1. 06 Jul, 2017 12 commits
    • Timothy Andrew's avatar
      Fix build for !11963. · c8e46c69
      Timothy Andrew authored
      - Don't use `request.env['omniauth.params']` if it isn't present.
      
      - Remove the `saml` section from the `gitlab.yml` test section. Some tests
        depend on this section not being initially present, so it can be overridden
        in the test. This MR doesn't add any tests for SAML, so we didn't really need
        this in the first place anyway.
      
      - Clean up the test -> omniauth section of `gitlab.yml`
      c8e46c69
    • Timothy Andrew's avatar
      Implement review comments for !11963 from @filipa. · fa7bb6e7
      Timothy Andrew authored
      - Disable an ESLint check rather than work around it (by
        converting `OAuthRememberMe` from a regular class to a
        static class.
      
      - Scope `$` calls inside `OAuthRememberMe`
      fa7bb6e7
    • Timothy Andrew's avatar
      Implement review comments for !11963 from @adamniedzielski. · 346db4ff
      Timothy Andrew authored
      - Change double quotes to single quotes.
      - Why is `OmniAuth.config.full_host` being reassigned in the integration test?
      - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task
      - Other minor changes
      346db4ff
    • Timothy Andrew's avatar
      Don't allow the `gitlab:env:info` rake task to mutate the list of omniauth providers. · 06f2a567
      Timothy Andrew authored
      - The test for `rake gitlab:env:info` executed the rake task, which mutated the
        list of omniauth providers, breaking subsequent tests relying on this list.
      
      - I've changed the rake task to duplicate the providers list before modifying it.
      06f2a567
    • Timothy Andrew's avatar
      Add CHANGELOG entry for CE MR 11963 · 5f685391
      Timothy Andrew authored
      5f685391
    • Timothy Andrew's avatar
    • Timothy Andrew's avatar
      Add Omniauth OAuth config to the test section of `gitlab.yml` · 0784dc11
      Timothy Andrew authored
      - I tried to get this to work by stubbing out portions of the config within the
        test. This didn't work as expected because Devise/Omniauth loaded before the
        stub could run, and the stubbed config was ignored.
      
      - I attempted to fix this by reloading Devise/Omniauth after stubbing the
        config. This successfully got Devise to load the stubbed providers, but failed
        while trying to access a route such as `user_gitlab_omniauth_authorize_path`.
      
      - I spent a while trying to figure this out (even trying
        `Rails.application.reload_routes!`), but nothing seemed to work.
      
      - I settled for adding this config directly to `gitlab.yml` rather than go down
        this path any further.
      0784dc11
    • Timothy Andrew's avatar
      Add more providers to the OAuth login integration tests. · af3150cf
      Timothy Andrew authored
      - Added saml, authentiq, cas3, and auth0
      - Crowd seems to be a special case that will be handled separately.
      af3150cf
    • Timothy Andrew's avatar
      d6023d33
    • Timothy Andrew's avatar
      dbe6cc6e
    • Timothy Andrew's avatar
      Add integration tests around OAuth login. · cd3aa1f5
      Timothy Andrew authored
      - There was previously a test for `saml` login in `login_spec`, but this didn't
        seem to be passing. A lot of things didn't seem right here, and I suspect that
        this test hasn't been running. I'll investigate this further.
      
      - It took almost a whole working day to figure out this line:
      
          OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') }
      
        As always, it's obvious in retrospect, but it took some digging to figure out
        tests were failing and returning 404s during the callback phase.
      
      - Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook
      cd3aa1f5
    • Timothy Andrew's avatar
      Implement "remember me" for OAuth-based login. · 370e8e33
      Timothy Andrew authored
      - Pass a `remember_me` query parameter along with the initial OAuth request, and
        pick this parameter up during the omniauth callback from
        request.env['omniauth.params']`.
      
      - For 2FA-based login, copy the `remember_me` param from `omniauth.params` to
        `params`, which the 2FA process will pick up.
      
      - For non-2FA-based login, simply call the `remember_me` devise method to set
        the session cookie.
      370e8e33
  2. 05 Jul, 2017 28 commits