1. 04 Jul, 2017 12 commits
    • Timothy Andrew's avatar
      Fix build for !11963. · d4caab38
      Timothy Andrew authored
      - Don't use `request.env['omniauth.params']` if it isn't present.
      
      - Remove the `saml` section from the `gitlab.yml` test section. Some tests
        depend on this section not being initially present, so it can be overridden
        in the test. This MR doesn't add any tests for SAML, so we didn't really need
        this in the first place anyway.
      
      - Clean up the test -> omniauth section of `gitlab.yml`
      d4caab38
    • Timothy Andrew's avatar
      Implement review comments for !11963 from @filipa. · 70f73c6b
      Timothy Andrew authored
      - Disable an ESLint check rather than work around it (by
        converting `OAuthRememberMe` from a regular class to a
        static class.
      
      - Scope `$` calls inside `OAuthRememberMe`
      70f73c6b
    • Timothy Andrew's avatar
      Implement review comments for !11963 from @adamniedzielski. · 37cb1a4d
      Timothy Andrew authored
      - Change double quotes to single quotes.
      - Why is `OmniAuth.config.full_host` being reassigned in the integration test?
      - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task
      - Other minor changes
      37cb1a4d
    • Timothy Andrew's avatar
      Don't allow the `gitlab:env:info` rake task to mutate the list of omniauth providers. · 271bd93a
      Timothy Andrew authored
      - The test for `rake gitlab:env:info` executed the rake task, which mutated the
        list of omniauth providers, breaking subsequent tests relying on this list.
      
      - I've changed the rake task to duplicate the providers list before modifying it.
      271bd93a
    • Timothy Andrew's avatar
      Add CHANGELOG entry for CE MR 11963 · f681e41b
      Timothy Andrew authored
      f681e41b
    • Timothy Andrew's avatar
    • Timothy Andrew's avatar
      Add Omniauth OAuth config to the test section of `gitlab.yml` · a4f2b5bb
      Timothy Andrew authored
      - I tried to get this to work by stubbing out portions of the config within the
        test. This didn't work as expected because Devise/Omniauth loaded before the
        stub could run, and the stubbed config was ignored.
      
      - I attempted to fix this by reloading Devise/Omniauth after stubbing the
        config. This successfully got Devise to load the stubbed providers, but failed
        while trying to access a route such as `user_gitlab_omniauth_authorize_path`.
      
      - I spent a while trying to figure this out (even trying
        `Rails.application.reload_routes!`), but nothing seemed to work.
      
      - I settled for adding this config directly to `gitlab.yml` rather than go down
        this path any further.
      a4f2b5bb
    • Timothy Andrew's avatar
      Add more providers to the OAuth login integration tests. · 6a15f2d0
      Timothy Andrew authored
      - Added saml, authentiq, cas3, and auth0
      - Crowd seems to be a special case that will be handled separately.
      6a15f2d0
    • Timothy Andrew's avatar
      d2eb9bc8
    • Timothy Andrew's avatar
      0754a442
    • Timothy Andrew's avatar
      Add integration tests around OAuth login. · d2859f86
      Timothy Andrew authored
      - There was previously a test for `saml` login in `login_spec`, but this didn't
        seem to be passing. A lot of things didn't seem right here, and I suspect that
        this test hasn't been running. I'll investigate this further.
      
      - It took almost a whole working day to figure out this line:
      
          OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') }
      
        As always, it's obvious in retrospect, but it took some digging to figure out
        tests were failing and returning 404s during the callback phase.
      
      - Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook
      d2859f86
    • Timothy Andrew's avatar
      Implement "remember me" for OAuth-based login. · c3c642bf
      Timothy Andrew authored
      - Pass a `remember_me` query parameter along with the initial OAuth request, and
        pick this parameter up during the omniauth callback from
        request.env['omniauth.params']`
      
      - For 2FA-based login, copy the `remember_me` param from `omniauth.params` to
        `params`, which the 2FA process will pick up.
      
      - For non-2FA-based login, simply call the `remember_me` devise method to set
        the session cookie.
      c3c642bf
  2. 03 Jul, 2017 28 commits