BigW Consortium Gitlab

user_spec.rb 6.52 KB
Newer Older
1 2
require 'spec_helper'

Douwe Maan committed
3
describe Gitlab::LDAP::User, lib: true do
4 5
  let(:ldap_user) { Gitlab::LDAP::User.new(auth_hash) }
  let(:gl_user) { ldap_user.gl_user }
6
  let(:info) do
7
    {
8
      name: 'John',
9
      email: 'john@example.com',
10
      nickname: 'john'
11 12 13
    }
  end
  let(:auth_hash) do
14
    OmniAuth::AuthHash.new(uid: 'my-uid', provider: 'ldapmain', info: info)
15
  end
16 17 18 19 20 21 22 23 24 25 26
  let(:ldap_user_upper_case) { Gitlab::LDAP::User.new(auth_hash_upper_case) }
  let(:info_upper_case) do
    {
      name: 'John',
      email: 'John@Example.com', # Email address has upper case chars
      nickname: 'john'
    }
  end
  let(:auth_hash_upper_case) do
    OmniAuth::AuthHash.new(uid: 'my-uid', provider: 'ldapmain', info: info_upper_case)
  end
27

28
  describe '#changed?' do
29
    it "marks existing ldap user as changed" do
30
      create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain')
31
      expect(ldap_user.changed?).to be_truthy
32 33 34
    end

    it "marks existing non-ldap user if the email matches as changed" do
35
      create(:user, email: 'john@example.com')
36
      expect(ldap_user.changed?).to be_truthy
37 38
    end

39
    it "does not mark existing ldap user as changed" do
40
      create(:omniauth_user, email: 'john@example.com', extern_uid: 'my-uid', provider: 'ldapmain', ldap_email: true)
41
      expect(ldap_user.changed?).to be_falsey
42 43 44
    end
  end

45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
  describe '.find_by_uid_and_provider' do
    it 'retrieves the correct user' do
      special_info = {
        name: 'John Åström',
        email: 'john@example.com',
        nickname: 'jastrom'
      }
      special_hash = OmniAuth::AuthHash.new(uid: 'CN=John Åström,CN=Users,DC=Example,DC=com', provider: 'ldapmain', info: special_info)
      special_chars_user = described_class.new(special_hash)
      user = special_chars_user.save

      expect(described_class.find_by_uid_and_provider(special_hash.uid, special_hash.provider)).to eq user
    end
  end

60
  describe 'find or create' do
61
    it "finds the user if already existing" do
62
      create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain')
63

64
      expect{ ldap_user.save }.not_to change{ User.count }
65 66
    end

67
    it "connects to existing non-ldap user if the email matches" do
Valery Sizov committed
68
      existing_user = create(:omniauth_user, email: 'john@example.com', provider: "twitter")
69
      expect{ ldap_user.save }.not_to change{ User.count }
70 71

      existing_user.reload
72 73
      expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
      expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
74 75
    end

76 77 78 79 80 81 82
    it 'connects to existing ldap user if the extern_uid changes' do
      existing_user = create(:omniauth_user, email: 'john@example.com', extern_uid: 'old-uid', provider: 'ldapmain')
      expect{ ldap_user.save }.not_to change{ User.count }

      existing_user.reload
      expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
      expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
83 84 85 86 87 88 89 90 91 92
      expect(existing_user.id).to eql ldap_user.gl_user.id
    end

    it 'connects to existing ldap user if the extern_uid changes and email address has upper case characters' do
      existing_user = create(:omniauth_user, email: 'john@example.com', extern_uid: 'old-uid', provider: 'ldapmain')
      expect{ ldap_user_upper_case.save }.not_to change{ User.count }

      existing_user.reload
      expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
      expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
93 94 95 96 97
      expect(existing_user.id).to eql ldap_user.gl_user.id
    end

    it 'maintains an identity per provider' do
      existing_user = create(:omniauth_user, email: 'john@example.com', provider: 'twitter')
98
      expect(existing_user.identities.count).to be(1)
99 100

      ldap_user.save
101
      expect(ldap_user.gl_user.identities.count).to be(2)
102 103 104 105 106 107

      # Expect that find_by provider only returns a single instance of an identity and not an Enumerable
      expect(ldap_user.gl_user.identities.find_by(provider: 'twitter')).to be_instance_of Identity
      expect(ldap_user.gl_user.identities.find_by(provider: auth_hash.provider)).to be_instance_of Identity
    end

108
    it "creates a new user if not found" do
109 110
      expect{ ldap_user.save }.to change{ User.count }.by(1)
    end
111 112 113 114 115 116 117 118 119 120 121 122

    context 'when signup is disabled' do
      before do
        stub_application_setting signup_enabled: false
      end

      it 'creates the user' do
        ldap_user.save

        expect(gl_user).to be_persisted
      end
    end
123 124 125 126 127 128 129 130 131 132 133 134 135

    context 'when user confirmation email is enabled' do
      before do
        stub_application_setting send_user_confirmation_email: true
      end

      it 'creates and confirms the user anyway' do
        ldap_user.save

        expect(gl_user).to be_persisted
        expect(gl_user).to be_confirmed
      end
    end
136 137
  end

138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163
  describe 'updating email' do
    context "when LDAP sets an email" do
      it "has a real email" do
        expect(ldap_user.gl_user.email).to eq(info[:email])
      end

      it "has ldap_email set to true" do
        expect(ldap_user.gl_user.ldap_email?).to be(true)
      end
    end

    context "when LDAP doesn't set an email" do
      before do
        info.delete(:email)
      end

      it "has a temp email" do
        expect(ldap_user.gl_user.temp_oauth_email?).to be(true)
      end

      it "has ldap_email set to false" do
        expect(ldap_user.gl_user.ldap_email?).to be(false)
      end
    end
  end

164
  describe 'blocking' do
165 166 167 168 169
    def configure_block(value)
      allow_any_instance_of(Gitlab::LDAP::Config).
        to receive(:block_auto_created_users).and_return(value)
    end

170 171
    context 'signup' do
      context 'dont block on create' do
172
        before { configure_block(false) }
173 174 175 176 177 178 179 180 181

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).not_to be_blocked
        end
      end

      context 'block on create' do
182
        before { configure_block(true) }
183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).to be_blocked
        end
      end
    end

    context 'sign-in' do
      before do
        ldap_user.save
        ldap_user.gl_user.activate
      end

      context 'dont block on create' do
199
        before { configure_block(false) }
200 201 202 203 204 205 206 207 208

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).not_to be_blocked
        end
      end

      context 'block on create' do
209
        before { configure_block(true) }
210 211 212 213 214 215 216

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).not_to be_blocked
        end
      end
217 218 219
    end
  end
end