Add Omniauth OAuth config to the test section of `gitlab.yml`

- I tried to get this to work by stubbing out portions of the config within the test. This didn't work as expected because Devise/Omniauth loaded before the stub could run, and the stubbed config was ignored. - I attempted to fix this by reloading Devise/Omniauth after stubbing the config. This successfully got Devise to load the stubbed providers, but failed while trying to access a route such as `user_gitlab_omniauth_authorize_path`. - I spent a while trying to figure this out (even trying `Rails.application.reload_routes!`), but nothing seemed to work. - I settled for adding this config directly to `gitlab.yml` rather than go down this path any further.

Add Omniauth OAuth config to the test section of `gitlab.yml`
15dba34c · Timothy Andrew · fd948558 · 15dba34c · 15dba34c
Commit 15dba34c authored Jun 19, 2017 by Timothy Andrew
Hide whitespace changes
Inline Side-by-side

Showing with 67 additions and 51 deletions

gitlab.yml.example config/gitlab.yml.example +66 -0

oauth_login_spec.rb spec/features/oauth_login_spec.rb +1 -51

No files found.
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -615,6 +615,72 @@ test:
      title: "JIRA"
      url: https://sample_company.atlassian.net
      project_key: PROJECT
+
+  omniauth:
+    enabled: true
+    allow_single_sign_on: true
+    block_auto_created_users: false
+    auto_link_saml_user: true
+    external_providers: []
+
+    providers:
+      - { name: 'cas3',
+          label: 'cas3',
+          args: {
+                  url: 'https://sso.example.com',
+                  disable_ssl_verification: false,
+                  login_url: '/cas/login',
+                  service_validate_url: '/cas/p3/serviceValidate',
+                  logout_url: '/cas/logout'} }
+      - { name: 'authentiq',
+          app_id: 'YOUR_CLIENT_ID',
+          app_secret: 'YOUR_CLIENT_SECRET',
+          args: {
+                  scope: 'aq:name email~rs address aq:push'
+                }
+        }
+
+      - { name: 'github',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET',
+          url: "https://github.com/",
+          verify_ssl: false,
+          args: { scope: 'user:email' } }
+      - { name: 'bitbucket',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET' }
+      - { name: 'gitlab',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET',
+          args: { scope: 'api' } }
+      - { name: 'google_oauth2',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET',
+          args: { access_type: 'offline', approval_prompt: '' } }
+      - { name: 'facebook',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET' }
+      - { name: 'twitter',
+          app_id: 'YOUR_APP_ID',
+          app_secret: 'YOUR_APP_SECRET' }
+      
+      - { name: 'saml',
+          label: 'Our SAML Provider',
+          groups_attribute: 'Groups',
+          external_groups: ['Contractors', 'Freelancers'],
+          args: {
+                  assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
+                  idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
+                  idp_sso_target_url: 'https://login.example.com/idp',
+                  issuer: 'https://gitlab.example.com',
+                  name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
+                } }
+      
+      - { name: 'auth0',
+          args: {
+            client_id: 'YOUR_AUTH0_CLIENT_ID',
+            client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
+            namespace: 'YOUR_AUTH0_DOMAIN' } }
  ldap:
    enabled: false
    servers:

--- a/spec/features/oauth_login_spec.rb
+++ b/spec/features/oauth_login_spec.rb
@@ -6,23 +6,6 @@ feature 'OAuth Login', feature: true, js: true do
    click_button 'Verify code'
  end

-  def provider_config(provider)
-    if provider == :saml
-      OpenStruct.new(
-        name: 'saml', label: 'saml',
-        args: {
-          assertion_consumer_service_url: 'https://localhost:3443/users/auth/saml/callback',
-          idp_cert_fingerprint: '26:43:2C:47:AF:F0:6B:D0:07:9C:AD:A3:74:FE:5D:94:5F:4E:9E:52',
-          idp_sso_target_url: 'https://idp.example.com/sso/saml',
-          issuer: 'https://localhost:3443/',
-          name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
-        }
-      )
-    else
-      OpenStruct.new(name: provider.to_s, app_id: 'app_id', app_secret: 'app_secret')
-    end
-  end
-
  def stub_omniauth_config(provider)
    OmniAuth.config.add_mock(provider, OmniAuth::AuthHash.new({ provider: provider.to_s, uid: "12345" }))
    Rails.application.env_config['devise.mapping'] = Devise.mappings[:user]
@@ -32,43 +15,10 @@ feature 'OAuth Login', feature: true, js: true do
  providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2,
               :facebook, :authentiq, :cas3, :auth0]

-  before do
+  before(:all) do
    OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(/#{request['REQUEST_PATH']}.*/, '') }
-
-    messages = {
-      enabled: true,
-      allow_single_sign_on: providers.map(&:to_s),
-      auto_link_saml_user: true,
-      providers: providers.map { |provider| provider_config(provider) }
-    }
-
-    allow(Gitlab.config.omniauth).to receive_messages(messages)
  end

-  # context 'logging in via OAuth' do
-  #   def saml_config
-
-  #   end
-  #   def stub_omniauth_config(messages)
-  #     Rails.application.env_config['devise.mapping'] = Devise.mappings[:user]
-  #     Rails.application.routes.disable_clear_and_finalize = true
-  #     Rails.application.routes.draw do
-  #       post '/users/auth/saml' => 'omniauth_callbacks#saml'
-  #     end
-  #     allow(Gitlab::OAuth::Provider).to receive_messages(providers: [:saml], config_for: saml_config)
-  #     allow(Gitlab.config.omniauth).to receive_messages(messages)
-  #     expect_any_instance_of(Object).to receive(:omniauth_authorize_path).with(:user, "saml").and_return('/users/auth/saml')
-  #   end
-  #   it 'shows 2FA prompt after OAuth login' do
-  #     stub_omniauth_config(enabled: true, auto_link_saml_user: true, allow_single_sign_on: ['saml'], providers: [saml_config])
-  #     user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: 'saml')
-  #     login_via('saml', user, 'my-uid')
-  #     expect(page).to have_content('Two-Factor Authentication')
-  #     enter_code(user.current_otp)
-  #     expect(current_path).to eq root_path
-  #   end
-  # end
-
  providers.each do |provider|
    context "when the user logs in using the #{provider} provider" do
      context "when two-factor authentication is disabled" do