Commit 040e6e72 authored by Yorick Peterse's avatar Yorick Peterse

Merge branch 'ce-security-jej/group-saml-link-origin-verification' into 'master'

Ensure request to link GroupSAML acount was GitLab initiated

See merge request gitlab/gitlabhq!2976
parents 4c887a19 104c8b89
...@@ -12,7 +12,7 @@ module Gitlab ...@@ -12,7 +12,7 @@ module Gitlab
end end
def link def link
save if identity.new_record? save if unlinked?
end end
def changed? def changed?
...@@ -35,6 +35,10 @@ module Gitlab ...@@ -35,6 +35,10 @@ module Gitlab
@changed = identity.save @changed = identity.save
end end
def unlinked?
identity.new_record?
end
# rubocop: disable CodeReuse/ActiveRecord # rubocop: disable CodeReuse/ActiveRecord
def identity def identity
@identity ||= current_user.identities @identity ||= current_user.identities
......
...@@ -193,7 +193,7 @@ describe OmniauthCallbacksController, type: :controller do ...@@ -193,7 +193,7 @@ describe OmniauthCallbacksController, type: :controller do
before do before do
stub_omniauth_saml_config({ enabled: true, auto_link_saml_user: true, allow_single_sign_on: ['saml'], stub_omniauth_saml_config({ enabled: true, auto_link_saml_user: true, allow_single_sign_on: ['saml'],
providers: [saml_config] }) providers: [saml_config] })
mock_auth_hash('saml', 'my-uid', user.email, mock_saml_response) mock_auth_hash_with_saml_xml('saml', 'my-uid', user.email, mock_saml_response)
request.env["devise.mapping"] = Devise.mappings[:user] request.env["devise.mapping"] = Devise.mappings[:user]
request.env['omniauth.auth'] = Rails.application.env_config['omniauth.auth'] request.env['omniauth.auth'] = Rails.application.env_config['omniauth.auth']
post :saml, params: { SAMLResponse: mock_saml_response } post :saml, params: { SAMLResponse: mock_saml_response }
......
...@@ -47,7 +47,7 @@ module LoginHelpers ...@@ -47,7 +47,7 @@ module LoginHelpers
end end
def gitlab_sign_in_via(provider, user, uid, saml_response = nil) def gitlab_sign_in_via(provider, user, uid, saml_response = nil)
mock_auth_hash(provider, uid, user.email, saml_response) mock_auth_hash_with_saml_xml(provider, uid, user.email, saml_response)
visit new_user_session_path visit new_user_session_path
click_link provider click_link provider
end end
...@@ -87,7 +87,12 @@ module LoginHelpers ...@@ -87,7 +87,12 @@ module LoginHelpers
click_link "oauth-login-#{provider}" click_link "oauth-login-#{provider}"
end end
def mock_auth_hash(provider, uid, email, saml_response = nil) def mock_auth_hash_with_saml_xml(provider, uid, email, saml_response)
response_object = { document: saml_xml(saml_response) }
mock_auth_hash(provider, uid, email, response_object: response_object)
end
def mock_auth_hash(provider, uid, email, response_object: nil)
# The mock_auth configuration allows you to set per-provider (or default) # The mock_auth configuration allows you to set per-provider (or default)
# authentication hashes to return during integration testing. # authentication hashes to return during integration testing.
OmniAuth.config.mock_auth[provider.to_sym] = OmniAuth::AuthHash.new({ OmniAuth.config.mock_auth[provider.to_sym] = OmniAuth::AuthHash.new({
...@@ -110,9 +115,7 @@ module LoginHelpers ...@@ -110,9 +115,7 @@ module LoginHelpers
image: 'mock_user_thumbnail_url' image: 'mock_user_thumbnail_url'
} }
}, },
response_object: { response_object: response_object
document: saml_xml(saml_response)
}
} }
}) })
Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[provider.to_sym] Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[provider.to_sym]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment