Add extra tests around OAUTH / LDAP find_or_create

parent f019821d
...@@ -29,7 +29,7 @@ module Gitlab ...@@ -29,7 +29,7 @@ module Gitlab
def allowed?(user) def allowed?(user)
if Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter) if Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter)
!Gitlab::LDAP::Person.active_directory_disabled?(user.extern_uid, adapter) !Gitlab::LDAP::Person.disabled_via_active_directory?(user.extern_uid, adapter)
else else
false false
end end
......
...@@ -16,7 +16,7 @@ module Gitlab ...@@ -16,7 +16,7 @@ module Gitlab
adapter.user('dn', dn) adapter.user('dn', dn)
end end
def self.active_directory_disabled?(dn, adapter=nil) def self.disabled_via_active_directory?(dn, adapter=nil)
adapter ||= Gitlab::LDAP::Adapter.new adapter ||= Gitlab::LDAP::Adapter.new
adapter.dn_matches_filter?(dn, AD_USER_DISABLED) adapter.dn_matches_filter?(dn, AD_USER_DISABLED)
end end
......
...@@ -92,10 +92,6 @@ module Gitlab ...@@ -92,10 +92,6 @@ module Gitlab
model.where("provider = ? and lower(extern_uid) = ?", provider, uid.downcase).last model.where("provider = ? and lower(extern_uid) = ?", provider, uid.downcase).last
end end
def username
auth.info.nickname.to_s.force_encoding("utf-8")
end
def provider def provider
'ldap' 'ldap'
end end
......
...@@ -67,12 +67,11 @@ module Gitlab ...@@ -67,12 +67,11 @@ module Gitlab
end end
def uid def uid
uid = auth.info.uid || auth.uid auth.uid.to_s
uid = uid.to_s unless uid.nil?
uid
end end
def email def email
return unless auth.info.respond_to?(:email)
auth.info.email.downcase unless auth.info.email.nil? auth.info.email.downcase unless auth.info.email.nil?
end end
...@@ -85,6 +84,7 @@ module Gitlab ...@@ -85,6 +84,7 @@ module Gitlab
end end
def username def username
return unless auth.info.respond_to?(:nickname)
auth.info.nickname.to_s.force_encoding("utf-8") auth.info.nickname.to_s.force_encoding("utf-8")
end end
......
...@@ -120,14 +120,14 @@ describe Gitlab::LDAP::Access do ...@@ -120,14 +120,14 @@ describe Gitlab::LDAP::Access do
context 'when the user is found' do context 'when the user is found' do
before { Gitlab::LDAP::Person.stub(find_by_dn: :ldap_user) } before { Gitlab::LDAP::Person.stub(find_by_dn: :ldap_user) }
context 'and the Active Directory disabled flag is set' do context 'and the user is diabled via active directory' do
before { Gitlab::LDAP::Person.stub(active_directory_disabled?: true) } before { Gitlab::LDAP::Person.stub(disabled_via_active_directory?: true) }
it { should be_false } it { should be_false }
end end
context 'and the Active Directory disabled flag is not set' do context 'and has no disabled flag in active diretory' do
before { Gitlab::LDAP::Person.stub(active_directory_disabled?: false) } before { Gitlab::LDAP::Person.stub(disabled_via_active_directory?: false) }
it { should be_true } it { should be_true }
end end
......
...@@ -2,45 +2,37 @@ require 'spec_helper' ...@@ -2,45 +2,37 @@ require 'spec_helper'
describe Gitlab::LDAP::User do describe Gitlab::LDAP::User do
let(:gl_auth) { Gitlab::LDAP::User } let(:gl_auth) { Gitlab::LDAP::User }
let(:info) do
before do double(
Gitlab.config.stub(omniauth: {})
@info = double(
uid: '12djsak321',
name: 'John', name: 'John',
email: 'john@mail.com', email: 'john@example.com',
nickname: 'john' nickname: 'john'
) )
end end
before { Gitlab.config.stub(omniauth: {}) }
describe :find_or_create do
let(:auth) do
double(info: info, provider: 'ldap', uid: 'my-uid')
end
it "finds the user if already existing" do
existing_user = create(:user, extern_uid: 'my-uid', provider: 'ldap')
describe :find_for_ldap_auth do expect{ gl_auth.find_or_create(auth) }.to_not change{ User.count }
before do
@auth = double(
uid: '12djsak321',
info: @info,
provider: 'ldap'
)
end end
it "should update credentials by email if missing uid" do it "connects to existing non-ldap user if the email matches" do
user = double('User') existing_user = create(:user, email: 'john@example.com')
User.stub find_by_extern_uid_and_provider: nil expect{ gl_auth.find_or_create(auth) }.to_not change{ User.count }
User.stub(:find_by).with(hash_including(email: anything())) { user }
user.should_receive :update_attributes existing_user.reload
gl_auth.find_or_create(@auth) expect(existing_user.extern_uid).to eql 'my-uid'
expect(existing_user.provider).to eql 'ldap'
end end
it "should not update credentials by username if missing uid and Gitlab.config.ldap.allow_username_or_email_login is false" do it "creates a new user if not found" do
user = double('User') expect{ gl_auth.find_or_create(auth) }.to change{ User.count }.by(1)
value = Gitlab.config.ldap.allow_username_or_email_login
Gitlab.config.ldap['allow_username_or_email_login'] = false
User.stub find_by_extern_uid_and_provider: nil
User.stub(:find_by).with(hash_including(email: anything())) { nil }
User.stub(:find_by).with(hash_including(username: anything())) { user }
user.should_not_receive :update_attributes
gl_auth.find_or_create(@auth)
Gitlab.config.ldap['allow_username_or_email_login'] = value
end end
end end
end end
\ No newline at end of file
...@@ -2,44 +2,82 @@ require 'spec_helper' ...@@ -2,44 +2,82 @@ require 'spec_helper'
describe Gitlab::OAuth::User do describe Gitlab::OAuth::User do
let(:gl_auth) { Gitlab::OAuth::User } let(:gl_auth) { Gitlab::OAuth::User }
let(:info) do
before do double(
Gitlab.config.stub(omniauth: {})
@info = double(
uid: '12djsak321',
nickname: 'john', nickname: 'john',
name: 'John', name: 'John',
email: 'john@mail.com' email: 'john@mail.com'
) )
end end
before do
Gitlab.config.stub(omniauth: {})
end
describe :find do
let!(:existing_user) { create(:user, extern_uid: 'my-uid', provider: 'my-provider') }
it "finds an existing user based on uid and provider (facebook)" do
auth = double(info: double(name: 'John'), uid: 'my-uid', provider: 'my-provider')
assert gl_auth.find(auth)
end
it "finds an existing user based on nested uid and provider" do
auth = double(info: info, uid: 'my-uid', provider: 'my-provider')
assert gl_auth.find(auth)
end
end
describe :create do describe :create do
it "should create user from LDAP" do it "should create user from LDAP" do
@auth = double(info: @info, provider: 'ldap') auth = double(info: info, uid: 'my-uid', provider: 'ldap')
user = gl_auth.create(@auth) user = gl_auth.create(auth)
user.should be_valid user.should be_valid
user.extern_uid.should == @info.uid user.extern_uid.should == auth.uid
user.provider.should == 'ldap' user.provider.should == 'ldap'
end end
it "should create user from Omniauth" do it "should create user from Omniauth" do
@auth = double(info: @info, provider: 'twitter') auth = double(info: info, uid: 'my-uid', provider: 'twitter')
user = gl_auth.create(@auth) user = gl_auth.create(auth)
user.should be_valid user.should be_valid
user.extern_uid.should == @info.uid user.extern_uid.should == auth.uid
user.provider.should == 'twitter' user.provider.should == 'twitter'
end end
it "should apply defaults to user" do it "should apply defaults to user" do
@auth = double(info: @info, provider: 'ldap') auth = double(info: info, uid: 'my-uid', provider: 'ldap')
user = gl_auth.create(@auth) user = gl_auth.create(auth)
user.should be_valid user.should be_valid
user.projects_limit.should == Gitlab.config.gitlab.default_projects_limit user.projects_limit.should == Gitlab.config.gitlab.default_projects_limit
user.can_create_group.should == Gitlab.config.gitlab.default_can_create_group user.can_create_group.should == Gitlab.config.gitlab.default_can_create_group
end end
it "Set a temp email address if not provided (like twitter does)" do
info = double(
uid: 'my-uid',
nickname: 'john',
name: 'John'
)
auth = double(info: info, uid: 'my-uid', provider: 'my-provider')
user = gl_auth.create(auth)
expect(user.email).to_not be_empty
end
it 'generates a username if non provided (google)' do
info = double(
uid: 'my-uid',
name: 'John',
email: 'john@example.com'
)
auth = double(info: info, uid: 'my-uid', provider: 'my-provider')
user = gl_auth.create(auth)
expect(user.username).to eql 'john'
end
end end
end end
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment