1 files changed, 57 insertions, 4 deletions

diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index d1338e34bb8..a4d177da0be 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1769,6 +1769,26 @@ describe User do
     end
   end
 
+  describe '#ultraauth_user?' do
+    it 'is true if provider is ultraauth' do
+      user = create(:omniauth_user, provider: 'ultraauth')
+
+      expect(user.ultraauth_user?).to be_truthy
+    end
+
+    it 'is false with othe provider' do
+      user = create(:omniauth_user, provider: 'not-ultraauth')
+
+      expect(user.ultraauth_user?).to be_falsey
+    end
+
+    it 'is false if no extern_uid is provided' do
+      user = create(:omniauth_user, extern_uid: nil)
+
+      expect(user.ldap_user?).to be_falsey
+    end
+  end
+
   describe '#full_website_url' do
     let(:user) { create(:user) }
 
@@ -2655,9 +2675,9 @@ describe User do
       end
     end
 
-    context 'with 2FA requirement on nested parent group', :nested_groups do
+    context 'with 2FA requirement from expanded groups', :nested_groups do
       let!(:group1) { create :group, require_two_factor_authentication: true }
-      let!(:group1a) { create :group, require_two_factor_authentication: false, parent: group1 }
+      let!(:group1a) { create :group, parent: group1 }
 
       before do
         group1a.add_user(user, GroupMember::OWNER)
@@ -2685,6 +2705,27 @@ describe User do
       end
     end
 
+    context "with 2FA requirement from shared project's group" do
+      let!(:group1) { create :group, require_two_factor_authentication: true }
+      let!(:group2) { create :group }
+      let(:shared_project) { create(:project, namespace: group1) }
+
+      before do
+        shared_project.project_group_links.create!(
+          group: group2,
+          group_access: ProjectGroupLink.default_access
+        )
+
+        group2.add_user(user, GroupMember::OWNER)
+      end
+
+      it 'does not require 2FA' do
+        user.update_two_factor_requirement
+
+        expect(user.require_two_factor_authentication_from_group).to be false
+      end
+    end
+
     context 'without 2FA requirement on groups' do
       let(:group) { create :group }
 
@@ -2786,6 +2827,12 @@ describe User do
 
       expect(user.allow_password_authentication_for_web?).to be_falsey
     end
+
+    it 'returns false for ultraauth user' do
+      user = create(:omniauth_user, provider: 'ultraauth')
+
+      expect(user.allow_password_authentication_for_web?).to be_falsey
+    end
   end
 
   describe '#allow_password_authentication_for_git?' do
@@ -2808,6 +2855,12 @@ describe User do
 
       expect(user.allow_password_authentication_for_git?).to be_falsey
     end
+
+    it 'returns false for ultraauth user' do
+      user = create(:omniauth_user, provider: 'ultraauth')
+
+      expect(user.allow_password_authentication_for_git?).to be_falsey
+    end
   end
 
   describe '#assigned_open_merge_requests_count' do
@@ -3301,7 +3354,7 @@ describe User do
   end
 
   describe '#requires_usage_stats_consent?' do
-    let(:user) { create(:user, created_at: 8.days.ago) }
+    let(:user) { create(:user, :admin, created_at: 8.days.ago) }
 
     before do
       allow(user).to receive(:has_current_license?).and_return false
@@ -3325,7 +3378,7 @@ describe User do
       end
 
       it 'does not require consent if usage stats were set by this user' do
-        allow(Gitlab::CurrentSettings).to receive(:usage_stats_set_by_user_id).and_return(user.id)
+        create(:application_setting, usage_stats_set_by_user_id: user.id)
 
         expect(user.requires_usage_stats_consent?).to be false
       end