TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19882 Commits
139 Branches
203 Tags
1.2 GiB
Tag: Branch: Tree: 7f90c307de
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7f90c307de'
${ noResults }
openproject/spec/controllers/concerns/omniauth_login_spec.rb

503 lines
16 KiB
Raw Normal View History Unescape

Move omniauth-related AccountController specs to separate file
11 years ago
#-- copyright
# OpenProject is a project management system.
Update year in copyright header to 2015 [ci skip]
10 years ago
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
Move omniauth-related AccountController specs to separate file
11 years ago
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
Add/update Copyright headers in specs [ci skip] Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
Move omniauth-related AccountController specs to separate file
11 years ago
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++
require 'spec_helper'
# Concern is included into AccountController and depends on methods available there
Use 1.9+ Hash syntax in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
describe AccountController, type: :controller do
Omniauth: Add spec testing redirect on disabled self registration
11 years ago
after do
User.current = nil
end
Move omniauth-related AccountController specs to separate file
11 years ago
context 'GET #omniauth_login' do
before do
Omniauth: Add spec testing redirect on disabled self registration
11 years ago
allow(Setting).to receive(:self_registration?).and_return(true)
allow(Setting).to receive(:self_registration).and_return('3')
Move omniauth-related AccountController specs to separate file
11 years ago
end
Omniauth: Add spec testing redirect on disabled self registration
11 years ago
describe 'with on-the-fly registration' do
context 'providing all required fields' do
Move omniauth-related AccountController specs to separate file
11 years ago
let(:omniauth_hash) do
OmniAuth::AuthHash.new(
provider: 'google',
uid: '123545',
info: { name: 'foo',
email: 'foo@bar.com',
first_name: 'foo',
last_name: 'bar'
}
)
end
before do
request.env['omniauth.auth'] = omniauth_hash
request.env['omniauth.origin'] = 'https://example.net/some_back_url'
Omniauth: Return 400 on invalid auth_hash
11 years ago
post :omniauth_login
Move omniauth-related AccountController specs to separate file
11 years ago
end
it 'registers the user on-the-fly' do
user = User.find_by_login('foo@bar.com')
expect(user).to be_an_instance_of(User)
expect(user.auth_source_id).to be_nil
expect(user.current_password).to be_nil
expect(user.identity_url).to eql('google:123545')
Omniauth spec: Check more user fields for being assigned
11 years ago
expect(user.login).to eql('foo@bar.com')
expect(user.firstname).to eql('foo')
expect(user.lastname).to eql('bar')
expect(user.mail).to eql('foo@bar.com')
Move omniauth-related AccountController specs to separate file
11 years ago
end
it 'redirects to the first login page with a back_url' do
expect(response).to redirect_to(
Use 1.9+ Hash syntax in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
my_first_login_path(back_url: 'https://example.net/some_back_url'))
Move omniauth-related AccountController specs to separate file
11 years ago
end
end
Added spec for OmniAuth strategy attribute mapping
10 years ago
describe 'strategy attribute mapping override' do
let(:omniauth_strategy) { double('Google Strategy') }
let(:omniauth_hash) do
OmniAuth::AuthHash.new(
provider: 'google',
uid: 'foo',
info: { email: 'whattheheck@example.com',
first_name: 'what',
last_name: 'theheck'
},
extra: { raw_info: {
real_uid: 'bar@example.org',
first_name: 'foo',
last_name: 'bar'
} }
)
end
before do
request.env['omniauth.auth'] = omniauth_hash
request.env['omniauth.strategy'] = omniauth_strategy
end
context 'available' do
it 'merges the strategy mapping' do
allow(omniauth_strategy).to receive(:omniauth_hash_to_user_attributes) do |auth|
raw_info = auth[:extra][:raw_info]
{
login: raw_info[:real_uid],
firstname: raw_info[:first_name],
lastname: raw_info[:last_name]
}
end
expect(omniauth_strategy).to receive(:omniauth_hash_to_user_attributes)
post :omniauth_login
user = User.find_by_login('bar@example.org')
expect(user).to be_an_instance_of(User)
expect(user.firstname).to eql('foo')
expect(user.lastname).to eql('bar')
end
end
context 'unavailable' do
it 'keeps the default mapping' do
post :omniauth_login
user = User.find_by_login('whattheheck@example.com')
expect(user).to be_an_instance_of(User)
expect(user.firstname).to eql('what')
expect(user.lastname).to eql('theheck')
end
end
end
honor timestamp in auth_hash
11 years ago
context 'not providing all required fields' do
Move omniauth-related AccountController specs to separate file
11 years ago
let(:omniauth_hash) do
OmniAuth::AuthHash.new(
provider: 'google',
uid: '123545',
info: { name: 'foo', email: 'foo@bar.com' }
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
# first_name and last_name not set
Move omniauth-related AccountController specs to separate file
11 years ago
)
end
it 'renders user form' do
request.env['omniauth.auth'] = omniauth_hash
Omniauth: Return 400 on invalid auth_hash
11 years ago
post :omniauth_login
Move omniauth-related AccountController specs to separate file
11 years ago
expect(response).to render_template :register
Omniauth spec: Check more user fields for being assigned
11 years ago
expect(assigns(:user).mail).to eql('foo@bar.com')
Move omniauth-related AccountController specs to separate file
11 years ago
end
it 'registers user via post' do
Omniauth: Add after_login, remove on_success After a successfull login seems to be a much clearer description of when the callback will be executed than "on successful authorization". E.g. it's not clear whether ending up on the registration page also indicates successful authorization (which it does in the OmniAuth sense, but not in the OpenProject sense). The after login callback is called each time a user is logged in, no matter whether that happens via regular Omniauth login or after completing the registration process and being automatically logged in (when automated account activation is enabled).
10 years ago
expect(OpenProject::OmniAuth::Authorization).to receive(:after_login!) do |user, auth_hash|
pass auth_hash to #on_success. Call it upon bumpy registration too.
10 years ago
new_user = User.find_by_login('login@bar.com')
expect(user).to eq new_user
Omniauth: Add after_login, remove on_success After a successfull login seems to be a much clearer description of when the callback will be executed than "on successful authorization". E.g. it's not clear whether ending up on the registration page also indicates successful authorization (which it does in the OmniAuth sense, but not in the OpenProject sense). The after login callback is called each time a user is logged in, no matter whether that happens via regular Omniauth login or after completing the registration process and being automatically logged in (when automated account activation is enabled).
10 years ago
expect(auth_hash).to include(omniauth_hash)
pass auth_hash to #on_success. Call it upon bumpy registration too.
10 years ago
end
Move omniauth-related AccountController specs to separate file
11 years ago
auth_source_registration = omniauth_hash.merge(
omniauth: true,
timestamp: Time.new)
session[:auth_source_registration] = auth_source_registration
Use 1.9+ Hash syntax in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
post :register, user: { login: 'login@bar.com',
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
firstname: 'Foo',
lastname: 'Smith',
mail: 'foo@bar.com' }
Move omniauth-related AccountController specs to separate file
11 years ago
expect(response).to redirect_to my_first_login_path
Account/register: Show login field when registering via Omniauth There's no reason to prevent a user from changing their login, it might actually be required if the login has already been taken.
11 years ago
user = User.find_by_login('login@bar.com')
Move omniauth-related AccountController specs to separate file
11 years ago
expect(user).to be_an_instance_of(User)
expect(user.auth_source_id).to be_nil
expect(user.current_password).to be_nil
expect(user.identity_url).to eql('google:123545')
end
honor timestamp in auth_hash
11 years ago
context 'after a timeout expired' do
before do
session[:auth_source_registration] = omniauth_hash.merge(
omniauth: true,
timestamp: Time.new - 42.days)
end
it 'does not register the user when providing all the missing fields' do
Use 1.9+ Hash syntax in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
post :register, user: { firstname: 'Foo',
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
lastname: 'Smith',
mail: 'foo@bar.com' }
honor timestamp in auth_hash
11 years ago
expect(response).to redirect_to signin_path
expect(flash[:error]).to eq(I18n.t(:error_omniauth_registration_timed_out))
expect(User.find_by_login('foo@bar.com')).to be_nil
end
it 'does not register the user when providing all the missing fields' do
Use 1.9+ Hash syntax in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
post :register, user: { firstname: 'Foo',
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
# lastname intentionally not provided
mail: 'foo@bar.com' }
honor timestamp in auth_hash
11 years ago
expect(response).to redirect_to signin_path
expect(flash[:error]).to eq(I18n.t(:error_omniauth_registration_timed_out))
expect(User.find_by_login('foo@bar.com')).to be_nil
end
end
Move omniauth-related AccountController specs to separate file
11 years ago
end
Omniauth: Add spec testing redirect on disabled self registration
11 years ago
context 'with self-registration disabled' do
let(:omniauth_hash) do
OmniAuth::AuthHash.new(
provider: 'google',
uid: '123',
info: { name: 'foo',
email: 'foo@bar.com',
first_name: 'foo',
last_name: 'bar'
}
)
end
before do
allow(Setting).to receive(:self_registration?).and_return(false)
request.env['omniauth.auth'] = omniauth_hash
request.env['omniauth.origin'] = 'https://example.net/some_back_url'
Omniauth: Return 400 on invalid auth_hash
11 years ago
post :omniauth_login
Omniauth: Add spec testing redirect on disabled self registration
11 years ago
end
it 'redirects to signin_path' do
expect(response).to redirect_to signin_path
end
Show error on attempt to register with disabled self registration This happens for normal registration as well as registration via omniauth. This also changes the redirect to not go to / and go to signin_url instead.
11 years ago
it 'shows the right flash message' do
expect(flash[:error]).to eq(I18n.t('account.error_self_registration_disabled'))
end
Omniauth: Add spec testing redirect on disabled self registration
11 years ago
end
Move omniauth-related AccountController specs to separate file
11 years ago
end
describe 'login' do
let(:omniauth_hash) do
OmniAuth::AuthHash.new(
provider: 'google',
uid: '123545',
info: { name: 'foo',
OmniAuth Authorization API
10 years ago
last_name: 'bar',
Move omniauth-related AccountController specs to separate file
11 years ago
email: 'foo@bar.com'
}
)
end
Fix flash message shown when an account is inactive Show different messages depending on whether the user is locked or registered. In the latter case, also show different messages depending on the self_registration setting (manual activation vs. mail).
11 years ago
let(:user) do
FactoryGirl.build(:user, force_password_change: false,
identity_url: 'google:123545')
end
before do
Move omniauth-related AccountController specs to separate file
11 years ago
request.env['omniauth.auth'] = omniauth_hash
end
Fix flash message shown when an account is inactive Show different messages depending on whether the user is locked or registered. In the latter case, also show different messages depending on the self_registration setting (manual activation vs. mail).
11 years ago
context 'with an active account' do
log last login for omniauth too added tests
11 years ago
before do
Fix flash message shown when an account is inactive Show different messages depending on whether the user is locked or registered. In the latter case, also show different messages depending on the self_registration setting (manual activation vs. mail).
11 years ago
user.save!
log last login for omniauth too added tests
11 years ago
end
it 'should sign in the user after successful external authentication' do
Fix flash message shown when an account is inactive Show different messages depending on whether the user is locked or registered. In the latter case, also show different messages depending on the self_registration setting (manual activation vs. mail).
11 years ago
post :omniauth_login
expect(response).to redirect_to my_page_path
end
log last login for omniauth too added tests
11 years ago
fixed typo in comment
11 years ago
it 'should log a successful login' do
log last login for omniauth too added tests
11 years ago
post_at = Time.now.utc
post :omniauth_login
user.reload
expect(user.last_login_on.utc.to_i).to be >= post_at.utc.to_i
end
OmniAuth Authorization API
10 years ago
describe 'authorization' do
let(:config) do
Struct.new(:google_name, :global_email).new 'foo', 'foo@bar.com'
end
before do
OpenProject::OmniAuth::Authorization.callbacks.clear
# Let's set up a couple of authorization callbacks to see if the mechanism
# works as intended.
do not pass user into authorization callback
10 years ago
OpenProject::OmniAuth::Authorization.authorize_user provider: :google do |dec, auth|
OmniAuth Authorization API
10 years ago
if auth.info.name == config.google_name
dec.approve
else
dec.reject "#{auth.info.name} can fuck right off"
end
end
do not pass user into authorization callback
10 years ago
OpenProject::OmniAuth::Authorization.authorize_user do |dec, auth|
if auth.info.email == config.global_email
OmniAuth Authorization API
10 years ago
dec.approve
else
dec.reject "I only want to see #{config[:global_email]} here."
end
end
# ineffective callback
do not pass user into authorization callback
10 years ago
OpenProject::OmniAuth::Authorization.authorize_user provider: :foobar do |dec, _|
OmniAuth Authorization API
10 years ago
dec.reject 'Though shalt not pass!'
end
# free for all callback
do not pass user into authorization callback
10 years ago
OpenProject::OmniAuth::Authorization.authorize_user do |dec, _|
OmniAuth Authorization API
10 years ago
dec.approve
end
end
after do
OpenProject::OmniAuth::Authorization.callbacks.clear
end
it 'works' do
Omniauth: Add after_login, remove on_success After a successfull login seems to be a much clearer description of when the callback will be executed than "on successful authorization". E.g. it's not clear whether ending up on the registration page also indicates successful authorization (which it does in the OmniAuth sense, but not in the OpenProject sense). The after login callback is called each time a user is logged in, no matter whether that happens via regular Omniauth login or after completing the registration process and being automatically logged in (when automated account activation is enabled).
10 years ago
expect(OpenProject::OmniAuth::Authorization).to receive(:after_login!) do |u, auth|
pass auth_hash to #on_success. Call it upon bumpy registration too.
10 years ago
expect(u).to eq user
expect(auth).to eq omniauth_hash
end
on_success callback for Authorization
10 years ago
OmniAuth Authorization API
10 years ago
post :omniauth_login
expect(response).to redirect_to my_page_path
end
context 'with wrong email address' do
before do
config.global_email = 'other@mail.com'
end
it 'is rejected against google' do
Omniauth: Add after_login, remove on_success After a successfull login seems to be a much clearer description of when the callback will be executed than "on successful authorization". E.g. it's not clear whether ending up on the registration page also indicates successful authorization (which it does in the OmniAuth sense, but not in the OpenProject sense). The after login callback is called each time a user is logged in, no matter whether that happens via regular Omniauth login or after completing the registration process and being automatically logged in (when automated account activation is enabled).
10 years ago
expect(OpenProject::OmniAuth::Authorization).not_to receive(:after_login!).with(user)
on_success callback for Authorization
10 years ago
OmniAuth Authorization API
10 years ago
post :omniauth_login
expect(response).to redirect_to signin_path
expect(flash[:error]).to eq 'I only want to see other@mail.com here.'
end
it 'is rejected against any other provider too' do
Omniauth: Add after_login, remove on_success After a successfull login seems to be a much clearer description of when the callback will be executed than "on successful authorization". E.g. it's not clear whether ending up on the registration page also indicates successful authorization (which it does in the OmniAuth sense, but not in the OpenProject sense). The after login callback is called each time a user is logged in, no matter whether that happens via regular Omniauth login or after completing the registration process and being automatically logged in (when automated account activation is enabled).
10 years ago
expect(OpenProject::OmniAuth::Authorization).not_to receive(:after_login!).with(user)
on_success callback for Authorization
10 years ago
OmniAuth Authorization API
10 years ago
omniauth_hash.provider = 'any other'
post :omniauth_login
expect(response).to redirect_to signin_path
expect(flash[:error]).to eq 'I only want to see other@mail.com here.'
end
end
context 'with the wrong name' do
render_views
before do
config.google_name = 'hans'
end
it 'is rejected against google' do
Omniauth: Add after_login, remove on_success After a successfull login seems to be a much clearer description of when the callback will be executed than "on successful authorization". E.g. it's not clear whether ending up on the registration page also indicates successful authorization (which it does in the OmniAuth sense, but not in the OpenProject sense). The after login callback is called each time a user is logged in, no matter whether that happens via regular Omniauth login or after completing the registration process and being automatically logged in (when automated account activation is enabled).
10 years ago
expect(OpenProject::OmniAuth::Authorization).not_to receive(:after_login!).with(user)
on_success callback for Authorization
10 years ago
OmniAuth Authorization API
10 years ago
post :omniauth_login
expect(response).to redirect_to signin_path
expect(flash[:error]).to eq 'foo can fuck right off'
end
it 'is approved against any other provider' do
Omniauth: Add after_login, remove on_success After a successfull login seems to be a much clearer description of when the callback will be executed than "on successful authorization". E.g. it's not clear whether ending up on the registration page also indicates successful authorization (which it does in the OmniAuth sense, but not in the OpenProject sense). The after login callback is called each time a user is logged in, no matter whether that happens via regular Omniauth login or after completing the registration process and being automatically logged in (when automated account activation is enabled).
10 years ago
expect(OpenProject::OmniAuth::Authorization).to receive(:after_login!) do |u|
on_success callback for Authorization
10 years ago
new_user = User.find_by_identity_url 'some other:123545'
expect(u).to eq new_user
end
OmniAuth Authorization API
10 years ago
omniauth_hash.provider = 'some other'
post :omniauth_login
expect(response).to redirect_to my_first_login_path
# authorization is successful which results in the registration
# of a new user in this case because we changed the provider
corrected/clarified comment
10 years ago
# and there isn't a user with that identity URL yet ...
OmniAuth Authorization API
10 years ago
end
# ... and to confirm that, here's what happens when the authorization fails
it 'is rejected against any other provider with the wrong email' do
Omniauth: Add after_login, remove on_success After a successfull login seems to be a much clearer description of when the callback will be executed than "on successful authorization". E.g. it's not clear whether ending up on the registration page also indicates successful authorization (which it does in the OmniAuth sense, but not in the OpenProject sense). The after login callback is called each time a user is logged in, no matter whether that happens via regular Omniauth login or after completing the registration process and being automatically logged in (when automated account activation is enabled).
10 years ago
expect(OpenProject::OmniAuth::Authorization).not_to receive(:after_login!).with(user)
on_success callback for Authorization
10 years ago
OmniAuth Authorization API
10 years ago
omniauth_hash.provider = 'yet another'
config.global_email = 'yarrrr@joro.es'
post :omniauth_login
expect(response).to redirect_to signin_path
expect(flash[:error]).to eq 'I only want to see yarrrr@joro.es here.'
end
end
end
Fix flash message shown when an account is inactive Show different messages depending on whether the user is locked or registered. In the latter case, also show different messages depending on the self_registration setting (manual activation vs. mail).
11 years ago
end
context 'with a registered and not activated accout' do
before do
user.register
user.save!
with_settings(self_registration: '1') do
post :omniauth_login
end
end
it 'should show an error about a not activated account' do
expect(flash[:error]).to eql(I18n.t('account.error_inactive_manual_activation'))
end
it 'should redirect to signin_path' do
expect(response).to redirect_to signin_path
end
end
context 'with a locked account' do
before do
user.lock
user.save!
# Make sure we don't get a specific message when brute-force protection is enabled
with_settings(brute_force_block_after_failed_logins: '0') do
post :omniauth_login
end
end
it 'should show an error indicating a failed login' do
expect(flash[:error]).to eql(I18n.t(:notice_account_invalid_credentials))
end
it 'should redirect to signin_path' do
expect(response).to redirect_to signin_path
end
end
Move omniauth-related AccountController specs to separate file
11 years ago
end
Omniauth: Return 400 on invalid auth_hash
11 years ago
describe 'with an invalid auth_hash' do
let(:omniauth_hash) do
OmniAuth::AuthHash.new(
provider: 'google',
# id is deliberately missing here to make the auth_hash invalid
info: { name: 'foo',
email: 'foo@bar.com'
}
)
end
before do
request.env['omniauth.auth'] = omniauth_hash
post :omniauth_login
end
it 'should respond with a 400' do
expect(response.code.to_i).to eql(400)
end
it 'should not sign in the user' do
Convert specs to RSpec 2.99.0.beta2 syntax with Transpec This conversion is done by Transpec 1.10.4 with the following command: transpec * 402 conversions from: it { should ... } to: it { is_expected.to ... } * 67 conversions from: be_true to: be_truthy * 55 conversions from: be_false to: be_falsey * 35 conversions from: it { should_not ... } to: it { is_expected.not_to ... } * 20 conversions from: == expected to: eq(expected) * 5 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 4 conversions from: =~ /pattern/ to: match(/pattern/) * 1 conversion from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 1 conversion from: Klass.any_instance.stub(:message) to: allow_any_instance_of(Klass).to receive(:message) * 1 conversion from: after { example } to: after { |example| example } * 1 conversion from: pending to: skip
11 years ago
expect(controller.send(:current_user).logged?).to be_falsey
Omniauth: Return 400 on invalid auth_hash
11 years ago
end
it 'does not set registration information in the session' do
expect(session[:auth_source_registration]).to be_nil
end
end
Move omniauth-related AccountController specs to separate file
11 years ago
describe 'Error occurs during authentication' do
it 'should redirect to login page' do
Omniauth: Return 400 on invalid auth_hash
11 years ago
post :omniauth_failure
Move omniauth-related AccountController specs to separate file
11 years ago
expect(response).to redirect_to signin_path
end
it 'should log a warn message' do
expect(Rails.logger).to receive(:warn).with('invalid_credentials')
Omniauth: Return 400 on invalid auth_hash
11 years ago
post :omniauth_failure, message: 'invalid_credentials'
Move omniauth-related AccountController specs to separate file
11 years ago
end
end
end
describe '#identity_url_from_omniauth' do
let(:omniauth_hash) { { provider: 'developer', uid: 'veryuniqueid' } }
it 'should return the correct identity_url' do
result = AccountController.new.send(:identity_url_from_omniauth, omniauth_hash)
expect(result).to eql('developer:veryuniqueid')
end
end
end