diff options
Diffstat (limited to 'spec/controllers/omniauth_callbacks_controller_spec.rb')
-rw-r--r-- | spec/controllers/omniauth_callbacks_controller_spec.rb | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/spec/controllers/omniauth_callbacks_controller_spec.rb b/spec/controllers/omniauth_callbacks_controller_spec.rb index 3f7f0c55f38..291d51348e6 100644 --- a/spec/controllers/omniauth_callbacks_controller_spec.rb +++ b/spec/controllers/omniauth_callbacks_controller_spec.rb @@ -170,6 +170,11 @@ RSpec.describe OmniauthCallbacksController, type: :controller do expect(request.env['warden']).to be_authenticated end + it 'creates an authentication event record' do + expect { post provider }.to change { AuthenticationEvent.count }.by(1) + expect(AuthenticationEvent.last.provider).to eq(provider.to_s) + end + context 'when user has no linked provider' do let(:user) { create(:user) } @@ -276,6 +281,51 @@ RSpec.describe OmniauthCallbacksController, type: :controller do end end + context 'atlassian_oauth2' do + let(:provider) { :atlassian_oauth2 } + let(:extern_uid) { 'my-uid' } + + context 'when the user and identity already exist' do + let(:user) { create(:atlassian_user, extern_uid: extern_uid) } + + it 'allows sign-in' do + post :atlassian_oauth2 + + expect(request.env['warden']).to be_authenticated + end + end + + context 'for a new user' do + before do + stub_omniauth_setting(enabled: true, auto_link_user: true, allow_single_sign_on: ['atlassian_oauth2']) + + user.destroy + end + + it 'denies sign-in if sign-up is enabled, but block_auto_created_users is set' do + post :atlassian_oauth2 + + expect(flash[:alert]).to start_with 'Your account has been blocked.' + end + + it 'accepts sign-in if sign-up is enabled' do + stub_omniauth_setting(block_auto_created_users: false) + + post :atlassian_oauth2 + + expect(request.env['warden']).to be_authenticated + end + + it 'denies sign-in if sign-up is not enabled' do + stub_omniauth_setting(allow_single_sign_on: false, block_auto_created_users: false) + + post :atlassian_oauth2 + + expect(flash[:alert]).to start_with 'Signing in using your Atlassian account without a pre-existing GitLab account is not allowed.' + end + end + end + context 'salesforce' do let(:extern_uid) { 'my-uid' } let(:provider) { :salesforce } |