Added tests for 2FA check on OAuth request

1 files changed, 21 insertions, 5 deletions

diff --git a/spec/features/login_spec.rb b/spec/features/login_spec.rb
index 72b5ff231f7..c3dfe343052 100644
--- a/spec/features/login_spec.rb
+++ b/spec/features/login_spec.rb
@@ -28,6 +28,11 @@ feature 'Login', feature: true do
   end
 
   describe 'with two-factor authentication' do
+    def enter_code(code)
+      fill_in 'Two-Factor Authentication code', with: code
+      click_button 'Verify code'
+    end
+
     context 'with valid username/password' do
       let(:user) { create(:user, :two_factor) }
 
@@ -36,11 +41,6 @@ feature 'Login', feature: true do
         expect(page).to have_content('Two-Factor Authentication')
       end
 
-      def enter_code(code)
-        fill_in 'Two-Factor Authentication code', with: code
-        click_button 'Verify code'
-      end
-
       it 'does not show a "You are already signed in." error message' do
         enter_code(user.current_otp)
         expect(page).not_to have_content('You are already signed in.')
@@ -108,6 +108,22 @@ feature 'Login', feature: true do
         end
       end
     end
+
+    context 'logging in via OAuth' do
+      def stub_omniauth_config(messages)
+        allow(Gitlab.config.omniauth).to receive_messages(messages)
+      end
+
+      it 'should show 2FA prompt after OAuth login' do
+        user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: 'saml')
+        stub_omniauth_config(enabled: true, auto_link_saml_user: true, allow_single_sign_on: ['saml'], providers: [OpenStruct.new(name: 'saml', label: 'saml', args: {})])
+        login_via('saml', user, 'my-uid')
+
+        expect(page).to have_content('Two-Factor Authentication')
+        enter_code(user.current_otp)
+        expect(current_path).to eq root_path
+      end
+    end
   end
 
   describe 'without two-factor authentication' do