Commit 2657c3e8 authored by Sanad Liaquat's avatar Sanad Liaquat

Merge branch 'qa-shl-access-with-enforced-sso-e2e-tests' into 'master'

E2E tests for access with enforced SAML SSO

Closes gitlab-org/quality/testcases#241

See merge request gitlab-org/gitlab!19933
parents 647f7ba9 e18bf09d
...@@ -63,14 +63,84 @@ module QA ...@@ -63,14 +63,84 @@ module QA
end end
context 'Enforced SSO' do context 'Enforced SSO' do
let(:user) { Resource::User.fabricate_via_api! } let(:developer_user) { Resource::User.fabricate_via_api! }
let(:owner_user) { Resource::User.fabricate_via_api! }
before do before do
%w[enforced_sso enforced_sso_requires_session].each do |flag| %w[enforced_sso enforced_sso_requires_session].each do |flag|
Runtime::Feature.enable_and_verify(flag) Runtime::Feature.enable_and_verify(flag)
end end
@group.add_member(user) @group.add_member(developer_user)
end
context 'Access' do
let(:project) do
Resource::Project.fabricate! do |project|
project.name = 'project-in-saml-enforced-group-for-access-test'
project.description = 'project in SAML enforced group for access test'
project.group = @group
project.initialize_with_readme = true
project.visibility = 'private'
end
end
let(:sub_group) do
Resource::Group.fabricate_via_api! do |group|
group.sandbox = @group
group.path = "saml-sub-group"
end
end
let(:sub_group_project) do
Resource::Project.fabricate! do |project|
project.name = 'sub-group-project-in-saml-enforced-group-for-access-test'
project.description = 'Sub Group project in SAML enforced group for access test'
project.group = @sub_group
project.initialize_with_readme = true
project.visibility = 'private'
end
end
shared_examples 'user access' do
it 'is not allowed without SSO' do
Page::Main::Menu.perform(&:sign_out_if_signed_in)
Page::Main::Login.perform do |login|
login.sign_in_using_credentials(user: user)
end
expected_single_signon_text = 'group allows you to sign in with your Single Sign-On Account'
@group.visit!
expect(page).to have_content(expected_single_signon_text)
sub_group.visit!
expect(page).to have_content(expected_single_signon_text)
project.visit!
expect(page).to have_content(expected_single_signon_text)
sub_group_project.visit!
expect(page).to have_content(expected_single_signon_text)
end
end
before do
@group.add_member(owner_user, Resource::Members::AccessLevel::OWNER)
setup_and_enable_enforce_sso
end
it_behaves_like 'user access' do
let(:user) { developer_user }
end
it_behaves_like 'user access' do
let(:user) { owner_user }
end
end end
it 'user clones and pushes to project within a group using Git HTTP' do it 'user clones and pushes to project within a group using Git HTTP' do
...@@ -78,7 +148,7 @@ module QA ...@@ -78,7 +148,7 @@ module QA
@project = Resource::Project.fabricate! do |project| @project = Resource::Project.fabricate! do |project|
project.name = 'project-in-saml-enforced-group' project.name = 'project-in-saml-enforced-group'
project.description = 'project in SAML enforced gorup for git clone test' project.description = 'project in SAML enforced group for git clone test'
project.group = @group project.group = @group
project.initialize_with_readme = true project.initialize_with_readme = true
end end
...@@ -89,7 +159,7 @@ module QA ...@@ -89,7 +159,7 @@ module QA
Resource::Repository::ProjectPush.fabricate! do |project_push| Resource::Repository::ProjectPush.fabricate! do |project_push|
project_push.project = @project project_push.project = @project
project_push.branch_name = "new_branch" project_push.branch_name = "new_branch"
project_push.user = user project_push.user = developer_user
end end
end.not_to raise_error end.not_to raise_error
end end
...@@ -104,7 +174,7 @@ module QA ...@@ -104,7 +174,7 @@ module QA
end end
it 'removes existing users from the group, forces existing users to create a new account and allows to leave group' do it 'removes existing users from the group, forces existing users to create a new account and allows to leave group' do
expect(@group.list_members.map { |item| item["username"] }).not_to include(user.username) expect(@group.list_members.map { |item| item["username"] }).not_to include(developer_user.username)
visit_managed_group_url visit_managed_group_url
...@@ -152,7 +222,7 @@ module QA ...@@ -152,7 +222,7 @@ module QA
after do after do
disable_enforce_sso_and_group_managed_account disable_enforce_sso_and_group_managed_account
remove_user_if_exists(user.email) remove_user_if_exists(developer_user.email)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment