summaryrefslogtreecommitdiff
path: root/spec/controllers/omniauth_callbacks_controller_spec.rb
blob: 9fd129e4ee9783e342204c697692bb667611b8e4 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

require 'spec_helper'

describe OmniauthCallbacksController do
  include LoginHelpers

  let(:user) { create(:omniauth_user, extern_uid: extern_uid, provider: provider) }

  before do
    mock_auth_hash(provider.to_s, extern_uid, user.email)
    stub_omniauth_provider(provider, context: request)
  end

  context 'github' do
    let(:extern_uid) { 'my-uid' }
    let(:provider) { :github }

    it 'allows sign in' do
      post provider

      expect(request.env['warden']).to be_authenticated
    end

    shared_context 'sign_up' do
      let(:user) { double(email: 'new@example.com') }

      before do
        stub_omniauth_setting(block_auto_created_users: false)
      end
    end

    context 'sign up' do
      include_context 'sign_up'

      it 'is allowed' do
        post provider

        expect(request.env['warden']).to be_authenticated
      end
    end

    context 'when OAuth is disabled' do
      before do
        stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
        settings = Gitlab::CurrentSettings.current_application_settings
        settings.update(disabled_oauth_sign_in_sources: [provider.to_s])
      end

      it 'prevents login via POST' do
        post provider

        expect(request.env['warden']).not_to be_authenticated
      end

      it 'shows warning when attempting login' do
        post provider

        expect(response).to redirect_to new_user_session_path
        expect(flash[:alert]).to eq('Signing in using GitHub has been disabled')
      end

      it 'allows linking the disabled provider' do
        user.identities.destroy_all
        sign_in(user)

        expect { post provider }.to change { user.reload.identities.count }.by(1)
      end

      context 'sign up' do
        include_context 'sign_up'

        it 'is prevented' do
          post provider

          expect(request.env['warden']).not_to be_authenticated
        end
      end
    end
  end

  context 'auth0' do
    let(:extern_uid) { '' }
    let(:provider) { :auth0 }

    it 'does not allow sign in without extern_uid' do
      post 'auth0'

      expect(request.env['warden']).not_to be_authenticated
      expect(response.status).to eq(302)
      expect(controller).to set_flash[:alert].to('Wrong extern UID provided. Make sure Auth0 is configured correctly.')
    end
  end
end
View Lorry Controller Status