1
0

omniauth_callbacks_spec.rb 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. RSpec.describe 'OmniAuth callbacks' do
  4. shared_examples 'omniauth provider callbacks' do |provider|
  5. subject { post send :"user_#{provider}_omniauth_callback_path" }
  6. context 'with full information in response' do
  7. before do
  8. mock_omniauth(provider, {
  9. provider: provider.to_s,
  10. uid: '123',
  11. info: {
  12. verified: 'true',
  13. email: 'user@host.example',
  14. },
  15. })
  16. end
  17. context 'without a matching user' do
  18. it 'creates a user and an identity and redirects to root path' do
  19. expect { subject }
  20. .to change(User, :count)
  21. .by(1)
  22. .and change(Identity, :count)
  23. .by(1)
  24. .and change(LoginActivity, :count)
  25. .by(1)
  26. expect(User.last.email).to eq('user@host.example')
  27. expect(Identity.find_by(user: User.last).uid).to eq('123')
  28. expect(response).to redirect_to(root_path)
  29. end
  30. end
  31. context 'with a matching user and no matching identity' do
  32. before do
  33. Fabricate(:user, email: 'user@host.example')
  34. end
  35. context 'when ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH is set to true' do
  36. around do |example|
  37. ClimateControl.modify ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH: 'true' do
  38. example.run
  39. end
  40. end
  41. it 'matches the existing user, creates an identity, and redirects to root path' do
  42. expect { subject }
  43. .to not_change(User, :count)
  44. .and change(Identity, :count)
  45. .by(1)
  46. .and change(LoginActivity, :count)
  47. .by(1)
  48. expect(Identity.find_by(user: User.last).uid).to eq('123')
  49. expect(response).to redirect_to(root_path)
  50. end
  51. end
  52. context 'when ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH is not set to true' do
  53. it 'does not match the existing user or create an identity, and redirects to login page' do
  54. expect { subject }
  55. .to not_change(User, :count)
  56. .and not_change(Identity, :count)
  57. .and not_change(LoginActivity, :count)
  58. expect(response).to redirect_to(new_user_session_url)
  59. end
  60. end
  61. end
  62. context 'with a matching user and a matching identity' do
  63. before do
  64. user = Fabricate(:user, email: 'user@host.example')
  65. Fabricate(:identity, user: user, uid: '123', provider: provider)
  66. end
  67. it 'matches the existing records and redirects to root path' do
  68. expect { subject }
  69. .to not_change(User, :count)
  70. .and not_change(Identity, :count)
  71. .and change(LoginActivity, :count)
  72. .by(1)
  73. expect(response).to redirect_to(root_path)
  74. end
  75. end
  76. end
  77. context 'with a response missing email address' do
  78. before do
  79. mock_omniauth(provider, {
  80. provider: provider.to_s,
  81. uid: '123',
  82. info: {
  83. verified: 'true',
  84. },
  85. })
  86. end
  87. it 'redirects to the auth setup page' do
  88. expect { subject }
  89. .to change(User, :count)
  90. .by(1)
  91. .and change(Identity, :count)
  92. .by(1)
  93. .and change(LoginActivity, :count)
  94. .by(1)
  95. expect(response).to redirect_to(auth_setup_path(missing_email: '1'))
  96. end
  97. end
  98. context 'when a user cannot be built' do
  99. before do
  100. allow(User).to receive(:find_for_omniauth).and_return(User.new)
  101. end
  102. it 'redirects to the new user signup page' do
  103. expect { subject }
  104. .to not_change(User, :count)
  105. .and not_change(Identity, :count)
  106. .and not_change(LoginActivity, :count)
  107. expect(response).to redirect_to(new_user_registration_url)
  108. end
  109. end
  110. end
  111. describe '#openid_connect', if: ENV['OIDC_ENABLED'] == 'true' && ENV['OIDC_SCOPE'].present? do
  112. include_examples 'omniauth provider callbacks', :openid_connect
  113. end
  114. describe '#cas', if: ENV['CAS_ENABLED'] == 'true' do
  115. include_examples 'omniauth provider callbacks', :cas
  116. end
  117. describe '#saml', if: ENV['SAML_ENABLED'] == 'true' do
  118. include_examples 'omniauth provider callbacks', :saml
  119. end
  120. end