#-- copyright # OpenProject is an open source project management software. # Copyright (C) 2012-2021 the OpenProject GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License version 3. # # OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: # Copyright (C) 2006-2013 Jean-Philippe Lang # Copyright (C) 2010-2013 the ChiliProject Team # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # See docs/COPYRIGHT.rdoc for more details. #++ require 'spec_helper' describe ::OpenIDConnect::ProvidersController, type: :controller do let(:user) { FactoryBot.build_stubbed :admin } let(:ee) { true } let(:valid_params) do { name: 'azure', identifier: "IDENTIFIER", secret: "SECRET" } end before do login_as user allow(EnterpriseToken).to receive(:show_banners?).and_return(!ee) end context 'when not ee' do let(:ee) { false } it 'renders upsale' do get :index expect(response.status).to eq 200 expect(response).to render_template 'openid_connect/providers/upsale' end end context 'when not admin' do let(:user) { FactoryBot.build_stubbed :user } it 'renders 403' do get :index expect(response.status).to eq 403 end end context 'when not logged in' do let(:user) { User.anonymous } it 'renders 403' do get :index expect(response.status).to redirect_to(signin_url(back_url: openid_connect_providers_url)) end end describe '#index' do it 'renders the index page' do get :index expect(response).to be_successful expect(response).to render_template 'index' end end describe '#new' do it 'renders the new page' do get :new expect(response).to be_successful expect(assigns[:provider]).to be_new_record expect(response).to render_template 'new' end it 'redirects to the index page if no provider available', with_settings: { plugin_openproject_openid_connect: { "providers" => OpenIDConnect::Provider::ALLOWED_TYPES.inject({}) do |accu, name| accu.merge(name => { "identifier" => "IDENTIFIER", "secret" => "SECRET" }) end } } do get :new expect(response).to be_redirect end end describe '#create' do it 'is successful if valid params' do post :create, params: { openid_connect_provider: valid_params } expect(flash[:notice]).to eq(I18n.t(:notice_successful_create)) expect(Setting.plugin_openproject_openid_connect["providers"]).to have_key("azure") expect(response).to be_redirect end it 'renders an error if invalid params' do post :create, params: { openid_connect_provider: valid_params.merge(identifier: "") } expect(response).to render_template 'new' end end describe '#edit' do context 'when found', with_settings: { plugin_openproject_openid_connect: { "providers" => { "azure" => { "identifier" => "IDENTIFIER", "secret" => "SECRET" } } } } do it 'renders the edit page' do get :edit, params: { id: 'azure' } expect(response).to be_successful expect(assigns[:provider]).to be_present expect(response).to render_template 'edit' end end context 'when not found' do it 'renders 404' do get :edit, params: { id: 'doesnoexist' } expect(response).not_to be_successful expect(response.status).to eq 404 end end end describe '#update' do context 'when found', with_settings: { plugin_openproject_openid_connect: { "providers" => { "azure" => { "identifier" => "IDENTIFIER", "secret" => "SECRET" } } } } do it 'successfully updates the provider configuration' do put :update, params: { id: "azure", openid_connect_provider: valid_params.merge(secret: "NEWSECRET") } expect(response).to be_redirect expect(flash[:notice]).to be_present provider = OpenProject::OpenIDConnect.providers.find { |item| item.name == "azure" } expect(provider.secret).to eq("NEWSECRET") end end end describe '#destroy' do context 'when found', with_settings: { plugin_openproject_openid_connect: { "providers" => { "azure" => { "identifier" => "IDENTIFIER", "secret" => "SECRET" } } } } do it 'removes the provider' do delete :destroy, params: { id: "azure" } expect(response).to be_redirect expect(flash[:notice]).to be_present expect(OpenProject::OpenIDConnect.providers).to be_empty end end end end