user_spec.rb 5.97 KB
Newer Older
1 2
require 'spec_helper'

Douwe Maan's avatar
Douwe Maan committed
3
describe Gitlab::LDAP::User, lib: true do
4 5
  let(:ldap_user) { Gitlab::LDAP::User.new(auth_hash) }
  let(:gl_user) { ldap_user.gl_user }
6
  let(:info) do
7
    {
8
      name: 'John',
9
      email: 'john@example.com',
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
10
      nickname: 'john'
11 12 13
    }
  end
  let(:auth_hash) do
Douwe Maan's avatar
Douwe Maan committed
14
    OmniAuth::AuthHash.new(uid: 'my-uid', provider: 'ldapmain', info: info)
15
  end
Drew Blessing's avatar
Drew Blessing committed
16 17 18 19 20 21 22 23 24 25 26
  let(:ldap_user_upper_case) { Gitlab::LDAP::User.new(auth_hash_upper_case) }
  let(:info_upper_case) do
    {
      name: 'John',
      email: 'John@Example.com', # Email address has upper case chars
      nickname: 'john'
    }
  end
  let(:auth_hash_upper_case) do
    OmniAuth::AuthHash.new(uid: 'my-uid', provider: 'ldapmain', info: info_upper_case)
  end
27

28 29
  describe :changed? do
    it "marks existing ldap user as changed" do
30
      create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain')
31
      expect(ldap_user.changed?).to be_truthy
32 33 34
    end

    it "marks existing non-ldap user if the email matches as changed" do
35
      create(:user, email: 'john@example.com')
36
      expect(ldap_user.changed?).to be_truthy
37 38 39
    end

    it "dont marks existing ldap user as changed" do
40
      create(:omniauth_user, email: 'john@example.com', extern_uid: 'my-uid', provider: 'ldapmain', ldap_email: true)
41
      expect(ldap_user.changed?).to be_falsey
42 43 44
    end
  end

45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
  describe '.find_by_uid_and_provider' do
    it 'retrieves the correct user' do
      special_info = {
        name: 'John Åström',
        email: 'john@example.com',
        nickname: 'jastrom'
      }
      special_hash = OmniAuth::AuthHash.new(uid: 'CN=John Åström,CN=Users,DC=Example,DC=com', provider: 'ldapmain', info: special_info)
      special_chars_user = described_class.new(special_hash)
      user = special_chars_user.save

      expect(described_class.find_by_uid_and_provider(special_hash.uid, special_hash.provider)).to eq user
    end
  end

60 61
  describe :find_or_create do
    it "finds the user if already existing" do
62
      create(:omniauth_user, extern_uid: 'my-uid', provider: 'ldapmain')
63

64
      expect{ ldap_user.save }.not_to change{ User.count }
65 66
    end

67
    it "connects to existing non-ldap user if the email matches" do
Valery Sizov's avatar
Valery Sizov committed
68
      existing_user = create(:omniauth_user, email: 'john@example.com', provider: "twitter")
69
      expect{ ldap_user.save }.not_to change{ User.count }
70 71

      existing_user.reload
72 73
      expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
      expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
74 75
    end

76 77 78 79 80 81 82
    it 'connects to existing ldap user if the extern_uid changes' do
      existing_user = create(:omniauth_user, email: 'john@example.com', extern_uid: 'old-uid', provider: 'ldapmain')
      expect{ ldap_user.save }.not_to change{ User.count }

      existing_user.reload
      expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
      expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
Drew Blessing's avatar
Drew Blessing committed
83 84 85 86 87 88 89 90 91 92
      expect(existing_user.id).to eql ldap_user.gl_user.id
    end

    it 'connects to existing ldap user if the extern_uid changes and email address has upper case characters' do
      existing_user = create(:omniauth_user, email: 'john@example.com', extern_uid: 'old-uid', provider: 'ldapmain')
      expect{ ldap_user_upper_case.save }.not_to change{ User.count }

      existing_user.reload
      expect(existing_user.ldap_identity.extern_uid).to eql 'my-uid'
      expect(existing_user.ldap_identity.provider).to eql 'ldapmain'
93 94 95 96 97 98 99 100 101 102 103 104 105 106 107
      expect(existing_user.id).to eql ldap_user.gl_user.id
    end

    it 'maintains an identity per provider' do
      existing_user = create(:omniauth_user, email: 'john@example.com', provider: 'twitter')
      expect(existing_user.identities.count).to eql(1)

      ldap_user.save
      expect(ldap_user.gl_user.identities.count).to eql(2)

      # Expect that find_by provider only returns a single instance of an identity and not an Enumerable
      expect(ldap_user.gl_user.identities.find_by(provider: 'twitter')).to be_instance_of Identity
      expect(ldap_user.gl_user.identities.find_by(provider: auth_hash.provider)).to be_instance_of Identity
    end

108
    it "creates a new user if not found" do
109 110 111 112
      expect{ ldap_user.save }.to change{ User.count }.by(1)
    end
  end

113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138
  describe 'updating email' do
    context "when LDAP sets an email" do
      it "has a real email" do
        expect(ldap_user.gl_user.email).to eq(info[:email])
      end

      it "has ldap_email set to true" do
        expect(ldap_user.gl_user.ldap_email?).to be(true)
      end
    end

    context "when LDAP doesn't set an email" do
      before do
        info.delete(:email)
      end

      it "has a temp email" do
        expect(ldap_user.gl_user.temp_oauth_email?).to be(true)
      end

      it "has ldap_email set to false" do
        expect(ldap_user.gl_user.ldap_email?).to be(false)
      end
    end
  end

139
  describe 'blocking' do
140 141 142 143 144
    def configure_block(value)
      allow_any_instance_of(Gitlab::LDAP::Config).
        to receive(:block_auto_created_users).and_return(value)
    end

145 146
    context 'signup' do
      context 'dont block on create' do
147
        before { configure_block(false) }
148 149 150 151 152 153 154 155 156

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).not_to be_blocked
        end
      end

      context 'block on create' do
157
        before { configure_block(true) }
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).to be_blocked
        end
      end
    end

    context 'sign-in' do
      before do
        ldap_user.save
        ldap_user.gl_user.activate
      end

      context 'dont block on create' do
174
        before { configure_block(false) }
175 176 177 178 179 180 181 182 183

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).not_to be_blocked
        end
      end

      context 'block on create' do
184
        before { configure_block(true) }
185 186 187 188 189 190 191

        it do
          ldap_user.save
          expect(gl_user).to be_valid
          expect(gl_user).not_to be_blocked
        end
      end
192 193 194
    end
  end
end