BigW Consortium Gitlab

access_spec.rb 2.91 KB
Newer Older
1 2
require 'spec_helper'

Douwe Maan committed
3
describe Gitlab::LDAP::Access, lib: true do
4
  let(:access) { Gitlab::LDAP::Access.new user }
Valery Sizov committed
5
  let(:user) { create(:omniauth_user) }
6

7
  describe '#allowed?' do
8
    subject { access.allowed? }
9 10

    context 'when the user cannot be found' do
11 12 13
      before do
        allow(Gitlab::LDAP::Person).to receive(:find_by_dn).and_return(nil)
      end
14

15
      it { is_expected.to be_falsey }
16

17 18 19
      it 'should block user in GitLab' do
        access.allowed?
        expect(user).to be_blocked
20
        expect(user).to be_ldap_blocked
21
      end
22 23 24
    end

    context 'when the user is found' do
25
      before do
26
        allow(Gitlab::LDAP::Person).to receive(:find_by_dn).and_return(:ldap_user)
27
      end
28

29
      context 'and the user is disabled via active directory' do
30
        before do
31
          allow(Gitlab::LDAP::Person).to receive(:disabled_via_active_directory?).and_return(true)
32
        end
33

34
        it { is_expected.to be_falsey }
35

36
        it 'blocks user in GitLab' do
37
          access.allowed?
38
          expect(user).to be_blocked
39
          expect(user).to be_ldap_blocked
40
        end
41 42
      end

43
      context 'and has no disabled flag in active diretory' do
44
        before do
45
          allow(Gitlab::LDAP::Person).to receive(:disabled_via_active_directory?).and_return(false)
46
        end
47

48
        it { is_expected.to be_truthy }
49

50 51
        context 'when auto-created users are blocked' do
          before do
52
            user.block
53 54
          end

55
          it 'does not unblock user in GitLab' do
56
            access.allowed?
57
            expect(user).to be_blocked
58
            expect(user).not_to be_ldap_blocked # this block is handled by omniauth not by our internal logic
59 60 61
          end
        end

62
        context 'when auto-created users are not blocked' do
63
          before do
64
            user.ldap_block
65 66
          end

67
          it 'unblocks user in GitLab' do
68
            access.allowed?
69
            expect(user).not_to be_blocked
70
          end
71
        end
72
      end
73

74 75
      context 'without ActiveDirectory enabled' do
        before do
76
          allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true)
77
          allow_any_instance_of(Gitlab::LDAP::Config).to receive(:active_directory).and_return(false)
78
        end
79

80
        it { is_expected.to be_truthy }
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105

        context 'when user cannot be found' do
          before do
            allow(Gitlab::LDAP::Person).to receive(:find_by_dn).and_return(nil)
          end

          it { is_expected.to be_falsey }

          it 'blocks user in GitLab' do
            access.allowed?
            expect(user).to be_blocked
            expect(user).to be_ldap_blocked
          end
        end

        context 'when user was previously ldap_blocked' do
          before do
            user.ldap_block
          end

          it 'unblocks the user if it exists' do
            access.allowed?
            expect(user).not_to be_blocked
          end
        end
106
      end
107 108
    end
  end
109
end