Add specs to ensure default password is not repeated

Covers SAML, LDAP and OAuth

Add specs to ensure default password is not repeated
Covers SAML, LDAP and OAuth
f6ad89eb · Sanad Liaquat · Pavel Shutsin · 2f0cdca5 · f6ad89eb
Commit f6ad89eb authored Apr 13, 2022 by Sanad Liaquat Committed by Pavel Shutsin Apr 13, 2022
Show whitespace changes
Inline Side-by-side

Showing with 43 additions and 4 deletions

spec/lib/gitlab/auth/o_auth/user_spec.rb spec/lib/gitlab/auth/o_auth/user_spec.rb +43 -4

No files found.
--- a/spec/lib/gitlab/auth/o_auth/user_spec.rb
+++ b/spec/lib/gitlab/auth/o_auth/user_spec.rb
@@ -6,11 +6,15 @@ RSpec.describe Gitlab::Auth::OAuth::User do
  include LdapHelpers

  let(:oauth_user) { described_class.new(auth_hash) }
+  let(:oauth_user_2) { described_class.new(auth_hash_2) }
  let(:gl_user) { oauth_user.gl_user }
+  let(:gl_user_2) { oauth_user_2.gl_user }
  let(:uid) { 'my-uid' }
+  let(:uid_2) { 'my-uid-2' }
  let(:dn) { 'uid=user1,ou=people,dc=example' }
  let(:provider) { 'my-provider' }
  let(:auth_hash) { OmniAuth::AuthHash.new(uid: uid, provider: provider, info: info_hash) }
+  let(:auth_hash_2) { OmniAuth::AuthHash.new(uid: uid_2, provider: provider, info: info_hash) }
  let(:info_hash) do
    {
      nickname: '-john+gitlab-ETC%.git@gmail.com',
@@ -24,6 +28,7 @@ RSpec.describe Gitlab::Auth::OAuth::User do
  end

  let(:ldap_user) { Gitlab::Auth::Ldap::Person.new(Net::LDAP::Entry.new, 'ldapmain') }
+  let(:ldap_user_2) { Gitlab::Auth::Ldap::Person.new(Net::LDAP::Entry.new, 'ldapmain') }

  describe '.find_by_uid_and_provider' do
    let(:dn) { 'CN=John Åström, CN=Users, DC=Example, DC=com' }
@@ -46,12 +51,12 @@ RSpec.describe Gitlab::Auth::OAuth::User do
    let!(:existing_user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'my-provider') }

    it "finds an existing user based on uid and provider (facebook)" do
-      expect( oauth_user.persisted? ).to be_truthy
+      expect(oauth_user.persisted?).to be_truthy
    end

    it 'returns false if user is not found in database' do
      allow(auth_hash).to receive(:uid).and_return('non-existing')
-      expect( oauth_user.persisted? ).to be_falsey
+      expect(oauth_user.persisted?).to be_falsey
    end
  end

@@ -78,15 +83,27 @@ RSpec.describe Gitlab::Auth::OAuth::User do
      context 'when signup is disabled' do
        before do
          stub_application_setting signup_enabled: false
+          stub_omniauth_config(allow_single_sign_on: [provider])
        end

        it 'creates the user' do
-          stub_omniauth_config(allow_single_sign_on: [provider])
-
          oauth_user.save # rubocop:disable Rails/SaveBang

          expect(gl_user).to be_persisted
        end
+
+        it 'does not repeat the default user password' do
+          oauth_user.save # rubocop:disable Rails/SaveBang
+          oauth_user_2.save # rubocop:disable Rails/SaveBang
+
+          expect(gl_user.password).not_to eq(gl_user_2.password)
+        end
+
+        it 'has the password length within specified range' do
+          oauth_user.save # rubocop:disable Rails/SaveBang
+
+          expect(gl_user.password.length).to be_between(Devise.password_length.min, Devise.password_length.max)
+        end
      end

      context 'when user confirmation email is enabled' do
@@ -330,6 +347,12 @@ RSpec.describe Gitlab::Auth::OAuth::User do
              allow(ldap_user).to receive(:name) { 'John Doe' }
              allow(ldap_user).to receive(:email) { ['johndoe@example.com', 'john2@example.com'] }
              allow(ldap_user).to receive(:dn) { dn }
+
+              allow(ldap_user_2).to receive(:uid) { uid_2 }
+              allow(ldap_user_2).to receive(:username) { uid_2 }
+              allow(ldap_user_2).to receive(:name) { 'Beck Potter' }
+              allow(ldap_user_2).to receive(:email) { ['beckpotter@example.com', 'beck2@example.com'] }
+              allow(ldap_user_2).to receive(:dn) { dn }
            end

            context "and no account for the LDAP user" do
@@ -340,6 +363,14 @@ RSpec.describe Gitlab::Auth::OAuth::User do
                  oauth_user.save # rubocop:disable Rails/SaveBang
                end

+                it 'does not repeat the default user password' do
+                  allow(Gitlab::Auth::Ldap::Person).to receive(:find_by_uid).and_return(ldap_user_2)
+
+                  oauth_user_2.save # rubocop:disable Rails/SaveBang
+
+                  expect(gl_user.password).not_to eq(gl_user_2.password)
+                end
+
                it "creates a user with dual LDAP and omniauth identities" do
                  expect(gl_user).to be_valid
                  expect(gl_user.username).to eql uid
@@ -609,6 +640,7 @@ RSpec.describe Gitlab::Auth::OAuth::User do

      context 'signup with SAML' do
        let(:provider) { 'saml' }
+        let(:block_auto_created_users) { false }

        before do
          stub_omniauth_config({
@@ -625,6 +657,13 @@ RSpec.describe Gitlab::Auth::OAuth::User do
        it_behaves_like 'not being blocked on creation' do
          let(:block_auto_created_users) { false }
        end
+
+        it 'does not repeat the default user password' do
+          oauth_user.save # rubocop:disable Rails/SaveBang
+          oauth_user_2.save # rubocop:disable Rails/SaveBang
+
+          expect(gl_user.password).not_to eq(gl_user_2.password)
+        end
      end

      context 'signup with omniauth only' do