diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-20 13:18:24 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-20 13:18:24 +0000 |
commit | 0653e08efd039a5905f3fa4f6e9cef9f5d2f799c (patch) | |
tree | 4dcc884cf6d81db44adae4aa99f8ec1233a41f55 /spec/requests/openid_connect_spec.rb | |
parent | 744144d28e3e7fddc117924fef88de5d9674fe4c (diff) | |
download | gitlab-ce-0653e08efd039a5905f3fa4f6e9cef9f5d2f799c.tar.gz |
Add latest changes from gitlab-org/gitlab@14-3-stable-eev14.3.0-rc42
Diffstat (limited to 'spec/requests/openid_connect_spec.rb')
-rw-r--r-- | spec/requests/openid_connect_spec.rb | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/spec/requests/openid_connect_spec.rb b/spec/requests/openid_connect_spec.rb index 5bf786f2290..5ec23382698 100644 --- a/spec/requests/openid_connect_spec.rb +++ b/spec/requests/openid_connect_spec.rb @@ -149,7 +149,15 @@ RSpec.describe 'OpenID Connect requests' do end context 'ID token payload' do + let!(:group1) { create :group } + let!(:group2) { create :group } + let!(:group3) { create :group, parent: group2 } + let!(:group4) { create :group, parent: group3 } + before do + group1.add_user(user, Gitlab::Access::OWNER) + group3.add_user(user, Gitlab::Access::DEVELOPER) + request_access_token! @payload = JSON::JWT.decode(json_response['id_token'], :skip_verification) end @@ -175,7 +183,12 @@ RSpec.describe 'OpenID Connect requests' do end it 'does not include any unknown properties' do - expect(@payload.keys).to eq %w[iss sub aud exp iat auth_time sub_legacy email email_verified] + expect(@payload.keys).to eq %w[iss sub aud exp iat auth_time sub_legacy email email_verified groups_direct] + end + + it 'does include groups' do + expected_groups = [group1.full_path, group3.full_path] + expect(@payload['groups_direct']).to match_array(expected_groups) end end @@ -331,7 +344,15 @@ RSpec.describe 'OpenID Connect requests' do end context 'ID token payload' do + let!(:group1) { create :group } + let!(:group2) { create :group } + let!(:group3) { create :group, parent: group2 } + let!(:group4) { create :group, parent: group3 } + before do + group1.add_user(user, Gitlab::Access::OWNER) + group3.add_user(user, Gitlab::Access::DEVELOPER) + request_access_token! @payload = JSON::JWT.decode(json_response['id_token'], :skip_verification) end @@ -343,6 +364,11 @@ RSpec.describe 'OpenID Connect requests' do it 'has true in email_verified claim' do expect(@payload['email_verified']).to eq(true) end + + it 'does include groups' do + expected_groups = [group1.full_path, group3.full_path] + expect(@payload['groups_direct']).to match_array(expected_groups) + end end end end |