Merge branch 'pl-fix-applogger-namespace-kerberos' into 'master'

Fix resolution of Gitlab::AppLogger in EE kerberos_spnego_helper See merge request gitlab-org/gitlab!44822

Merge branch 'pl-fix-applogger-namespace-kerberos' into 'master'
Fix resolution of Gitlab::AppLogger in EE kerberos_spnego_helper See merge request gitlab-org/gitlab!44822
bec48afe · Robert Speicher · 6f371065 · bae19175 · bec48afe · bec48afe
Commit bec48afe authored Oct 13, 2020 by Robert Speicher
Showing with 50 additions and 31 deletions

ee/app/helpers/ee/kerberos_spnego_helper.rb ee/app/helpers/ee/kerberos_spnego_helper.rb +1 -1

ee/spec/helpers/kerberos_spnego_helper_spec.rb ee/spec/helpers/kerberos_spnego_helper_spec.rb +49 -30

No files found.
--- a/ee/app/helpers/ee/kerberos_spnego_helper.rb
+++ b/ee/app/helpers/ee/kerberos_spnego_helper.rb
@@ -82,7 +82,7 @@ module EE
      # Return user principal name if authentication succeeded
      gss.display_name
    rescue GSSAPI::GssApiError => ex
-      Gitlab::AppLogger.error "#{self.class.name}: failed to process Negotiate/Kerberos authentication: #{ex.message}"
+      ::Gitlab::AppLogger.error "#{self.class.name}: failed to process Negotiate/Kerberos authentication: #{ex.message}"
      false
    end


--- a/ee/spec/helpers/kerberos_spnego_helper_spec.rb
+++ b/ee/spec/helpers/kerberos_spnego_helper_spec.rb
@@ -10,53 +10,72 @@ RSpec.describe KerberosSpnegoHelper do

    subject { Class.new { include KerberosSpnegoHelper }.new }

-    before do
-      expect(GSSAPI::Simple).to receive(:new)
-        .with(nil, nil, ::Gitlab.config.kerberos.keytab)
-        .and_return(gss)
-    end
+    context 'with successful remote call' do
+      before do
+        expect(GSSAPI::Simple).to receive(:new)
+          .with(nil, nil, ::Gitlab.config.kerberos.keytab)
+          .and_return(gss)
+      end

-    shared_examples 'a method that decodes a spnego token' do
-      let(:gss_result) { true }
-      let(:spnego_response_token) { nil }
+      shared_examples 'a method that decodes a spnego token' do
+        let(:gss_result) { true }
+        let(:spnego_response_token) { nil }

-      it 'decodes the given spnego token' do
-        token = 'abc123'
-        gss_display_name = 'gss_display_name'
+        it 'decodes the given spnego token' do
+          token = 'abc123'
+          gss_display_name = 'gss_display_name'

-        expect(gss).to receive(:acquire_credentials).with(gss_service_name)
-        expect(gss).to receive(:accept_context).with(token).and_return(gss_result)
-        expect(gss).to receive(:display_name).and_return(gss_display_name)
+          expect(gss).to receive(:acquire_credentials).with(gss_service_name)
+          expect(gss).to receive(:accept_context).with(token).and_return(gss_result)
+          expect(gss).to receive(:display_name).and_return(gss_display_name)

-        expect(subject.spnego_credentials!(token)).to eq(gss_display_name)
-        expect(subject.spnego_response_token).to eq(spnego_response_token)
+          expect(subject.spnego_credentials!(token)).to eq(gss_display_name)
+          expect(subject.spnego_response_token).to eq(spnego_response_token)
+        end
      end
-    end

-    context 'with Kerberos service_principal_name present' do
-      before do
-        kerberos_service_principal_name = 'default'
-        stub_kerberos_setting(service_principal_name: kerberos_service_principal_name)
-        expect(gss).to receive(:import_name).with(kerberos_service_principal_name).and_return(gss_service_name)
+      context 'with Kerberos service_principal_name present' do
+        before do
+          kerberos_service_principal_name = 'default'
+          stub_kerberos_setting(service_principal_name: kerberos_service_principal_name)
+          expect(gss).to receive(:import_name).with(kerberos_service_principal_name).and_return(gss_service_name)
+        end
+
+        it_behaves_like 'a method that decodes a spnego token'
+
+        context 'when gss_result is not true' do
+          it_behaves_like 'a method that decodes a spnego token' do
+            let(:gss_result) { 'gss_result' }
+            let(:spnego_response_token) { gss_result }
+          end
+        end
      end

-      it_behaves_like 'a method that decodes a spnego token'
+      context 'with Kerberos service_principal_name missing' do
+        before do
+          expect(gss).not_to receive(:import_name)
+        end

-      context 'when gss_result is not true' do
        it_behaves_like 'a method that decodes a spnego token' do
-          let(:gss_result) { 'gss_result' }
-          let(:spnego_response_token) { gss_result }
+          let(:gss_service_name) { nil }
        end
      end
    end

-    context 'with Kerberos service_principal_name missing' do
+    context 'when the remote call fails' do
      before do
-        expect(gss).not_to receive(:import_name)
+        allow(GSSAPI::Simple).to receive(:new)
+          .with(nil, nil, ::Gitlab.config.kerberos.keytab)
+          .and_raise(GSSAPI::GssApiError, 'a message')
+
+        allow(Gitlab::AppLogger).to receive(:error).and_call_original
      end

-      it_behaves_like 'a method that decodes a spnego token' do
-        let(:gss_service_name) { nil }
+      it 'fails to authenticate and logs an error' do
+        expect(subject.spnego_credentials!('some token')).to eq(false)
+
+        expect(Gitlab::AppLogger).to have_received(:error)
+          .with(%r{failed to process Negotiate/Kerberos authentication: a message})
      end
    end
  end