summaryrefslogtreecommitdiff
path: root/spec/lib/mattermost/session_spec.rb
blob: d208ef93224b0f750cae23f064e26f5b34950bd3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Mattermost::Session, type: :request do
  include ExclusiveLeaseHelpers
  include StubRequests

  let(:user) { create(:user) }

  let(:gitlab_url) { "http://gitlab.com" }
  let(:mattermost_url) { "http://mattermost.com" }

  subject { described_class.new(user) }

  # Needed for doorkeeper to function
  it { is_expected.to respond_to(:current_resource_owner) }
  it { is_expected.to respond_to(:request) }
  it { is_expected.to respond_to(:authorization) }
  it { is_expected.to respond_to(:strategy) }

  before do
    subject.base_uri = mattermost_url
  end

  describe '#with session' do
    let(:location) { 'http://location.tld' }
    let(:cookie_header) { 'MMOAUTH=taskik8az7rq8k6rkpuas7htia; Path=/;' }
    let!(:stub) do
      stub_full_request("#{mattermost_url}/oauth/gitlab/login")
        .to_return(headers: { 'location' => location, 'Set-Cookie' => cookie_header }, status: 302)
    end

    context 'without oauth uri' do
      it 'makes a request to the oauth uri' do
        expect { subject.with_session }.to raise_error(::Mattermost::NoSessionError)
      end

      it 'returns nill on calling a non exisitng method on request' do
        return_value = subject.request.method_missing("non_existing_method", "something") do
        end
        expect(return_value).to be(nil)
      end
    end

    context 'with oauth_uri' do
      let!(:doorkeeper) do
        Doorkeeper::Application.create!(
          name: 'GitLab Mattermost',
          redirect_uri: "#{mattermost_url}/signup/gitlab/complete\n#{mattermost_url}/login/gitlab/complete",
          scopes: '')
      end

      context 'without token_uri' do
        it 'can not create a session' do
          expect do
            subject.with_session
          end.to raise_error(::Mattermost::NoSessionError)
        end
      end

      context 'with token_uri' do
        let(:state) { "state" }
        let(:params) do
          { response_type: "code",
            client_id: doorkeeper.uid,
            redirect_uri: "#{mattermost_url}/signup/gitlab/complete",
            state: state }
        end

        let(:location) do
          "#{gitlab_url}/oauth/authorize?#{URI.encode_www_form(params)}"
        end

        before do
          stub_full_request("#{mattermost_url}/signup/gitlab/complete")
            .with(query: hash_including({ 'state' => state }))
            .to_return do |request|
              post "/oauth/token",
                params: {
                  client_id: doorkeeper.uid,
                  client_secret: doorkeeper.secret,
                  redirect_uri: params[:redirect_uri],
                  grant_type: 'authorization_code',
                  code: request.uri.query_values['code']
                }

              if response.status == 200
                { headers: { 'token' => 'thisworksnow' }, status: 202 }
              end
            end

          stub_full_request("#{mattermost_url}/api/v4/users/logout", method: :post)
            .to_return(headers: { Authorization: 'token thisworksnow' }, status: 200)
        end

        it 'can set up a session' do
          subject.with_session do |session|
          end

          expect(subject.token).not_to be_nil
        end

        it 'returns the value of the block' do
          result = subject.with_session do |session|
            "value"
          end

          expect(result).to eq("value")
        end
      end
    end

    context 'exclusive lease' do
      let(:lease_key) { 'mattermost:session' }

      it 'tries to obtain a lease' do
        expect_to_obtain_exclusive_lease(lease_key, 'uuid')
        expect_to_cancel_exclusive_lease(lease_key, 'uuid')

        # Cannot set up a session, but we should still cancel the lease
        expect { subject.with_session }.to raise_error(::Mattermost::NoSessionError)
      end

      it 'returns a NoSessionError error without lease' do
        stub_exclusive_lease_taken(lease_key)

        expect { subject.with_session }.to raise_error(::Mattermost::NoSessionError)
      end
    end
  end
end