diff options
Diffstat (limited to 'spec/features/users')
| -rw-r--r-- | spec/features/users/login_spec.rb | 35 | 
1 files changed, 28 insertions, 7 deletions
| diff --git a/spec/features/users/login_spec.rb b/spec/features/users/login_spec.rb index 1f8d31a5c88..24a2c89f50b 100644 --- a/spec/features/users/login_spec.rb +++ b/spec/features/users/login_spec.rb @@ -177,14 +177,35 @@ feature 'Login' do      end      context 'logging in via OAuth' do -      it 'shows 2FA prompt after OAuth login' do -        stub_omniauth_saml_config(enabled: true, auto_link_saml_user: true, allow_single_sign_on: ['saml'], providers: [mock_saml_config]) -        user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: 'saml') -        gitlab_sign_in_via('saml', user, 'my-uid') +      let(:user) { create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: 'saml')} +      let(:mock_saml_response) do +        File.read('spec/fixtures/authentication/saml_response.xml') +      end -        expect(page).to have_content('Two-Factor Authentication') -        enter_code(user.current_otp) -        expect(current_path).to eq root_path +      before do +        stub_omniauth_saml_config(enabled: true, auto_link_saml_user: true, allow_single_sign_on: ['saml'], +                                  providers: [mock_saml_config_with_upstream_two_factor_authn_contexts]) +        gitlab_sign_in_via('saml', user, 'my-uid', mock_saml_response) +      end + +      context 'when authn_context is worth two factors' do +        let(:mock_saml_response) do +          File.read('spec/fixtures/authentication/saml_response.xml') +              .gsub('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS') +        end + +        it 'signs user in without prompting for second factor' do +          expect(page).not_to have_content('Two-Factor Authentication') +          expect(current_path).to eq root_path +        end +      end + +      context 'when authn_context is not worth two factors' do +        it 'shows 2FA prompt after OAuth login' do +          expect(page).to have_content('Two-Factor Authentication') +          enter_code(user.current_otp) +          expect(current_path).to eq root_path +        end        end      end    end | 
