diff options
author | Drew Blessing <drew@gitlab.com> | 2016-09-29 14:08:27 -0500 |
---|---|---|
committer | Drew Blessing <drew@gitlab.com> | 2016-11-08 15:46:10 -0600 |
commit | dc307830571aaca1ff20b409d7075eee83f21fb9 (patch) | |
tree | a71896f007ede5b1605132f112851d18115a426c /spec/tasks/gitlab/check_rake_spec.rb | |
parent | 8d0d8b91e46573e8fe46dc712e84c65708a00b97 (diff) | |
download | gitlab-ce-dc307830571aaca1ff20b409d7075eee83f21fb9.tar.gz |
Introduce better credential and error checking to `rake gitlab:ldap:check`
It was previously possible for invalid credential errors to go unnoticed
in this task. Users would believe everything was configured correctly and
then sign in would fail with 'invalid credentials'. This adds a specific
bind check, plus catches errors connecting to the server. Also, specs :)
Diffstat (limited to 'spec/tasks/gitlab/check_rake_spec.rb')
-rw-r--r-- | spec/tasks/gitlab/check_rake_spec.rb | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/spec/tasks/gitlab/check_rake_spec.rb b/spec/tasks/gitlab/check_rake_spec.rb new file mode 100644 index 00000000000..538ff952bf4 --- /dev/null +++ b/spec/tasks/gitlab/check_rake_spec.rb @@ -0,0 +1,51 @@ +require 'rake_helper' + +describe 'gitlab:ldap:check rake task' do + include LdapHelpers + + before do + Rake.application.rake_require 'tasks/gitlab/check' + + stub_warn_user_is_not_gitlab + end + + context 'when LDAP is not enabled' do + it 'does not attempt to bind or search for users' do + expect(Gitlab::LDAP::Config).not_to receive(:providers) + expect(Gitlab::LDAP::Adapter).not_to receive(:open) + + run_rake_task('gitlab:ldap:check') + end + end + + context 'when LDAP is enabled' do + let(:ldap) { double(:ldap) } + let(:adapter) { ldap_adapter('ldapmain', ldap) } + + before do + allow(Gitlab::LDAP::Config) + .to receive_messages( + enabled?: true, + providers: ['ldapmain'] + ) + allow(Gitlab::LDAP::Adapter).to receive(:open).and_yield(adapter) + allow(adapter).to receive(:users).and_return([]) + end + + it 'attempts to bind using credentials' do + stub_ldap_config(has_auth?: true) + + expect(ldap).to receive(:bind) + + run_rake_task('gitlab:ldap:check') + end + + it 'searches for 100 LDAP users' do + stub_ldap_config(uid: 'uid') + + expect(adapter).to receive(:users).with('uid', '*', 100) + + run_rake_task('gitlab:ldap:check') + end + end +end |