Commit aec23eaa authored by Sean McGivern's avatar Sean McGivern

Merge branch 'ce-jej/settings-for-saml-sso-per-group' into 'master'

[CE] Backport SAML settings changes (Adds validators and rack cookie helper)

See merge request gitlab-org/gitlab-ce!18033
parents 576a8c69 590ddfdc
class CertificateFingerprintValidator < ActiveModel::EachValidator
FINGERPRINT_PATTERN = /\A([a-zA-Z0-9]{2}[\s\-:]?){16,}\z/.freeze
def validate_each(record, attribute, value)
unless value.try(:match, FINGERPRINT_PATTERN)
record.errors.add(attribute, "must be a hash containing only letters, numbers, spaces, : and -")
end
end
end
class TopLevelGroupValidator < ActiveModel::EachValidator
def validate_each(record, attribute, value)
if value&.subgroup?
record.errors.add(attribute, "must be a top level Group")
end
end
end
...@@ -2,12 +2,25 @@ ...@@ -2,12 +2,25 @@
# #
module CookieHelper module CookieHelper
def set_cookie(name, value, options = {}) def set_cookie(name, value, options = {})
case page.driver
when Capybara::RackTest::Driver
rack_set_cookie(name, value)
else
selenium_set_cookie(name, value, options)
end
end
def selenium_set_cookie(name, value, options = {})
# Selenium driver will not set cookies for a given domain when the browser is at `about:blank`. # Selenium driver will not set cookies for a given domain when the browser is at `about:blank`.
# It also doesn't appear to allow overriding the cookie path. loading `/` is the most inclusive. # It also doesn't appear to allow overriding the cookie path. loading `/` is the most inclusive.
visit options.fetch(:path, '/') unless on_a_page? visit options.fetch(:path, '/') unless on_a_page?
page.driver.browser.manage.add_cookie(name: name, value: value, **options) page.driver.browser.manage.add_cookie(name: name, value: value, **options)
end end
def rack_set_cookie(name, value)
page.driver.browser.set_cookie("#{name}=#{value}")
end
def get_cookie(name) def get_cookie(name)
page.driver.browser.manage.cookie_named(name) page.driver.browser.manage.cookie_named(name)
end end
......
...@@ -140,6 +140,10 @@ module LoginHelpers ...@@ -140,6 +140,10 @@ module LoginHelpers
end end
allow(Gitlab::Auth::OAuth::Provider).to receive_messages(providers: [:saml], config_for: mock_saml_config) allow(Gitlab::Auth::OAuth::Provider).to receive_messages(providers: [:saml], config_for: mock_saml_config)
stub_omniauth_setting(messages) stub_omniauth_setting(messages)
stub_saml_authorize_path_helpers
end
def stub_saml_authorize_path_helpers
allow_any_instance_of(Object).to receive(:user_saml_omniauth_authorize_path).and_return('/users/auth/saml') allow_any_instance_of(Object).to receive(:user_saml_omniauth_authorize_path).and_return('/users/auth/saml')
allow_any_instance_of(Object).to receive(:omniauth_authorize_path).with(:user, "saml").and_return('/users/auth/saml') allow_any_instance_of(Object).to receive(:omniauth_authorize_path).with(:user, "saml").and_return('/users/auth/saml')
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment