Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/components/auth/github_authenticator_spec.rb

173 lines
4.9 KiB
Ruby
Raw Normal View History

Add support for email whitelist/blacklist to GitHub auth If a site is configured for GitHub logins, _**and**_ has an email domain whitelist, it's possible to get in a state where a new user is locked to a non-whitelist email (their GitHub primary) even though they have an alternate email that's on the whitelist. In all cases, the GitHub primary email is attempted first so that previously existing behavior will be the default. - Add whitelist/blacklist support to GithubAuthenticator (via EmailValidator) - Add multiple email support GithubAuthenticator - Add test specs for GithubAuthenticator - Add authenticator-agnostic "none of your email addresses are allowed" error message.
2016-09-22 14:31:10 -04:00
require 'rails_helper'
# In the ghetto ... getting the spec to run in autospec
# thing is we need to load up all auth really early pre-fork
# it means that the require is not going to get a new copy
Auth.send(:remove_const, :GithubAuthenticator)
load 'auth/github_authenticator.rb'
describe Auth::GithubAuthenticator do
context 'after_authenticate' do
it 'can authenticate and create a user record for already existing users' do
user = Fabricate(:user)
hash = {
:extra => {
:all_emails => [{
:email => user.email,
:primary => true,
:verified => true,
}]
},
:info => {
:email => user.email,
:email_verified => true,
:nickname => user.username,
:name => user.name,
},
:uid => "100"
}
authenticator = Auth::GithubAuthenticator.new
result = authenticator.after_authenticate(hash)
expect(result.user.id).to eq(user.id)
expect(result.username).to eq(user.username)
expect(result.name).to eq(user.name)
expect(result.email).to eq(user.email)
expect(result.email_valid).to eq(true)
end
it 'will not authenticate for already existing users with an unverified email' do
user = Fabricate(:user)
hash = {
:extra => {
:all_emails => [{
:email => user.email,
:primary => true,
:verified => false,
}]
},
:info => {
:email => user.email,
:email_verified => false,
:nickname => user.username,
:name => user.name,
},
:uid => "100"
}
authenticator = Auth::GithubAuthenticator.new
result = authenticator.after_authenticate(hash)
expect(result.user).to eq(nil)
expect(result.username).to eq(user.username)
expect(result.name).to eq(user.name)
expect(result.email).to eq(user.email)
expect(result.email_valid).to eq(false)
end
it 'can create a proper result for non existing users' do
hash = {
:extra => {
:all_emails => [{
:email => "person@example.com",
:primary => true,
:verified => true,
}]
},
:info => {
:email => "person@example.com",
:email_verified => true,
:nickname => "person",
:name => "Person Lastname",
},
:uid => "100"
}
authenticator = Auth::GithubAuthenticator.new
result = authenticator.after_authenticate(hash)
expect(result.user).to eq(nil)
expect(result.username).to eq(hash[:info][:nickname])
expect(result.name).to eq(hash[:info][:name])
expect(result.email).to eq(hash[:info][:email])
expect(result.email_valid).to eq(hash[:info][:email_verified])
end
it 'will skip blacklisted domains for non existing users' do
hash = {
:extra => {
:all_emails => [{
:email => "not_allowed@blacklist.com",
:primary => true,
:verified => true,
},{
:email => "allowed@whitelist.com",
:primary => false,
:verified => true,
}]
},
:info => {
:email => "not_allowed@blacklist.com",
:email_verified => true,
:nickname => "person",
:name => "Person Lastname",
},
:uid => "100"
}
authenticator = Auth::GithubAuthenticator.new
SiteSetting.email_domains_blacklist = "blacklist.com"
result = authenticator.after_authenticate(hash)
expect(result.user).to eq(nil)
expect(result.username).to eq(hash[:info][:nickname])
expect(result.name).to eq(hash[:info][:name])
expect(result.email).to eq("allowed@whitelist.com")
expect(result.email_valid).to eq(true)
end
it 'will find whitelisted domains for non existing users' do
hash = {
:extra => {
:all_emails => [{
:email => "person@example.com",
:primary => true,
:verified => true,
},{
:email => "not_allowed@blacklist.com",
:primary => true,
:verified => true,
},{
:email => "allowed@whitelist.com",
:primary => false,
:verified => true,
}]
},
:info => {
:email => "person@example.com",
:email_verified => true,
:nickname => "person",
:name => "Person Lastname",
},
:uid => "100"
}
authenticator = Auth::GithubAuthenticator.new
SiteSetting.email_domains_whitelist = "whitelist.com"
result = authenticator.after_authenticate(hash)
expect(result.user).to eq(nil)
expect(result.username).to eq(hash[:info][:nickname])
expect(result.name).to eq(hash[:info][:name])
expect(result.email).to eq("allowed@whitelist.com")
expect(result.email_valid).to eq(true)
end
end
end