BigW Consortium Gitlab

user_spec.rb 6.77 KB
Newer Older
1 2
require 'spec_helper'

Douwe Maan committed
3
describe Gitlab::LDAP::User, lib: true do
4 5
  let(:ldap_user) { Gitlab::LDAP::User.new(auth_hash) }
  let(:gl_user) { ldap_user.gl_user }
6
  let(:info) do
7
    {
8
      name: 'John',
9
      email: 'john@example.com',
10
      nickname: 'john'
11 12 13
    }
  end
  let(:auth_hash) do
14
    OmniAuth::AuthHash.new(uid: 'my-uid', provider: 'ldapmain', info: info)
15
  end
16 17 18 19 20 21 22 23 24 25 26
  let(:ldap_user_upper_case) { Gitlab::LDAP::User.new(auth_hash_upper_case) }
  let(:info_upper_case) do
    {
      name: 'John',
      email: 'John@Example.com', # Email address has upper case chars
      nickname: 'john'
    }
  end
  let(:auth_hash_upper_case) do
    OmniAuth::AuthHash.new(uid: 'my-uid', provider: 'ldapmain', info: info_upper_case)
  end
27

28
  describe '#changed?' do
29
    it "marks existing ldap user as changed" do
30
      create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain')
31
      expect(ldap_user.changed?).to be_truthy
32 33 34
    end

    it "marks existing non-ldap user if the email matches as changed" do
35
      create(:user, email: 'john@example.com')
36
      expect(ldap_user.changed?).to be_truthy
37 38
    end

39
    it "does not mark existing ldap user as changed" do
40
      create(:omniauth_user, email: 'john@example.com', extern_uid: 'my-uid', provider: 'ldapmain', external_email: true, email_provider: 'ldapmain')
41
      expect(ldap_user.changed?).to be_falsey
42 43 44
    end
  end

45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
  describe '.find_by_uid_and_provider' do
    it 'retrieves the correct user' do
      special_info = {
        name: 'John Åström',
        email: 'john@example.com',
        nickname: 'jastrom'
      }
      special_hash = OmniAuth::AuthHash.new(uid: 'CN=John Åström,CN=Users,DC=Example,DC=com', provider: 'ldapmain', info: special_info)
      special_chars_user = described_class.new(special_hash)
      user = special_chars_user.save

      expect(described_class.find_by_uid_and_provider(special_hash.uid, special_hash.provider)).to eq user
    end
  end

60
  describe 'find or create' do
61
    it "finds the user if already existing" do
62
      create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain')
63

64
      expect{ ldap_user.save }.not_to change{ User.count }
65 66
    end

67
    it "connects to existing non-ldap user if the email matches" do
Valery Sizov committed
68
      existing_user = create(:omniauth_user, email: 'john@example.com', provider: "twitter")
69
      expect{ ldap_user.save }.not_to change{ User.count }
70 71

      existing_user.reload
72 73
      expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
      expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
74 75
    end

76 77 78 79 80 81 82
    it 'connects to existing ldap user if the extern_uid changes' do
      existing_user = create(:omniauth_user, email: 'john@example.com', extern_uid: 'old-uid', provider: 'ldapmain')
      expect{ ldap_user.save }.not_to change{ User.count }

      existing_user.reload
      expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
      expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
83 84 85 86 87 88 89 90 91 92
      expect(existing_user.id).to eql ldap_user.gl_user.id
    end

    it 'connects to existing ldap user if the extern_uid changes and email address has upper case characters' do
      existing_user = create(:omniauth_user, email: 'john@example.com', extern_uid: 'old-uid', provider: 'ldapmain')
      expect{ ldap_user_upper_case.save }.not_to change{ User.count }

      existing_user.reload
      expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
      expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
93 94 95 96 97
      expect(existing_user.id).to eql ldap_user.gl_user.id
    end

    it 'maintains an identity per provider' do
      existing_user = create(:omniauth_user, email: 'john@example.com', provider: 'twitter')
98
      expect(existing_user.identities.count).to be(1)
99 100

      ldap_user.save
101
      expect(ldap_user.gl_user.identities.count).to be(2)
102 103 104 105 106 107

      # Expect that find_by provider only returns a single instance of an identity and not an Enumerable
      expect(ldap_user.gl_user.identities.find_by(provider: 'twitter')).to be_instance_of Identity
      expect(ldap_user.gl_user.identities.find_by(provider: auth_hash.provider)).to be_instance_of Identity
    end

108
    it "creates a new user if not found" do
109 110
      expect{ ldap_user.save }.to change{ User.count }.by(1)
    end
111 112 113 114 115 116 117 118 119 120 121 122

    context 'when signup is disabled' do
      before do
        stub_application_setting signup_enabled: false
      end

      it 'creates the user' do
        ldap_user.save

        expect(gl_user).to be_persisted
      end
    end
123 124 125 126 127 128 129 130 131 132 133 134 135

    context 'when user confirmation email is enabled' do
      before do
        stub_application_setting send_user_confirmation_email: true
      end

      it 'creates and confirms the user anyway' do
        ldap_user.save

        expect(gl_user).to be_persisted
        expect(gl_user).to be_confirmed
      end
    end
136 137
  end

138 139 140 141 142 143
  describe 'updating email' do
    context "when LDAP sets an email" do
      it "has a real email" do
        expect(ldap_user.gl_user.email).to eq(info[:email])
      end

144 145 146 147 148 149
      it "has external_email set to true" do
        expect(ldap_user.gl_user.external_email?).to be(true)
      end

      it "has email_provider set to provider" do
        expect(ldap_user.gl_user.email_provider).to eql 'ldapmain'
150 151 152 153 154 155 156 157 158 159 160 161
      end
    end

    context "when LDAP doesn't set an email" do
      before do
        info.delete(:email)
      end

      it "has a temp email" do
        expect(ldap_user.gl_user.temp_oauth_email?).to be(true)
      end

162 163
      it "has external_email set to false" do
        expect(ldap_user.gl_user.external_email?).to be(false)
164 165 166 167
      end
    end
  end

168
  describe 'blocking' do
169
    def configure_block(value)
170 171
      allow_any_instance_of(Gitlab::LDAP::Config)
        .to receive(:block_auto_created_users).and_return(value)
172 173
    end

174 175
    context 'signup' do
      context 'dont block on create' do
176 177 178
        before do
          configure_block(false)
        end
179 180 181 182 183 184 185 186 187

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).not_to be_blocked
        end
      end

      context 'block on create' do
188 189 190
        before do
          configure_block(true)
        end
191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).to be_blocked
        end
      end
    end

    context 'sign-in' do
      before do
        ldap_user.save
        ldap_user.gl_user.activate
      end

      context 'dont block on create' do
207 208 209
        before do
          configure_block(false)
        end
210 211 212 213 214 215 216 217 218

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).not_to be_blocked
        end
      end

      context 'block on create' do
219 220 221
        before do
          configure_block(true)
        end
222 223 224 225 226 227 228

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).not_to be_blocked
        end
      end
229 230 231
    end
  end
end