear_browser_session
 
@@ -113,7 +114,7 @@ describe 'OAuth Login', :js, :allow_forgery_protection do
           let(:user) { two_factor_user }
 
           it 'does not remember the user after a browser restart' do
-            login_with_provider(provider, enter_two_factor: true)
+            login_with_provider(provider, enter_two_factor: true, additional_info: additional_info)
 
             clear_browser_session
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-09-26 13:53:31 +0000
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-09-26 13:53:31 +0000
commit	8f2372d5bebaf724df96a4dda0f1e37d7ad23bff (patch)
tree	90f8955ef65e175b22604eed9e5b61da74a96af2 /spec/features
parent	fc921391d26120198a81be24389cfc1b8c668cbe (diff)
parent	f554557615fc68082a38df97e8d165a67d8578b9 (diff)
download	gitlab-ce-8f2372d5bebaf724df96a4dda0f1e37d7ad23bff.tar.gz