summaryrefslogtreecommitdiff
path: root/spec/requests/openid_connect_spec.rb
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-09-20 13:18:24 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-09-20 13:18:24 +0000
commit0653e08efd039a5905f3fa4f6e9cef9f5d2f799c (patch)
tree4dcc884cf6d81db44adae4aa99f8ec1233a41f55 /spec/requests/openid_connect_spec.rb
parent744144d28e3e7fddc117924fef88de5d9674fe4c (diff)
downloadgitlab-ce-0653e08efd039a5905f3fa4f6e9cef9f5d2f799c.tar.gz
Add latest changes from gitlab-org/gitlab@14-3-stable-eev14.3.0-rc42
Diffstat (limited to 'spec/requests/openid_connect_spec.rb')
-rw-r--r--spec/requests/openid_connect_spec.rb28
1 files changed, 27 insertions, 1 deletions
diff --git a/spec/requests/openid_connect_spec.rb b/spec/requests/openid_connect_spec.rb
index 5bf786f2290..5ec23382698 100644
--- a/spec/requests/openid_connect_spec.rb
+++ b/spec/requests/openid_connect_spec.rb
@@ -149,7 +149,15 @@ RSpec.describe 'OpenID Connect requests' do
end
context 'ID token payload' do
+ let!(:group1) { create :group }
+ let!(:group2) { create :group }
+ let!(:group3) { create :group, parent: group2 }
+ let!(:group4) { create :group, parent: group3 }
+
before do
+ group1.add_user(user, Gitlab::Access::OWNER)
+ group3.add_user(user, Gitlab::Access::DEVELOPER)
+
request_access_token!
@payload = JSON::JWT.decode(json_response['id_token'], :skip_verification)
end
@@ -175,7 +183,12 @@ RSpec.describe 'OpenID Connect requests' do
end
it 'does not include any unknown properties' do
- expect(@payload.keys).to eq %w[iss sub aud exp iat auth_time sub_legacy email email_verified]
+ expect(@payload.keys).to eq %w[iss sub aud exp iat auth_time sub_legacy email email_verified groups_direct]
+ end
+
+ it 'does include groups' do
+ expected_groups = [group1.full_path, group3.full_path]
+ expect(@payload['groups_direct']).to match_array(expected_groups)
end
end
@@ -331,7 +344,15 @@ RSpec.describe 'OpenID Connect requests' do
end
context 'ID token payload' do
+ let!(:group1) { create :group }
+ let!(:group2) { create :group }
+ let!(:group3) { create :group, parent: group2 }
+ let!(:group4) { create :group, parent: group3 }
+
before do
+ group1.add_user(user, Gitlab::Access::OWNER)
+ group3.add_user(user, Gitlab::Access::DEVELOPER)
+
request_access_token!
@payload = JSON::JWT.decode(json_response['id_token'], :skip_verification)
end
@@ -343,6 +364,11 @@ RSpec.describe 'OpenID Connect requests' do
it 'has true in email_verified claim' do
expect(@payload['email_verified']).to eq(true)
end
+
+ it 'does include groups' do
+ expected_groups = [group1.full_path, group3.full_path]
+ expect(@payload['groups_direct']).to match_array(expected_groups)
+ end
end
end
end