update gem, test pam authentication (#7028)
* update gem, test pam authentication * add description for test parameters * fix inclusion of optional group
This commit is contained in:
parent
12f5f13fab
commit
8e88a18316
6 changed files with 73 additions and 6 deletions
|
@ -1,3 +1,7 @@
|
||||||
# Federation
|
# Federation
|
||||||
LOCAL_DOMAIN=cb6e6126.ngrok.io
|
LOCAL_DOMAIN=cb6e6126.ngrok.io
|
||||||
LOCAL_HTTPS=true
|
LOCAL_HTTPS=true
|
||||||
|
# test pam authentication
|
||||||
|
PAM_ENABLED=true
|
||||||
|
PAM_DEFAULT_SERVICE=pam_test
|
||||||
|
PAM_CONTROLLED_SERVICE=pam_test_controlled
|
||||||
|
|
|
@ -23,6 +23,7 @@ env:
|
||||||
- RAILS_ENV=test
|
- RAILS_ENV=test
|
||||||
- NOKOGIRI_USE_SYSTEM_LIBRARIES=true
|
- NOKOGIRI_USE_SYSTEM_LIBRARIES=true
|
||||||
- PARALLEL_TEST_PROCESSORS=2
|
- PARALLEL_TEST_PROCESSORS=2
|
||||||
|
- ALLOW_NOPAM=true
|
||||||
|
|
||||||
addons:
|
addons:
|
||||||
postgresql: 9.4
|
postgresql: 9.4
|
||||||
|
@ -47,7 +48,7 @@ services:
|
||||||
|
|
||||||
install:
|
install:
|
||||||
- nvm install
|
- nvm install
|
||||||
- bundle install --path=vendor/bundle --without development production --retry=3 --jobs=16
|
- bundle install --path=vendor/bundle --with pam_authentication --without development production --retry=3 --jobs=16
|
||||||
- yarn install
|
- yarn install
|
||||||
|
|
||||||
before_script:
|
before_script:
|
||||||
|
|
2
Gemfile
2
Gemfile
|
@ -33,7 +33,7 @@ gem 'devise', '~> 4.4'
|
||||||
gem 'devise-two-factor', '~> 3.0'
|
gem 'devise-two-factor', '~> 3.0'
|
||||||
|
|
||||||
group :pam_authentication, optional: true do
|
group :pam_authentication, optional: true do
|
||||||
gem 'devise_pam_authenticatable2', '~> 9.0'
|
gem 'devise_pam_authenticatable2', '~> 9.1'
|
||||||
end
|
end
|
||||||
|
|
||||||
gem 'net-ldap', '~> 0.10'
|
gem 'net-ldap', '~> 0.10'
|
||||||
|
|
|
@ -146,9 +146,9 @@ GEM
|
||||||
devise (~> 4.0)
|
devise (~> 4.0)
|
||||||
railties (< 5.2)
|
railties (< 5.2)
|
||||||
rotp (~> 2.0)
|
rotp (~> 2.0)
|
||||||
devise_pam_authenticatable2 (9.0.0)
|
devise_pam_authenticatable2 (9.1.0)
|
||||||
devise (>= 4.0.0)
|
devise (>= 4.0.0)
|
||||||
rpam2 (~> 3.0)
|
rpam2 (~> 4.0)
|
||||||
diff-lcs (1.3)
|
diff-lcs (1.3)
|
||||||
docile (1.1.5)
|
docile (1.1.5)
|
||||||
domain_name (0.5.20170404)
|
domain_name (0.5.20170404)
|
||||||
|
@ -464,7 +464,7 @@ GEM
|
||||||
actionpack (>= 4.2.0, < 5.3)
|
actionpack (>= 4.2.0, < 5.3)
|
||||||
railties (>= 4.2.0, < 5.3)
|
railties (>= 4.2.0, < 5.3)
|
||||||
rotp (2.1.2)
|
rotp (2.1.2)
|
||||||
rpam2 (3.1.0)
|
rpam2 (4.0.2)
|
||||||
rqrcode (0.10.1)
|
rqrcode (0.10.1)
|
||||||
chunky_png (~> 1.0)
|
chunky_png (~> 1.0)
|
||||||
rspec-core (3.7.0)
|
rspec-core (3.7.0)
|
||||||
|
@ -639,7 +639,7 @@ DEPENDENCIES
|
||||||
climate_control (~> 0.2)
|
climate_control (~> 0.2)
|
||||||
devise (~> 4.4)
|
devise (~> 4.4)
|
||||||
devise-two-factor (~> 3.0)
|
devise-two-factor (~> 3.0)
|
||||||
devise_pam_authenticatable2 (~> 9.0)
|
devise_pam_authenticatable2 (~> 9.1)
|
||||||
doorkeeper (~> 4.2)
|
doorkeeper (~> 4.2)
|
||||||
dotenv-rails (~> 2.2)
|
dotenv-rails (~> 2.2)
|
||||||
fabrication (~> 2.18)
|
fabrication (~> 2.18)
|
||||||
|
|
|
@ -59,3 +59,14 @@ Rails.application.configure do
|
||||||
end
|
end
|
||||||
|
|
||||||
Paperclip::Attachment.default_options[:path] = "#{Rails.root}/spec/test_files/:class/:id_partition/:style.:extension"
|
Paperclip::Attachment.default_options[:path] = "#{Rails.root}/spec/test_files/:class/:id_partition/:style.:extension"
|
||||||
|
|
||||||
|
# set fake_data for pam, don't do real calls, just use fake data
|
||||||
|
if ENV['PAM_ENABLED'] == 'true'
|
||||||
|
Rpam2.fake_data =
|
||||||
|
{
|
||||||
|
usernames: Set['pam_user1', 'pam_user2'],
|
||||||
|
servicenames: Set['pam_test', 'pam_test_controlled'],
|
||||||
|
password: '123456',
|
||||||
|
env: { email: 'pam@example.com' }
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
|
@ -48,6 +48,57 @@ RSpec.describe Auth::SessionsController, type: :controller do
|
||||||
request.env['devise.mapping'] = Devise.mappings[:user]
|
request.env['devise.mapping'] = Devise.mappings[:user]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'using PAM authentication' do
|
||||||
|
context 'using a valid password' do
|
||||||
|
before do
|
||||||
|
post :create, params: { user: { email: "pam_user1", password: '123456' } }
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'redirects to home' do
|
||||||
|
expect(response).to redirect_to(root_path)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'logs the user in' do
|
||||||
|
expect(controller.current_user).to be_instance_of(User)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'using an invalid password' do
|
||||||
|
before do
|
||||||
|
post :create, params: { user: { email: "pam_user1", password: 'WRONGPW' } }
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'shows a login error' do
|
||||||
|
expect(flash[:alert]).to match I18n.t('devise.failure.invalid', authentication_keys: 'Email')
|
||||||
|
end
|
||||||
|
|
||||||
|
it "doesn't log the user in" do
|
||||||
|
expect(controller.current_user).to be_nil
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'using a valid email and existing user' do
|
||||||
|
let(:user) do
|
||||||
|
account = Fabricate.build(:account, username: 'pam_user1')
|
||||||
|
account.save!(validate: false)
|
||||||
|
user = Fabricate(:user, email: 'pam@example.com', password: nil, account: account)
|
||||||
|
user
|
||||||
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
post :create, params: { user: { email: user.email, password: '123456' } }
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'redirects to home' do
|
||||||
|
expect(response).to redirect_to(root_path)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'logs the user in' do
|
||||||
|
expect(controller.current_user).to eq user
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'using password authentication' do
|
context 'using password authentication' do
|
||||||
let(:user) { Fabricate(:user, email: 'foo@bar.com', password: 'abcdefgh') }
|
let(:user) { Fabricate(:user, email: 'foo@bar.com', password: 'abcdefgh') }
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue