1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
require 'spec_helper'
describe Gitlab::ExternalAuthorization::Client do
let(:user) { build(:user, email: 'dummy_user@example.com') }
let(:dummy_url) { 'https://dummy.net/' }
subject(:client) { described_class.new(user, 'dummy_label') }
before do
stub_application_setting(external_authorization_service_url: dummy_url)
end
describe '#request_access' do
it 'performs requests to the configured endpoint' do
expect(Excon).to receive(:post).with(dummy_url, any_args)
client.request_access
end
it 'adds the correct params for the user to the body of the request' do
expected_body = {
user_identifier: 'dummy_user@example.com',
project_classification_label: 'dummy_label',
identities: []
}.to_json
expect(Excon).to receive(:post)
.with(dummy_url, hash_including(body: expected_body))
client.request_access
end
it 'respects the the timeout' do
stub_application_setting(
external_authorization_service_timeout: 3
)
expect(Excon).to receive(:post).with(dummy_url,
hash_including(
connect_timeout: 3,
read_timeout: 3,
write_timeout: 3
))
client.request_access
end
it 'adds the mutual tls params when they are present' do
stub_application_setting(
external_auth_client_cert: 'the certificate data',
external_auth_client_key: 'the key data',
external_auth_client_key_pass: 'open sesame'
)
expected_params = {
client_cert_data: 'the certificate data',
client_key_data: 'the key data',
client_key_pass: 'open sesame'
}
expect(Excon).to receive(:post).with(dummy_url, hash_including(expected_params))
client.request_access
end
it 'returns an expected response' do
expect(Excon).to receive(:post)
expect(client.request_access)
.to be_kind_of(::Gitlab::ExternalAuthorization::Response)
end
it 'wraps exceptions if the request fails' do
expect(Excon).to receive(:post) { raise Excon::Error.new('the request broke') }
expect { client.request_access }
.to raise_error(::Gitlab::ExternalAuthorization::RequestFailed)
end
describe 'for ldap users' do
let(:user) do
create(:omniauth_user,
email: 'dummy_user@example.com',
extern_uid: 'external id',
provider: 'ldapprovider')
end
it 'includes the ldap dn and identities for ldap users' do
expected_body = {
user_identifier: 'dummy_user@example.com',
project_classification_label: 'dummy_label',
identities: [{ provider: 'ldapprovider', extern_uid: 'external id' }],
user_ldap_dn: 'external id'
}.to_json
expect(Excon).to receive(:post)
.with(dummy_url, hash_including(body: expected_body))
client.request_access
end
end
describe 'for non-ldap users with identities' do
before do
%w(twitter facebook).each do |provider|
create(:identity, provider: provider, extern_uid: "#{provider}_external_id", user: user)
end
end
it 'includes all the identities' do
expected_body = {
user_identifier: 'dummy_user@example.com',
project_classification_label: 'dummy_label',
identities: [
{ provider: 'twitter', extern_uid: 'twitter_external_id' },
{ provider: 'facebook', extern_uid: 'facebook_external_id' }
]
}.to_json
expect(Excon).to receive(:post)
.with(dummy_url, hash_including(body: expected_body))
client.request_access
end
end
end
end
|
