2 files changed, 30 insertions, 4 deletions

diff --git a/spec/features/oauth_login_spec.rb b/spec/features/oauth_login_spec.rb
index a47eaa9bda7..c6e69fa3fb0 100644
--- a/spec/features/oauth_login_spec.rb
+++ b/spec/features/oauth_login_spec.rb
@@ -55,6 +55,18 @@ describe 'OAuth Login', :js, :allow_forgery_protection do
 
           expect(current_path).to eq root_path
         end
+
+        it 'when bypass-two-factor is enabled' do
+          allow(Gitlab.config.omniauth).to receive_messages(allow_bypass_two_factor: true)
+          login_via(provider.to_s, user, uid, remember_me: false)
+          expect(current_path).to eq root_path
+        end
+
+        it 'when bypass-two-factor is disabled' do
+          allow(Gitlab.config.omniauth).to receive_messages(allow_bypass_two_factor: false)
+          login_with_provider(provider, enter_two_factor: true)
+          expect(current_path).to eq root_path
+        end
       end
 
       context 'when "remember me" is checked' do
diff --git a/spec/lib/gitlab/auth/o_auth/user_spec.rb b/spec/lib/gitlab/auth/o_auth/user_spec.rb
index a9b15c411dc..1e3da4f7c2d 100644
--- a/spec/lib/gitlab/auth/o_auth/user_spec.rb
+++ b/spec/lib/gitlab/auth/o_auth/user_spec.rb
@@ -787,11 +787,25 @@ describe Gitlab::Auth::OAuth::User do
     end
   end
 
-  describe '#bypass_two_factor?' do
-    subject { oauth_user.bypass_two_factor? }
+  describe "#bypass_two_factor?" do
+    it "when with allow_bypass_two_factor disabled (Default)" do
+      stub_omniauth_config(allow_bypass_two_factor: false)
+      expect(oauth_user.bypass_two_factor?).to be_falsey
+    end
+
+    it "when with allow_bypass_two_factor enabled" do
+      stub_omniauth_config(allow_bypass_two_factor: true)
+      expect(oauth_user.bypass_two_factor?).to be_truthy
+    end
+
+    it "when provider in allow_bypass_two_factor array" do
+      stub_omniauth_config(allow_bypass_two_factor: [provider])
+      expect(oauth_user.bypass_two_factor?).to be_truthy
+    end
 
-    it 'returns always false' do
-      is_expected.to be_falsey
+    it "when provider not in allow_bypass_two_factor array" do
+      stub_omniauth_config(allow_bypass_two_factor: ["foo"])
+      expect(oauth_user.bypass_two_factor?).to be_falsey
     end
   end
 end