Add spec for Git HTTP on SSO enforced project

Also re-formats bits of existing group SAML tests.

Add spec for Git HTTP on SSO enforced project
Also re-formats bits of existing group SAML tests.
2657580e · Sanad Liaquat · e4a6ec56 · 2657580e · 2657580e · 2657580e
Commit 2657580e authored May 31, 2019 by Sanad Liaquat
6 changed files
--- a/ee/app/views/groups/saml_providers/_form.html.haml
+++ b/ee/app/views/groups/saml_providers/_form.html.haml
@@ -20,7 +20,7 @@
        .form-text= s_('GroupSAML|Enforce SSO-only authentication for this group.')
        %label.toggle-wrapper.mb-0.js-group-saml-enforced-sso-toggle-area
          %button{ type: 'button',
-            class: "js-project-feature-toggle js-group-saml-enforced-sso-toggle project-feature-toggle d-inline #{'is-checked' if saml_provider.enforced_sso?}",
+            class: "js-project-feature-toggle js-group-saml-enforced-sso-toggle project-feature-toggle d-inline qa-enforced-sso-toggle-button #{'is-checked' if saml_provider.enforced_sso?}",
            "aria-label": s_("GroupSAML|Enforced SSO") }
            = f.hidden_field :enforced_sso, { class: 'js-group-saml-enforced-sso-input js-project-feature-toggle-input'}
            %span.toggle-icon

--- a/qa/qa/ee/page/group/settings/saml_sso.rb
+++ b/qa/qa/ee/page/group/settings/saml_sso.rb
@@ -9,6 +9,7 @@ module QA
            view 'ee/app/views/groups/saml_providers/_form.html.haml' do
              element :identity_provider_sso_field
              element :certificate_fingerprint_field
+              element :enforced_sso_toggle_button
              element :save_changes_button
            end

@@ -28,6 +29,10 @@ module QA
              fill_element :certificate_fingerprint_field, fingerprint
            end

+            def enforce_sso
+              click_element :enforced_sso_toggle_button unless find_element(:enforced_sso_toggle_button)[:class].include?('is-checked')
+            end
+
            def click_save_changes
              click_element :save_changes_button
            end

--- a/qa/qa/resource/project.rb
+++ b/qa/qa/resource/project.rb
@@ -7,6 +7,8 @@ module QA
    class Project < Base
      include Events::Project

+      attr_accessor :initialize_with_readme
+
      attribute :id
      attribute :name
      attribute :description
@@ -16,7 +18,11 @@ module QA
      end

      attribute :path_with_namespace do
-        "#{group.sandbox.path}/#{group.path}/#{name}" if group
+        "#{sandbox_path}#{group.path}/#{name}" if group
+      end
+
+      def sandbox_path
+        group.respond_to?('sandbox') ? "#{group.sandbox.path}/" : ''
      end

      attribute :repository_ssh_location do
@@ -74,7 +80,11 @@ module QA
          name: name,
          description: description,
          visibility: 'public'
-        }
+        }.merge(post_body_options)
+      end
+
+      def post_body_options
+        initialize_with_readme ? { initialize_with_readme: initialize_with_readme } : {}
      end

      private

--- a/qa/qa/resource/sandbox.rb
+++ b/qa/qa/resource/sandbox.rb
@@ -44,6 +44,10 @@ module QA
        "/groups/#{path}"
      end

+      def api_members_path
+        "#{api_get_path}/members"
+      end
+
      def api_post_path
        '/groups'
      end

--- a/qa/qa/runtime/api/client.rb
+++ b/qa/qa/runtime/api/client.rb
@@ -25,11 +25,8 @@ module QA
        private

        def create_personal_access_token
-          if @is_new_session
-            Runtime::Browser.visit(@address, Page::Main::Login) { do_create_personal_access_token }
-          else
-            do_create_personal_access_token
-          end
+          Runtime::Browser.visit(@address, Page::Main::Login) if @is_new_session
+          do_create_personal_access_token
        end

        def do_create_personal_access_token

--- a/qa/qa/specs/features/browser_ui/1_manage/ee_group/group_saml_sso_spec.rb
+++ b/qa/qa/specs/features/browser_ui/1_manage/ee_group/group_saml_sso_spec.rb
@@ -3,58 +3,148 @@
 module QA
  context 'Manage', :orchestrated, :group_saml do
    describe 'Group SAML SSO' do
+      include Support::Api
+
+      before(:all) do
+        @group = Resource::Sandbox.fabricate!
+      end
+
      before do
-        Runtime::Browser.visit(:gitlab, Page::Main::Login)
+        unless Page::Main::Menu.perform(&:has_personal_area?)

-        Page::Main::Login.act { sign_in_using_credentials }
+          Runtime::Browser.visit(:gitlab, Page::Main::Login)
+          Page::Main::Login.perform(&:sign_in_using_credentials)
+
+        end

-        Resource::Sandbox.fabricate_via_browser_ui!
+        @group.visit!
      end

      it 'User logs in to group with SAML SSO' do
-        EE::Page::Group::Menu.act { go_to_saml_sso_group_settings }
+        EE::Page::Group::Menu.perform(&:go_to_saml_sso_group_settings)

-        EE::Page::Group::Settings::SamlSSO.act do
-          set_id_provider_sso_url(QA::EE::Runtime::Saml.idp_sso_url)
-          set_cert_fingerprint(QA::EE::Runtime::Saml.idp_certificate_fingerprint)
-          click_save_changes
-          click_user_login_url_link
+        EE::Page::Group::Settings::SamlSSO.perform do |page|
+          page.set_id_provider_sso_url(QA::EE::Runtime::Saml.idp_sso_url)
+          page.set_cert_fingerprint(QA::EE::Runtime::Saml.idp_certificate_fingerprint)
+          page.click_save_changes
+
+          page.click_user_login_url_link
        end

-        EE::Page::Group::SamlSSOSignIn.act { click_signin }
+        EE::Page::Group::SamlSSOSignIn.perform(&:click_signin)

        login_to_idp_if_required_and_expect_success

-        EE::Page::Group::Menu.act { go_to_saml_sso_group_settings }
+        EE::Page::Group::Menu.perform(&:go_to_saml_sso_group_settings)

-        EE::Page::Group::Settings::SamlSSO.act { click_user_login_url_link }
+        EE::Page::Group::Settings::SamlSSO.perform(&:click_user_login_url_link)

-        EE::Page::Group::SamlSSOSignIn.act { click_signin }
+        EE::Page::Group::SamlSSOSignIn.perform(&:click_signin)

        expect(page).to have_content("Already signed in with SAML for #{Runtime::Env.sandbox_name}")
      end

      it 'Lets group admin test settings' do
-        EE::Page::Group::Menu.act { go_to_saml_sso_group_settings }
+        EE::Page::Group::Menu.perform(&:go_to_saml_sso_group_settings)

-        EE::Page::Group::Settings::SamlSSO.act do
-          set_id_provider_sso_url(QA::EE::Runtime::Saml.idp_sso_url)
-          set_cert_fingerprint(QA::EE::Runtime::Saml.idp_certificate_fingerprint)
-          click_save_changes
+        EE::Page::Group::Settings::SamlSSO.perform do |page|
+          page.set_id_provider_sso_url(QA::EE::Runtime::Saml.idp_sso_url)
+          page.set_cert_fingerprint(QA::EE::Runtime::Saml.idp_certificate_fingerprint)
+          page.click_save_changes

-          click_test_button
+          page.click_test_button
        end

        login_to_idp_if_required_and_expect_success

        expect(page).to have_content("Test SAML SSO")
      end
+
+      context 'Enforced SSO' do
+        before do
+          Runtime::Feature.enable("enforced_sso")
+          Runtime::Feature.enable("enforced_sso_requires_session")
+        end
+
+        it 'user clones and pushes to project within a group using Git HTTP' do
+          branch_name = "new_branch"
+          user_attributes = {
+            email: 'saml_dev@example.com',
+            name: 'SAML Developer',
+            username: 'saml_dev',
+            password: 'password'
+          }
+          create_user_via_api(user_attributes)
+
+          add_user_to_group_via_api(user_attributes[:username], @group, '30')
+
+          EE::Page::Group::Menu.perform(&:go_to_saml_sso_group_settings)
+
+          EE::Page::Group::Settings::SamlSSO.perform do |page|
+            page.enforce_sso
+            page.set_id_provider_sso_url(QA::EE::Runtime::Saml.idp_sso_url)
+            page.set_cert_fingerprint(QA::EE::Runtime::Saml.idp_certificate_fingerprint)
+
+            page.click_save_changes
+          end
+
+          @project = Resource::Project.fabricate! do |project|
+            project.name = 'project-in-saml-enforced-group'
+            project.description = 'project in SAML enforced gorup for git clone test'
+            project.group = @group
+            project.initialize_with_readme = true
+          end
+
+          @project.visit!
+
+          Git::Repository.perform do |repository|
+            repository.uri = @project.repository_http_location.uri
+
+            repository.username = user_attributes[:username]
+            repository.password = user_attributes[:password]
+
+            repository.act do
+              clone
+              configure_identity(user_attributes[:name], user_attributes[:email])
+              checkout(branch_name, new_branch: true)
+              commit_file('test.rb', 'class Test; end', 'Add Test class')
+              commit_file('README.md', '# Test', 'Add Readme')
+              push_changes(branch_name)
+            end
+          end
+
+          @project.wait_for_push_new_branch(branch_name)
+        end
+      end
+      after(:all) do
+        remove_group(@group)
+      end
    end

    def login_to_idp_if_required_and_expect_success
      Vendor::SAMLIdp::Page::Login.perform { |login_page| login_page.login_if_required }
      expect(page).to have_content("SAML for #{Runtime::Env.sandbox_name} was added to your connected accounts")
-        .or have_content("Already signed in with SAML for #{Runtime::Env.sandbox_name}")
+                        .or have_content("Already signed in with SAML for #{Runtime::Env.sandbox_name}")
+    end
+
+    def remove_group(group)
+      api_client = Runtime::API::Client.new(:gitlab)
+      delete Runtime::API::Request.new(api_client, "/groups/#{group.path}").url
+    end
+
+    def create_user_via_api(user)
+      Resource::User.fabricate_via_api! do |resource|
+        resource.username = user[:username]
+        resource.name = user[:name]
+        resource.email = user[:email]
+        resource.password = user[:password]
+      end
+    end
+
+    def add_user_to_group_via_api(username, group, access_level)
+      api_client = Runtime::API::Client.new(:gitlab)
+      response = get Runtime::API::Request.new(api_client, "/users?username=#{username}").url
+      post Runtime::API::Request.new(api_client, group.api_members_path).url, { user_id: parse_body(response).first[:id], access_level: access_level }
    end
  end
 end