Commit bec48afe authored by Robert Speicher's avatar Robert Speicher

Merge branch 'pl-fix-applogger-namespace-kerberos' into 'master'

Fix resolution of Gitlab::AppLogger in EE kerberos_spnego_helper

See merge request gitlab-org/gitlab!44822
parents 6f371065 bae19175
......@@ -82,7 +82,7 @@ module EE
# Return user principal name if authentication succeeded
gss.display_name
rescue GSSAPI::GssApiError => ex
Gitlab::AppLogger.error "#{self.class.name}: failed to process Negotiate/Kerberos authentication: #{ex.message}"
::Gitlab::AppLogger.error "#{self.class.name}: failed to process Negotiate/Kerberos authentication: #{ex.message}"
false
end
......
......@@ -10,53 +10,72 @@ RSpec.describe KerberosSpnegoHelper do
subject { Class.new { include KerberosSpnegoHelper }.new }
before do
expect(GSSAPI::Simple).to receive(:new)
.with(nil, nil, ::Gitlab.config.kerberos.keytab)
.and_return(gss)
end
context 'with successful remote call' do
before do
expect(GSSAPI::Simple).to receive(:new)
.with(nil, nil, ::Gitlab.config.kerberos.keytab)
.and_return(gss)
end
shared_examples 'a method that decodes a spnego token' do
let(:gss_result) { true }
let(:spnego_response_token) { nil }
shared_examples 'a method that decodes a spnego token' do
let(:gss_result) { true }
let(:spnego_response_token) { nil }
it 'decodes the given spnego token' do
token = 'abc123'
gss_display_name = 'gss_display_name'
it 'decodes the given spnego token' do
token = 'abc123'
gss_display_name = 'gss_display_name'
expect(gss).to receive(:acquire_credentials).with(gss_service_name)
expect(gss).to receive(:accept_context).with(token).and_return(gss_result)
expect(gss).to receive(:display_name).and_return(gss_display_name)
expect(gss).to receive(:acquire_credentials).with(gss_service_name)
expect(gss).to receive(:accept_context).with(token).and_return(gss_result)
expect(gss).to receive(:display_name).and_return(gss_display_name)
expect(subject.spnego_credentials!(token)).to eq(gss_display_name)
expect(subject.spnego_response_token).to eq(spnego_response_token)
expect(subject.spnego_credentials!(token)).to eq(gss_display_name)
expect(subject.spnego_response_token).to eq(spnego_response_token)
end
end
end
context 'with Kerberos service_principal_name present' do
before do
kerberos_service_principal_name = 'default'
stub_kerberos_setting(service_principal_name: kerberos_service_principal_name)
expect(gss).to receive(:import_name).with(kerberos_service_principal_name).and_return(gss_service_name)
context 'with Kerberos service_principal_name present' do
before do
kerberos_service_principal_name = 'default'
stub_kerberos_setting(service_principal_name: kerberos_service_principal_name)
expect(gss).to receive(:import_name).with(kerberos_service_principal_name).and_return(gss_service_name)
end
it_behaves_like 'a method that decodes a spnego token'
context 'when gss_result is not true' do
it_behaves_like 'a method that decodes a spnego token' do
let(:gss_result) { 'gss_result' }
let(:spnego_response_token) { gss_result }
end
end
end
it_behaves_like 'a method that decodes a spnego token'
context 'with Kerberos service_principal_name missing' do
before do
expect(gss).not_to receive(:import_name)
end
context 'when gss_result is not true' do
it_behaves_like 'a method that decodes a spnego token' do
let(:gss_result) { 'gss_result' }
let(:spnego_response_token) { gss_result }
let(:gss_service_name) { nil }
end
end
end
context 'with Kerberos service_principal_name missing' do
context 'when the remote call fails' do
before do
expect(gss).not_to receive(:import_name)
allow(GSSAPI::Simple).to receive(:new)
.with(nil, nil, ::Gitlab.config.kerberos.keytab)
.and_raise(GSSAPI::GssApiError, 'a message')
allow(Gitlab::AppLogger).to receive(:error).and_call_original
end
it_behaves_like 'a method that decodes a spnego token' do
let(:gss_service_name) { nil }
it 'fails to authenticate and logs an error' do
expect(subject.spnego_credentials!('some token')).to eq(false)
expect(Gitlab::AppLogger).to have_received(:error)
.with(%r{failed to process Negotiate/Kerberos authentication: a message})
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment