Add specs for git actions

0d66c970 · Małgorzata Ksionek · 503150b6 · 0d66c970 · 0d66c970
Commit 0d66c970 authored May 06, 2021 by Małgorzata Ksionek
Hide whitespace changes
Inline Side-by-side

Showing with 74 additions and 0 deletions

ee/spec/models/ee/user_spec.rb ee/spec/models/ee/user_spec.rb +38 -0

ee/spec/requests/git_http_spec.rb ee/spec/requests/git_http_spec.rb +36 -0

No files found.
--- a/ee/spec/models/ee/user_spec.rb
+++ b/ee/spec/models/ee/user_spec.rb
@@ -919,6 +919,44 @@ RSpec.describe User do
    end
  end

+  describe '#password_based_login_forbidden?' do
+    context 'when user is provisioned by group' do
+      before do
+        user.user_detail.provisioned_by_group = build(:group)
+      end
+
+      it 'is true' do
+        expect(user.password_based_login_forbidden?).to eq true
+      end
+
+      context 'with feature flag switched off' do
+        before do
+          stub_feature_flags(block_password_auth_for_saml_users: false)
+        end
+
+        it 'is false' do
+          expect(user.password_based_login_forbidden?).to eq false
+        end
+      end
+    end
+
+    context 'when user is not provisioned by group' do
+      it 'is false' do
+        expect(user.password_based_login_forbidden?).to eq false
+      end
+
+      context 'with feature flag switched off' do
+        before do
+          stub_feature_flags(block_password_auth_for_saml_users: false)
+        end
+
+        it 'is false' do
+          expect(user.password_based_login_forbidden?).to eq false
+        end
+      end
+    end
+  end
+
  describe '#using_license_seat?' do
    let(:user) { create(:user) }


--- a/ee/spec/requests/git_http_spec.rb
+++ b/ee/spec/requests/git_http_spec.rb
@@ -153,4 +153,40 @@ RSpec.describe 'Git HTTP requests' do

    it_behaves_like 'pulls are allowed'
  end
+
+  describe 'when user cannot use password-based login' do
+    let(:user) { create(:user) }
+    let(:group) { create(:group) }
+    let(:project) { create(:project, :repository, :private, group: group) }
+    let(:env) { { user: user.username, password: user.password } }
+    let(:path) { "#{project.full_path}.git" }
+
+    before do
+      project.add_developer(user)
+      user.update!(provisioned_by_group: group)
+    end
+
+    context 'with feature flag switched off' do
+      before do
+        stub_feature_flags(block_password_auth_for_saml_users: false)
+      end
+
+      it_behaves_like 'pulls are allowed'
+      it_behaves_like 'pushes are allowed'
+    end
+
+    context 'with feature flag switched on' do
+      it 'responds with status 401 Unauthorized for pull action' do
+        download(path, **env) do |response|
+          expect(response).to have_gitlab_http_status(:unauthorized)
+        end
+      end
+
+      it 'responds with status 401 Unauthorized for push action' do
+        upload(path, **env) do |response|
+          expect(response).to have_gitlab_http_status(:unauthorized)
+        end
+      end
+    end
+  end
 end