1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
require 'spec_helper'
feature 'OAuth Login', feature: true, js: true do
def enter_code(code)
fill_in 'user_otp_attempt', with: code
click_button 'Verify code'
end
def provider_config(provider)
if provider == :saml
OpenStruct.new(
name: 'saml', label: 'saml',
args: {
assertion_consumer_service_url: 'https://localhost:3443/users/auth/saml/callback',
idp_cert_fingerprint: '26:43:2C:47:AF:F0:6B:D0:07:9C:AD:A3:74:FE:5D:94:5F:4E:9E:52',
idp_sso_target_url: 'https://idp.example.com/sso/saml',
issuer: 'https://localhost:3443/',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
}
)
else
OpenStruct.new(name: provider.to_s, app_id: 'app_id', app_secret: 'app_secret')
end
end
def stub_omniauth_config(provider)
OmniAuth.config.add_mock(provider, OmniAuth::AuthHash.new({ provider: provider.to_s, uid: "12345" }))
Rails.application.env_config['devise.mapping'] = Devise.mappings[:user]
Rails.application.env_config["omniauth.auth"] = OmniAuth.config.mock_auth[provider]
end
providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2,
:facebook, :authentiq, :cas3, :auth0]
before do
OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(/#{request['REQUEST_PATH']}.*/, '') }
messages = {
enabled: true,
allow_single_sign_on: providers.map(&:to_s),
auto_link_saml_user: true,
providers: providers.map { |provider| provider_config(provider) }
}
allow(Gitlab.config.omniauth).to receive_messages(messages)
end
# context 'logging in via OAuth' do
# def saml_config
# end
# def stub_omniauth_config(messages)
# Rails.application.env_config['devise.mapping'] = Devise.mappings[:user]
# Rails.application.routes.disable_clear_and_finalize = true
# Rails.application.routes.draw do
# post '/users/auth/saml' => 'omniauth_callbacks#saml'
# end
# allow(Gitlab::OAuth::Provider).to receive_messages(providers: [:saml], config_for: saml_config)
# allow(Gitlab.config.omniauth).to receive_messages(messages)
# expect_any_instance_of(Object).to receive(:omniauth_authorize_path).with(:user, "saml").and_return('/users/auth/saml')
# end
# it 'shows 2FA prompt after OAuth login' do
# stub_omniauth_config(enabled: true, auto_link_saml_user: true, allow_single_sign_on: ['saml'], providers: [saml_config])
# user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: 'saml')
# login_via('saml', user, 'my-uid')
# expect(page).to have_content('Two-Factor Authentication')
# enter_code(user.current_otp)
# expect(current_path).to eq root_path
# end
# end
providers.each do |provider|
context "when the user logs in using the #{provider} provider" do
context "when two-factor authentication is disabled" do
it 'logs the user in' do
stub_omniauth_config(provider)
user = create(:omniauth_user, extern_uid: 'my-uid', provider: provider.to_s)
login_via(provider.to_s, user, 'my-uid')
expect(current_path).to eq root_path
end
end
context "when two-factor authentication is enabled" do
it 'logs the user in' do
stub_omniauth_config(provider)
user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: provider.to_s)
login_via(provider.to_s, user, 'my-uid')
enter_code(user.current_otp)
expect(current_path).to eq root_path
end
end
context 'when "remember me" is checked' do
context "when two-factor authentication is disabled" do
it 'remembers the user after a browser restart' do
stub_omniauth_config(provider)
user = create(:omniauth_user, extern_uid: 'my-uid', provider: provider.to_s)
login_via(provider.to_s, user, 'my-uid', remember_me: true)
restart_browser
visit(root_path)
expect(current_path).to eq root_path
end
end
context "when two-factor authentication is enabled" do
it 'remembers the user after a browser restart' do
stub_omniauth_config(provider)
user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: provider.to_s)
login_via(provider.to_s, user, 'my-uid', remember_me: true)
enter_code(user.current_otp)
restart_browser
visit(root_path)
expect(current_path).to eq root_path
end
end
end
context 'when "remember me" is not checked' do
context "when two-factor authentication is disabled" do
it 'does not remember the user after a browser restart' do
stub_omniauth_config(provider)
user = create(:omniauth_user, extern_uid: 'my-uid', provider: provider.to_s)
login_via(provider.to_s, user, 'my-uid', remember_me: false)
restart_browser
visit(root_path)
expect(current_path).to eq new_user_session_path
end
end
context "when two-factor authentication is enabled" do
it 'remembers the user after a browser restart' do
stub_omniauth_config(provider)
user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: provider.to_s)
login_via(provider.to_s, user, 'my-uid', remember_me: false)
enter_code(user.current_otp)
restart_browser
visit(root_path)
expect(current_path).to eq new_user_session_path
end
end
end
end
end
end
|
