X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/0d1836a8d4d5a0c0802881c2878a35f611e09e1f..9b46e402be4366b591ce9c73e2afb24bef0a3dd5:/services/api/test/integration/user_sessions_test.rb diff --git a/services/api/test/integration/user_sessions_test.rb b/services/api/test/integration/user_sessions_test.rb index 7d1ed1873a..76659f3207 100644 --- a/services/api/test/integration/user_sessions_test.rb +++ b/services/api/test/integration/user_sessions_test.rb @@ -13,24 +13,25 @@ class UserSessionsApiTest < ActionDispatch::IntegrationTest url end - def mock_auth_with(email: nil, username: nil, identity_url: nil, remote: nil) + def mock_auth_with(email: nil, username: nil, identity_url: nil, remote: nil, expected_response: :redirect) mock = { - 'provider' => 'josh_id', - 'uid' => 'https://edward.example.com', - 'info' => { 'identity_url' => 'https://edward.example.com', 'name' => 'Edward Example', 'first_name' => 'Edward', 'last_name' => 'Example', - }, } - mock['info']['email'] = email unless email.nil? - mock['info']['username'] = username unless username.nil? - mock['info']['identity_url'] = identity_url unless identity_url.nil? - post('/auth/josh_id/callback', - {return_to: client_url(remote: remote)}, - {'omniauth.auth' => mock}) - assert_response :redirect, 'Did not redirect to client with token' + mock['email'] = email unless email.nil? + mock['username'] = username unless username.nil? + mock['identity_url'] = identity_url unless identity_url.nil? + post('/auth/controller/callback', + params: {return_to: client_url(remote: remote), :auth_info => SafeJSON.dump(mock)}, + headers: {'Authorization' => 'Bearer ' + Rails.configuration.SystemRootToken}) + + errors = { + :redirect => 'Did not redirect to client with token', + 400 => 'Did not return Bad Request error', + } + assert_response expected_response, errors[expected_response] end test 'assign username from sso' do @@ -48,19 +49,19 @@ class UserSessionsApiTest < ActionDispatch::IntegrationTest test 'existing user login' do mock_auth_with(identity_url: "https://active-user.openid.local") u = assigns(:user) - assert_equal 'zzzzz-tpzed-xurymjxw79nv3jz', u.uuid + assert_equal users(:active).uuid, u.uuid end test 'user redirect_to_user_uuid' do mock_auth_with(identity_url: "https://redirects-to-active-user.openid.local") u = assigns(:user) - assert_equal 'zzzzz-tpzed-xurymjxw79nv3jz', u.uuid + assert_equal users(:active).uuid, u.uuid end test 'user double redirect_to_user_uuid' do mock_auth_with(identity_url: "https://double-redirects-to-active-user.openid.local") u = assigns(:user) - assert_equal 'zzzzz-tpzed-xurymjxw79nv3jz', u.uuid + assert_equal users(:active).uuid, u.uuid end test 'create new user during omniauth callback' do @@ -80,6 +81,10 @@ class UserSessionsApiTest < ActionDispatch::IntegrationTest assert_includes(@response.redirect_url, 'api_token=' + api_client_auth.salted_token(remote: 'zbbbb')) end + test 'error out from omniauth callback with invalid remote param' do + mock_auth_with(email: 'edward@example.com', remote: 'invalid_cluster_id', expected_response: 400) + end + # Test various combinations of auto_setup configuration and email # address provided during a new user's first session setup. [{result: :nope, email: nil, cfg: {auto: true, repo: true, vm: true}}, @@ -102,10 +107,11 @@ class UserSessionsApiTest < ActionDispatch::IntegrationTest ].each do |testcase| test "user auto-activate #{testcase.inspect}" do # Configure auto_setup behavior according to testcase[:cfg] - Rails.configuration.auto_setup_new_users = testcase[:cfg][:auto] - Rails.configuration.auto_setup_new_users_with_vm_uuid = - (testcase[:cfg][:vm] ? virtual_machines(:testvm).uuid : false) - Rails.configuration.auto_setup_new_users_with_repository = + Rails.configuration.Users.NewUsersAreActive = false + Rails.configuration.Users.AutoSetupNewUsers = testcase[:cfg][:auto] + Rails.configuration.Users.AutoSetupNewUsersWithVmUUID = + (testcase[:cfg][:vm] ? virtual_machines(:testvm).uuid : "") + Rails.configuration.Users.AutoSetupNewUsersWithRepository = testcase[:cfg][:repo] mock_auth_with(email: testcase[:email])