diff options
| author | Marcia Ramos <virtua.creative@gmail.com> | 2019-04-10 17:05:46 +0100 |
|---|---|---|
| committer | Marcia Ramos <virtua.creative@gmail.com> | 2019-04-10 17:05:46 +0100 |
| commit | cbd6841cac8185f181a5dcec33704f6e7c040732 (patch) | |
| tree | 423bbc4fb873ab51590d0be4ae594769c80b739b /spec/models/application_setting_spec.rb | |
| parent | 3402f8c817e9798eed9d86555f3f85fd10f49abf (diff) | |
| parent | 490b31f740d23b54a62588cd9fd0e0cf7fdd9370 (diff) | |
| download | gitlab-ce-docs-pages-intro.tar.gz | |
Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into docs-pages-introdocs-pages-intro
Diffstat (limited to 'spec/models/application_setting_spec.rb')
| -rw-r--r-- | spec/models/application_setting_spec.rb | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb index c81572d739e..c7d7dbac736 100644 --- a/spec/models/application_setting_spec.rb +++ b/spec/models/application_setting_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe ApplicationSetting do - let(:setting) { described_class.create_from_defaults } + subject(:setting) { described_class.create_from_defaults } it { include(CacheableAttributes) } it { include(ApplicationSettingImplementation) } @@ -284,6 +284,52 @@ describe ApplicationSetting do expect(subject).to be_valid end end + + describe 'when external authorization service is enabled' do + before do + setting.external_authorization_service_enabled = true + end + + it { is_expected.not_to allow_value('not a URL').for(:external_authorization_service_url) } + it { is_expected.to allow_value('https://example.com').for(:external_authorization_service_url) } + it { is_expected.to allow_value('').for(:external_authorization_service_url) } + it { is_expected.not_to allow_value(nil).for(:external_authorization_service_default_label) } + it { is_expected.not_to allow_value(11).for(:external_authorization_service_timeout) } + it { is_expected.not_to allow_value(0).for(:external_authorization_service_timeout) } + it { is_expected.not_to allow_value('not a certificate').for(:external_auth_client_cert) } + it { is_expected.to allow_value('').for(:external_auth_client_cert) } + it { is_expected.to allow_value('').for(:external_auth_client_key) } + + context 'when setting a valid client certificate for external authorization' do + let(:certificate_data) { File.read('spec/fixtures/passphrase_x509_certificate.crt') } + + before do + setting.external_auth_client_cert = certificate_data + end + + it 'requires a valid client key when a certificate is set' do + expect(setting).not_to allow_value('fefefe').for(:external_auth_client_key) + end + + it 'requires a matching certificate' do + other_private_key = File.read('spec/fixtures/x509_certificate_pk.key') + + expect(setting).not_to allow_value(other_private_key).for(:external_auth_client_key) + end + + it 'the credentials are valid when the private key can be read and matches the certificate' do + tls_attributes = [:external_auth_client_key_pass, + :external_auth_client_key, + :external_auth_client_cert] + setting.external_auth_client_key = File.read('spec/fixtures/passphrase_x509_certificate_pk.key') + setting.external_auth_client_key_pass = '5iveL!fe' + + setting.validate + + expect(setting.errors).not_to include(*tls_attributes) + end + end + end end context 'restrict creating duplicates' do |