From 15dba34c9a469c95ea6112419dca33c2c63c6247 Mon Sep 17 00:00:00 2001
From: Timothy Andrew <mail@timothyandrew.net>
Date: Mon, 19 Jun 2017 07:55:09 +0000
Subject: [PATCH] Add Omniauth OAuth config to the test section of `gitlab.yml`
- I tried to get this to work by stubbing out portions of the config within the
test. This didn't work as expected because Devise/Omniauth loaded before the
stub could run, and the stubbed config was ignored.
- I attempted to fix this by reloading Devise/Omniauth after stubbing the
config. This successfully got Devise to load the stubbed providers, but failed
while trying to access a route such as `user_gitlab_omniauth_authorize_path`.
- I spent a while trying to figure this out (even trying
`Rails.application.reload_routes!`), but nothing seemed to work.
- I settled for adding this config directly to `gitlab.yml` rather than go down
this path any further.
---
config/gitlab.yml.example | 66 +++++++++++++++++++++++++++++++
spec/features/oauth_login_spec.rb | 52 +-----------------------
2 files changed, 67 insertions(+), 51 deletions(-)
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 43a8c0078ca..b58a173bccb 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -615,6 +615,72 @@ test:
title: "JIRA"
url: https://sample_company.atlassian.net
project_key: PROJECT
+
+ omniauth:
+ enabled: true
+ allow_single_sign_on: true
+ block_auto_created_users: false
+ auto_link_saml_user: true
+ external_providers: []
+
+ providers:
+ - { name: 'cas3',
+ label: 'cas3',
+ args: {
+ url: 'https://sso.example.com',
+ disable_ssl_verification: false,
+ login_url: '/cas/login',
+ service_validate_url: '/cas/p3/serviceValidate',
+ logout_url: '/cas/logout'} }
+ - { name: 'authentiq',
+ app_id: 'YOUR_CLIENT_ID',
+ app_secret: 'YOUR_CLIENT_SECRET',
+ args: {
+ scope: 'aq:name email~rs address aq:push'
+ }
+ }
+
+ - { name: 'github',
+ app_id: 'YOUR_APP_ID',
+ app_secret: 'YOUR_APP_SECRET',
+ url: "https://github.com/",
+ verify_ssl: false,
+ args: { scope: 'user:email' } }
+ - { name: 'bitbucket',
+ app_id: 'YOUR_APP_ID',
+ app_secret: 'YOUR_APP_SECRET' }
+ - { name: 'gitlab',
+ app_id: 'YOUR_APP_ID',
+ app_secret: 'YOUR_APP_SECRET',
+ args: { scope: 'api' } }
+ - { name: 'google_oauth2',
+ app_id: 'YOUR_APP_ID',
+ app_secret: 'YOUR_APP_SECRET',
+ args: { access_type: 'offline', approval_prompt: '' } }
+ - { name: 'facebook',
+ app_id: 'YOUR_APP_ID',
+ app_secret: 'YOUR_APP_SECRET' }
+ - { name: 'twitter',
+ app_id: 'YOUR_APP_ID',
+ app_secret: 'YOUR_APP_SECRET' }
+
+ - { name: 'saml',
+ label: 'Our SAML Provider',
+ groups_attribute: 'Groups',
+ external_groups: ['Contractors', 'Freelancers'],
+ args: {
+ assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
+ idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
+ idp_sso_target_url: 'https://login.example.com/idp',
+ issuer: 'https://gitlab.example.com',
+ name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
+ } }
+
+ - { name: 'auth0',
+ args: {
+ client_id: 'YOUR_AUTH0_CLIENT_ID',
+ client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
+ namespace: 'YOUR_AUTH0_DOMAIN' } }
ldap:
enabled: false
servers:
diff --git a/spec/features/oauth_login_spec.rb b/spec/features/oauth_login_spec.rb
index b37c14bd638..8e02bc88fad 100644
--- a/spec/features/oauth_login_spec.rb
+++ b/spec/features/oauth_login_spec.rb
@@ -6,23 +6,6 @@ feature 'OAuth Login', feature: true, js: true do
click_button 'Verify code'
end
- def provider_config(provider)
- if provider == :saml
- OpenStruct.new(
- name: 'saml', label: 'saml',
- args: {
- assertion_consumer_service_url: 'https://localhost:3443/users/auth/saml/callback',
- idp_cert_fingerprint: '26:43:2C:47:AF:F0:6B:D0:07:9C:AD:A3:74:FE:5D:94:5F:4E:9E:52',
- idp_sso_target_url: 'https://idp.example.com/sso/saml',
- issuer: 'https://localhost:3443/',
- name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
- }
- )
- else
- OpenStruct.new(name: provider.to_s, app_id: 'app_id', app_secret: 'app_secret')
- end
- end
-
def stub_omniauth_config(provider)
OmniAuth.config.add_mock(provider, OmniAuth::AuthHash.new({ provider: provider.to_s, uid: "12345" }))
Rails.application.env_config['devise.mapping'] = Devise.mappings[:user]
@@ -32,43 +15,10 @@ feature 'OAuth Login', feature: true, js: true do
providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2,
:facebook, :authentiq, :cas3, :auth0]
- before do
+ before(:all) do
OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(/#{request['REQUEST_PATH']}.*/, '') }
-
- messages = {
- enabled: true,
- allow_single_sign_on: providers.map(&:to_s),
- auto_link_saml_user: true,
- providers: providers.map { |provider| provider_config(provider) }
- }
-
- allow(Gitlab.config.omniauth).to receive_messages(messages)
end
- # context 'logging in via OAuth' do
- # def saml_config
-
- # end
- # def stub_omniauth_config(messages)
- # Rails.application.env_config['devise.mapping'] = Devise.mappings[:user]
- # Rails.application.routes.disable_clear_and_finalize = true
- # Rails.application.routes.draw do
- # post '/users/auth/saml' => 'omniauth_callbacks#saml'
- # end
- # allow(Gitlab::OAuth::Provider).to receive_messages(providers: [:saml], config_for: saml_config)
- # allow(Gitlab.config.omniauth).to receive_messages(messages)
- # expect_any_instance_of(Object).to receive(:omniauth_authorize_path).with(:user, "saml").and_return('/users/auth/saml')
- # end
- # it 'shows 2FA prompt after OAuth login' do
- # stub_omniauth_config(enabled: true, auto_link_saml_user: true, allow_single_sign_on: ['saml'], providers: [saml_config])
- # user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: 'saml')
- # login_via('saml', user, 'my-uid')
- # expect(page).to have_content('Two-Factor Authentication')
- # enter_code(user.current_otp)
- # expect(current_path).to eq root_path
- # end
- # end
-
providers.each do |provider|
context "when the user logs in using the #{provider} provider" do
context "when two-factor authentication is disabled" do
--
GitLab