Commit 7efaf22b authored by Patricio Cano's avatar Patricio Cano

Removed extra LDAP tests and added tests for the external groups feature

parent 518ec6b2
...@@ -5,7 +5,7 @@ describe Gitlab::Saml::User, lib: true do ...@@ -5,7 +5,7 @@ describe Gitlab::Saml::User, lib: true do
let(:gl_user) { saml_user.gl_user } let(:gl_user) { saml_user.gl_user }
let(:uid) { 'my-uid' } let(:uid) { 'my-uid' }
let(:provider) { 'saml' } let(:provider) { 'saml' }
let(:auth_hash) { OmniAuth::AuthHash.new(uid: uid, provider: provider, info: info_hash) } let(:auth_hash) { OmniAuth::AuthHash.new(uid: uid, provider: provider, info: info_hash, extra: { raw_info: { groups: %w(Developers Freelancers Designers) } }) }
let(:info_hash) do let(:info_hash) do
{ {
name: 'John', name: 'John',
...@@ -31,8 +31,8 @@ describe Gitlab::Saml::User, lib: true do ...@@ -31,8 +31,8 @@ describe Gitlab::Saml::User, lib: true do
describe 'account exists on server' do describe 'account exists on server' do
before { stub_omniauth_config({ allow_single_sign_on: ['saml'], auto_link_saml_user: true }) } before { stub_omniauth_config({ allow_single_sign_on: ['saml'], auto_link_saml_user: true }) }
context 'and should bind with SAML' do
let!(:existing_user) { create(:user, email: 'john@mail.com', username: 'john') } let!(:existing_user) { create(:user, email: 'john@mail.com', username: 'john') }
context 'and should bind with SAML' do
it 'adds the SAML identity to the existing user' do it 'adds the SAML identity to the existing user' do
saml_user.save saml_user.save
expect(gl_user).to be_valid expect(gl_user).to be_valid
...@@ -42,6 +42,32 @@ describe Gitlab::Saml::User, lib: true do ...@@ -42,6 +42,32 @@ describe Gitlab::Saml::User, lib: true do
expect(identity.provider).to eql 'saml' expect(identity.provider).to eql 'saml'
end end
end end
context 'external groups' do
context 'are defined' do
before { stub_saml_config({ options: { name: 'saml', groups_attribute: 'groups', external_groups: %w(Freelancers), args: {} } }) }
it 'marks the user as external' do
saml_user.save
expect(gl_user.external).to be_truthy
end
end
before { stub_saml_config({ options: { name: 'saml', groups_attribute: 'groups', external_groups: %w(Interns), args: {} } }) }
context 'are defined but the user does not belong there' do
it 'does not mark the user as external' do
saml_user.save
expect(gl_user.external).to be_falsey
end
end
context 'user was external, now should not be' do
it 'should make user internal' do
existing_user.update_attribute('external', true)
saml_user.save
expect(gl_user.external).to be_falsey
end
end
end
end end
describe 'no account exists on server' do describe 'no account exists on server' do
...@@ -74,6 +100,24 @@ describe Gitlab::Saml::User, lib: true do ...@@ -74,6 +100,24 @@ describe Gitlab::Saml::User, lib: true do
end end
end end
context 'external groups' do
context 'are defined' do
before { stub_saml_config({ options: { name: 'saml', groups_attribute: 'groups', external_groups: %w(Freelancers), args: {} } }) }
it 'marks the user as external' do
saml_user.save
expect(gl_user.external).to be_truthy
end
end
before { stub_saml_config({ options: { name: 'saml', groups_attribute: 'groups', external_groups: %w(Interns), args: {} } }) }
context 'are defined but the user does not belong there' do
it 'does not mark the user as external' do
saml_user.save
expect(gl_user.external).to be_falsey
end
end
end
context 'with auto_link_ldap_user disabled (default)' do context 'with auto_link_ldap_user disabled (default)' do
before { stub_omniauth_config({ auto_link_ldap_user: false, auto_link_saml_user: false, allow_single_sign_on: ['saml'] }) } before { stub_omniauth_config({ auto_link_ldap_user: false, auto_link_saml_user: false, allow_single_sign_on: ['saml'] }) }
include_examples 'to verify compliance with allow_single_sign_on' include_examples 'to verify compliance with allow_single_sign_on'
...@@ -193,26 +237,6 @@ describe Gitlab::Saml::User, lib: true do ...@@ -193,26 +237,6 @@ describe Gitlab::Saml::User, lib: true do
expect(gl_user).not_to be_blocked expect(gl_user).not_to be_blocked
end end
end end
context 'dont block on create (LDAP)' do
before { allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: false) }
it do
saml_user.save
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end
context 'block on create (LDAP)' do
before { allow_any_instance_of(Gitlab::LDAP::Config).to receive_messages(block_auto_created_users: true) }
it do
saml_user.save
expect(gl_user).to be_valid
expect(gl_user).not_to be_blocked
end
end
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment