spec/controllers/concerns/enforces_admin_authentication_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

# frozen_string_literal: true

require 'spec_helper'

describe EnforcesAdminAuthentication, :do_not_mock_admin_mode do
  include AdminModeHelper

  let(:user) { create(:user) }

  before do
    sign_in(user)
  end

  controller(ApplicationController) do
    include EnforcesAdminAuthentication

    def index
      head :ok
    end
  end

  context 'feature flag :user_mode_in_session is enabled' do
    describe 'authenticate_admin!' do
      context 'as an admin' do
        let(:user) { create(:admin) }

        it 'renders redirect for re-authentication and does not set admin mode' do
          get :index

          expect(response).to redirect_to new_admin_session_path
          expect(assigns(:current_user_mode)&.admin_mode?).to be(false)
        end

        context 'when admin mode is active' do
          before do
            enable_admin_mode!(user)
          end

          it 'renders ok' do
            get :index

            expect(response).to have_gitlab_http_status(200)
          end
        end
      end

      context 'as a user' do
        it 'renders a 404' do
          get :index

          expect(response).to have_gitlab_http_status(404)
        end

        it 'does not set admin mode' do
          get :index

          # check for nil too since on 404, current_user_mode might not be initialized
          expect(assigns(:current_user_mode)&.admin_mode?).to be_falsey
        end
      end
    end
  end

  context 'feature flag :user_mode_in_session is disabled' do
    before do
      stub_feature_flags(user_mode_in_session: false)
    end

    describe 'authenticate_admin!' do
      before do
        get :index
      end

      context 'as an admin' do
        let(:user) { create(:admin) }

        it 'allows direct access to page' do
          expect(response).to have_gitlab_http_status(200)
        end

        it 'does not set admin mode' do
          expect(assigns(:current_user_mode)&.admin_mode?).to be_falsey
        end
      end

      context 'as a user' do
        it 'renders a 404' do
          expect(response).to have_gitlab_http_status(404)
        end

        it 'does not set admin mode' do
          # check for nil too since on 404, current_user_mode might not be initialized
          expect(assigns(:current_user_mode)&.admin_mode?).to be_falsey
        end
      end
    end
  end
end