Commit a931ead0 authored by Timothy Andrew's avatar Timothy Andrew

Add Omniauth OAuth config to the test section of `gitlab.yml`

- I tried to get this to work by stubbing out portions of the config within the
  test. This didn't work as expected because Devise/Omniauth loaded before the
  stub could run, and the stubbed config was ignored.

- I attempted to fix this by reloading Devise/Omniauth after stubbing the
  config. This successfully got Devise to load the stubbed providers, but failed
  while trying to access a route such as `user_gitlab_omniauth_authorize_path`.

- I spent a while trying to figure this out (even trying
  `Rails.application.reload_routes!`), but nothing seemed to work.

- I settled for adding this config directly to `gitlab.yml` rather than go down
  this path any further.
parent de0dcfe5
...@@ -615,6 +615,72 @@ test: ...@@ -615,6 +615,72 @@ test:
title: "JIRA" title: "JIRA"
url: https://sample_company.atlassian.net url: https://sample_company.atlassian.net
project_key: PROJECT project_key: PROJECT
omniauth:
enabled: true
allow_single_sign_on: true
block_auto_created_users: false
auto_link_saml_user: true
external_providers: []
providers:
- { name: 'cas3',
label: 'cas3',
args: {
url: 'https://sso.example.com',
disable_ssl_verification: false,
login_url: '/cas/login',
service_validate_url: '/cas/p3/serviceValidate',
logout_url: '/cas/logout'} }
- { name: 'authentiq',
app_id: 'YOUR_CLIENT_ID',
app_secret: 'YOUR_CLIENT_SECRET',
args: {
scope: 'aq:name email~rs address aq:push'
}
}
- { name: 'github',
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
url: "https://github.com/",
verify_ssl: false,
args: { scope: 'user:email' } }
- { name: 'bitbucket',
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' }
- { name: 'gitlab',
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { scope: 'api' } }
- { name: 'google_oauth2',
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { access_type: 'offline', approval_prompt: '' } }
- { name: 'facebook',
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' }
- { name: 'twitter',
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' }
- { name: 'saml',
label: 'Our SAML Provider',
groups_attribute: 'Groups',
external_groups: ['Contractors', 'Freelancers'],
args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
} }
- { name: 'auth0',
args: {
client_id: 'YOUR_AUTH0_CLIENT_ID',
client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
namespace: 'YOUR_AUTH0_DOMAIN' } }
ldap: ldap:
enabled: false enabled: false
servers: servers:
......
...@@ -6,23 +6,6 @@ feature 'OAuth Login', feature: true, js: true do ...@@ -6,23 +6,6 @@ feature 'OAuth Login', feature: true, js: true do
click_button 'Verify code' click_button 'Verify code'
end end
def provider_config(provider)
if provider == :saml
OpenStruct.new(
name: 'saml', label: 'saml',
args: {
assertion_consumer_service_url: 'https://localhost:3443/users/auth/saml/callback',
idp_cert_fingerprint: '26:43:2C:47:AF:F0:6B:D0:07:9C:AD:A3:74:FE:5D:94:5F:4E:9E:52',
idp_sso_target_url: 'https://idp.example.com/sso/saml',
issuer: 'https://localhost:3443/',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
}
)
else
OpenStruct.new(name: provider.to_s, app_id: 'app_id', app_secret: 'app_secret')
end
end
def stub_omniauth_config(provider) def stub_omniauth_config(provider)
OmniAuth.config.add_mock(provider, OmniAuth::AuthHash.new({ provider: provider.to_s, uid: "12345" })) OmniAuth.config.add_mock(provider, OmniAuth::AuthHash.new({ provider: provider.to_s, uid: "12345" }))
Rails.application.env_config['devise.mapping'] = Devise.mappings[:user] Rails.application.env_config['devise.mapping'] = Devise.mappings[:user]
...@@ -32,43 +15,10 @@ feature 'OAuth Login', feature: true, js: true do ...@@ -32,43 +15,10 @@ feature 'OAuth Login', feature: true, js: true do
providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2, providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2,
:facebook, :authentiq, :cas3, :auth0] :facebook, :authentiq, :cas3, :auth0]
before do before(:all) do
OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(/#{request['REQUEST_PATH']}.*/, '') } OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(/#{request['REQUEST_PATH']}.*/, '') }
messages = {
enabled: true,
allow_single_sign_on: providers.map(&:to_s),
auto_link_saml_user: true,
providers: providers.map { |provider| provider_config(provider) }
}
allow(Gitlab.config.omniauth).to receive_messages(messages)
end end
# context 'logging in via OAuth' do
# def saml_config
# end
# def stub_omniauth_config(messages)
# Rails.application.env_config['devise.mapping'] = Devise.mappings[:user]
# Rails.application.routes.disable_clear_and_finalize = true
# Rails.application.routes.draw do
# post '/users/auth/saml' => 'omniauth_callbacks#saml'
# end
# allow(Gitlab::OAuth::Provider).to receive_messages(providers: [:saml], config_for: saml_config)
# allow(Gitlab.config.omniauth).to receive_messages(messages)
# expect_any_instance_of(Object).to receive(:omniauth_authorize_path).with(:user, "saml").and_return('/users/auth/saml')
# end
# it 'shows 2FA prompt after OAuth login' do
# stub_omniauth_config(enabled: true, auto_link_saml_user: true, allow_single_sign_on: ['saml'], providers: [saml_config])
# user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: 'saml')
# login_via('saml', user, 'my-uid')
# expect(page).to have_content('Two-Factor Authentication')
# enter_code(user.current_otp)
# expect(current_path).to eq root_path
# end
# end
providers.each do |provider| providers.each do |provider|
context "when the user logs in using the #{provider} provider" do context "when the user logs in using the #{provider} provider" do
context "when two-factor authentication is disabled" do context "when two-factor authentication is disabled" do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment