diff options
| author | Robert Speicher <robert@gitlab.com> | 2016-07-12 20:53:09 +0000 |
|---|---|---|
| committer | Robert Speicher <robert@gitlab.com> | 2016-07-12 20:53:09 +0000 |
| commit | 488a7f5976264975c7e418674e52fb08db82bce7 (patch) | |
| tree | 93f3052d2b7249c182a22d6d73dc245bf76e622a /spec/features | |
| parent | bd7d6124524e0a2222f7837b27857b363b34729f (diff) | |
| parent | 24cf6b9f62a312c010c9479fd6155f7c72099979 (diff) | |
| download | gitlab-ce-488a7f5976264975c7e418674e52fb08db82bce7.tar.gz | |
Merge branch 'add-2fa-check-to-oauth' into 'master'
Add 2FA check to the OAuth authentication mechanism
Needed for https://gitlab.com/gitlab-org/gitlab-ce/issues/19312
2FA checks were not being performed when logging in via any of the OAuth providers. Just LDAP had the check. This MR fixes that.
See merge request !1976
Diffstat (limited to 'spec/features')
| -rw-r--r-- | spec/features/login_spec.rb | 43 |
1 files changed, 38 insertions, 5 deletions
diff --git a/spec/features/login_spec.rb b/spec/features/login_spec.rb index 72b5ff231f7..58753ff21f6 100644 --- a/spec/features/login_spec.rb +++ b/spec/features/login_spec.rb @@ -28,6 +28,11 @@ feature 'Login', feature: true do end describe 'with two-factor authentication' do + def enter_code(code) + fill_in 'Two-Factor Authentication code', with: code + click_button 'Verify code' + end + context 'with valid username/password' do let(:user) { create(:user, :two_factor) } @@ -36,11 +41,6 @@ feature 'Login', feature: true do expect(page).to have_content('Two-Factor Authentication') end - def enter_code(code) - fill_in 'Two-Factor Authentication code', with: code - click_button 'Verify code' - end - it 'does not show a "You are already signed in." error message' do enter_code(user.current_otp) expect(page).not_to have_content('You are already signed in.') @@ -108,6 +108,39 @@ feature 'Login', feature: true do end end end + + context 'logging in via OAuth' do + def saml_config + OpenStruct.new(name: 'saml', label: 'saml', args: { + assertion_consumer_service_url: 'https://localhost:3443/users/auth/saml/callback', + idp_cert_fingerprint: '26:43:2C:47:AF:F0:6B:D0:07:9C:AD:A3:74:FE:5D:94:5F:4E:9E:52', + idp_sso_target_url: 'https://idp.example.com/sso/saml', + issuer: 'https://localhost:3443/', + name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' + }) + end + + def stub_omniauth_config(messages) + Rails.application.env_config['devise.mapping'] = Devise.mappings[:user] + Rails.application.routes.disable_clear_and_finalize = true + Rails.application.routes.draw do + post '/users/auth/saml' => 'omniauth_callbacks#saml' + end + allow(Gitlab::OAuth::Provider).to receive_messages(providers: [:saml], config_for: saml_config) + allow(Gitlab.config.omniauth).to receive_messages(messages) + allow_any_instance_of(Object).to receive(:user_omniauth_authorize_path).with('saml').and_return('/users/auth/saml') + end + + it 'should show 2FA prompt after OAuth login' do + stub_omniauth_config(enabled: true, auto_link_saml_user: true, allow_single_sign_on: ['saml'], providers: [saml_config]) + user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: 'saml') + login_via('saml', user, 'my-uid') + + expect(page).to have_content('Two-Factor Authentication') + enter_code(user.current_otp) + expect(current_path).to eq root_path + end + end end describe 'without two-factor authentication' do |