1 files changed, 70 insertions, 12 deletions

diff --git a/spec/controllers/concerns/enforces_admin_authentication_spec.rb b/spec/controllers/concerns/enforces_admin_authentication_spec.rb
index e6a6702fdea..019a21e8cf0 100644
--- a/spec/controllers/concerns/enforces_admin_authentication_spec.rb
+++ b/spec/controllers/concerns/enforces_admin_authentication_spec.rb
@@ -2,7 +2,9 @@
 
 require 'spec_helper'
 
-describe EnforcesAdminAuthentication do
+describe EnforcesAdminAuthentication, :do_not_mock_admin_mode do
+  include AdminModeHelper
+
   let(:user) { create(:user) }
 
   before do
@@ -10,30 +12,86 @@ describe EnforcesAdminAuthentication do
   end
 
   controller(ApplicationController) do
-    # `described_class` is not available in this context
-    include EnforcesAdminAuthentication # rubocop:disable RSpec/DescribedClass
+    include EnforcesAdminAuthentication
 
     def index
       head :ok
     end
   end
 
-  describe 'authenticate_admin!' do
-    context 'as an admin' do
-      let(:user) { create(:admin) }
+  context 'feature flag :user_mode_in_session is enabled' do
+    describe 'authenticate_admin!' do
+      context 'as an admin' do
+        let(:user) { create(:admin) }
 
-      it 'renders ok' do
-        get :index
+        it 'renders redirect for re-authentication and does not set admin mode' do
+          get :index
+
+          expect(response).to redirect_to new_admin_session_path
+          expect(assigns(:current_user_mode)&.admin_mode?).to be(false)
+        end
+
+        context 'when admin mode is active' do
+          before do
+            enable_admin_mode!(user)
+          end
+
+          it 'renders ok' do
+            get :index
+
+            expect(response).to have_gitlab_http_status(200)
+          end
+        end
+      end
+
+      context 'as a user' do
+        it 'renders a 404' do
+          get :index
+
+          expect(response).to have_gitlab_http_status(404)
+        end
+
+        it 'does not set admin mode' do
+          get :index
 
-        expect(response).to have_gitlab_http_status(200)
+          # check for nil too since on 404, current_user_mode might not be initialized
+          expect(assigns(:current_user_mode)&.admin_mode?).to be_falsey
+        end
       end
     end
+  end
+
+  context 'feature flag :user_mode_in_session is disabled' do
+    before do
+      stub_feature_flags(user_mode_in_session: false)
+    end
 
-    context 'as a user' do
-      it 'renders a 404' do
+    describe 'authenticate_admin!' do
+      before do
         get :index
+      end
+
+      context 'as an admin' do
+        let(:user) { create(:admin) }
+
+        it 'allows direct access to page' do
+          expect(response).to have_gitlab_http_status(200)
+        end
+
+        it 'does not set admin mode' do
+          expect(assigns(:current_user_mode)&.admin_mode?).to be_falsey
+        end
+      end
+
+      context 'as a user' do
+        it 'renders a 404' do
+          expect(response).to have_gitlab_http_status(404)
+        end
 
-        expect(response).to have_gitlab_http_status(404)
+        it 'does not set admin mode' do
+          # check for nil too since on 404, current_user_mode might not be initialized
+          expect(assigns(:current_user_mode)&.admin_mode?).to be_falsey
+        end
       end
     end
   end