summaryrefslogtreecommitdiff
path: root/spec
diff options
context:
space:
mode:
authorBob Van Landuyt <bob@vanlanduyt.co>2018-05-11 09:35:27 +0200
committerBob Van Landuyt <bob@vanlanduyt.co>2018-05-11 14:27:22 +0200
commitf25e00bc1e2ece94189cffbc3ffdda6588084cb3 (patch)
tree94f4e2ccd6184f9e16ff18150ea26f92e96e8da3 /spec
parent35816eb7be76aa1a26dcf2f9cfeddf7c60b2da26 (diff)
downloadgitlab-ce-f25e00bc1e2ece94189cffbc3ffdda6588084cb3.tar.gz
Enforce terms acceptance before other requirements
This prevents a redirect loop when a user has to enable 2FA and accept the terms. Now they will need to accept the terms, then enable 2FA, or any other requirements.
Diffstat (limited to 'spec')
-rw-r--r--spec/features/users/login_spec.rb102
1 files changed, 102 insertions, 0 deletions
diff --git a/spec/features/users/login_spec.rb b/spec/features/users/login_spec.rb
index 94a2b289e64..6f968a2c590 100644
--- a/spec/features/users/login_spec.rb
+++ b/spec/features/users/login_spec.rb
@@ -437,5 +437,107 @@ feature 'Login' do
expect(current_path).to eq(root_path)
end
+
+ context 'when 2FA is required for the user' do
+ before do
+ group = create(:group, require_two_factor_authentication: true)
+ group.add_developer(user)
+ end
+
+ context 'when the user did not enable 2FA' do
+ it 'asks to set 2FA before asking to accept the terms' do
+ visit new_user_session_path
+
+ fill_in 'user_login', with: user.email
+ fill_in 'user_password', with: '12345678'
+
+ click_button 'Sign in'
+
+ expect_to_be_on_terms_page
+ click_button 'Accept terms'
+
+ expect(current_path).to eq(profile_two_factor_auth_path)
+
+ fill_in 'pin_code', with: user.reload.current_otp
+
+ click_button 'Register with two-factor app'
+ click_link 'Proceed'
+
+ expect(current_path).to eq(profile_account_path)
+ end
+ end
+
+ context 'when the user already enabled 2FA' do
+ before do
+ user.update!(otp_required_for_login: true,
+ otp_secret: User.generate_otp_secret(32))
+ end
+
+ it 'asks the user to accept the terms' do
+ visit new_user_session_path
+
+ fill_in 'user_login', with: user.email
+ fill_in 'user_password', with: '12345678'
+ click_button 'Sign in'
+
+ fill_in 'user_otp_attempt', with: user.reload.current_otp
+ click_button 'Verify code'
+
+ expect_to_be_on_terms_page
+ click_button 'Accept terms'
+
+ expect(current_path).to eq(root_path)
+ end
+ end
+ end
+
+ context 'when the users password is expired' do
+ before do
+ user.update!(password_expires_at: Time.parse('2018-05-08 11:29:46 UTC'))
+ end
+
+ it 'asks the user to accept the terms before setting a new password' do
+ visit new_user_session_path
+
+ fill_in 'user_login', with: user.email
+ fill_in 'user_password', with: '12345678'
+ click_button 'Sign in'
+
+ expect_to_be_on_terms_page
+ click_button 'Accept terms'
+
+ expect(current_path).to eq(new_profile_password_path)
+
+ fill_in 'user_current_password', with: '12345678'
+ fill_in 'user_password', with: 'new password'
+ fill_in 'user_password_confirmation', with: 'new password'
+ click_button 'Set new password'
+
+ expect(page).to have_content('Password successfully changed')
+ end
+ end
+
+ context 'when the user does not have an email configured' do
+ let(:user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'saml', email: 'temp-email-for-oauth-user@gitlab.localhost') }
+
+ before do
+ stub_omniauth_saml_config(enabled: true, auto_link_saml_user: true, allow_single_sign_on: ['saml'], providers: [mock_saml_config])
+ end
+
+ it 'asks the user to accept the terms before setting an email' do
+ gitlab_sign_in_via('saml', user, 'my-uid')
+
+ expect_to_be_on_terms_page
+ click_button 'Accept terms'
+
+ expect(current_path).to eq(profile_path)
+
+ fill_in 'Email', with: 'hello@world.com'
+
+ click_button 'Update profile settings'
+
+ expect(page).to have_content('Profile was successfully updated')
+ end
+ end
end
end