discourse/spec/lib/validators/enable_sso_validator_spec.rb

# frozen_string_literal: true

RSpec.describe EnableSsoValidator do
  subject(:validator) { described_class.new }

  describe "#valid_value?" do
    describe "when 'sso url' is empty" do
      before { SiteSetting.discourse_connect_url = "" }

      describe "when val is false" do
        it "should be valid" do
          expect(validator.valid_value?("f")).to eq(true)
        end
      end

      describe "when value is true" do
        it "should not be valid" do
          expect(validator.valid_value?("t")).to eq(false)

          expect(validator.error_message).to eq(
            I18n.t("site_settings.errors.discourse_connect_url_is_empty"),
          )
        end
      end
    end

    describe "when 'sso url' is present" do
      before { SiteSetting.discourse_connect_url = "https://www.example.com/sso" }

      describe "when value is false" do
        it "should be valid" do
          expect(validator.valid_value?("f")).to eq(true)
        end
      end

      describe "when value is true" do
        it "should be valid" do
          expect(validator.valid_value?("t")).to eq(true)
        end
      end
    end

    describe "when 2FA is enforced" do
      before { SiteSetting.discourse_connect_url = "https://www.example.com/sso" }

      it "should be invalid" do
        SiteSetting.enforce_second_factor = "all"

        expect(validator.valid_value?("t")).to eq(false)
      end

      it "should be valid" do
        SiteSetting.enforce_second_factor = "no"

        expect(validator.valid_value?("t")).to eq(true)
      end
    end
  end
end
DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction 2019-04-29 20:27:42 -04:00			`# frozen_string_literal: true`

FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 03:00:49 -05:00			`RSpec.describe EnableSsoValidator do`
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32 2023-06-21 10:00:19 -04:00			`subject(:validator) { described_class.new }`
FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 03:00:49 -05:00
			`describe "#valid_value?" do`
			`describe "when 'sso url' is empty" do`
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense. This commit aims to: - Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_` - Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices - Copy `site_settings` database records to the new names - Rename relevant translation keys - Update relevant translations This commit does not aim to: - Rename any Ruby classes or methods. This might be done in a future commit - Change any URLs. This would break existing integrations - Make any changes to the protocol. This would break existing integrations - Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately The risks are: - There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical. - If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working. A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows. 2021-02-08 05:04:33 -05:00			`before { SiteSetting.discourse_connect_url = "" }`
FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 03:00:49 -05:00
			`describe "when val is false" do`
			`it "should be valid" do`
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32 2023-06-21 10:00:19 -04:00			`expect(validator.valid_value?("f")).to eq(true)`
FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 03:00:49 -05:00			`end`
			`end`

			`describe "when value is true" do`
			`it "should not be valid" do`
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32 2023-06-21 10:00:19 -04:00			`expect(validator.valid_value?("t")).to eq(false)`
FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 03:00:49 -05:00
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32 2023-06-21 10:00:19 -04:00			`expect(validator.error_message).to eq(`
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense. This commit aims to: - Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_` - Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices - Copy `site_settings` database records to the new names - Rename relevant translation keys - Update relevant translations This commit does not aim to: - Rename any Ruby classes or methods. This might be done in a future commit - Change any URLs. This would break existing integrations - Make any changes to the protocol. This would break existing integrations - Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately The risks are: - There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical. - If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working. A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows. 2021-02-08 05:04:33 -05:00			`I18n.t("site_settings.errors.discourse_connect_url_is_empty"),`
FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 03:00:49 -05:00			`)`
			`end`
			`end`
			`end`

			`describe "when 'sso url' is present" do`
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense. This commit aims to: - Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_` - Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices - Copy `site_settings` database records to the new names - Rename relevant translation keys - Update relevant translations This commit does not aim to: - Rename any Ruby classes or methods. This might be done in a future commit - Change any URLs. This would break existing integrations - Make any changes to the protocol. This would break existing integrations - Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately The risks are: - There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical. - If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working. A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows. 2021-02-08 05:04:33 -05:00			`before { SiteSetting.discourse_connect_url = "https://www.example.com/sso" }`
FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 03:00:49 -05:00
			`describe "when value is false" do`
			`it "should be valid" do`
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32 2023-06-21 10:00:19 -04:00			`expect(validator.valid_value?("f")).to eq(true)`
FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 03:00:49 -05:00			`end`
			`end`

			`describe "when value is true" do`
			`it "should be valid" do`
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32 2023-06-21 10:00:19 -04:00			`expect(validator.valid_value?("t")).to eq(true)`
FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 03:00:49 -05:00			`end`
			`end`
			`end`

FIX: Check 2FA is disabled before enabling DiscourseConnect. (#16542) Both settings are incompatible. We validated that DiscourseConnect is disabled before enabling 2FA but were missing the other way around. 2022-04-25 13:49:36 -04:00			`describe "when 2FA is enforced" do`
			`before { SiteSetting.discourse_connect_url = "https://www.example.com/sso" }`

			`it "should be invalid" do`
			`SiteSetting.enforce_second_factor = "all"`

DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32 2023-06-21 10:00:19 -04:00			`expect(validator.valid_value?("t")).to eq(false)`
FIX: Check 2FA is disabled before enabling DiscourseConnect. (#16542) Both settings are incompatible. We validated that DiscourseConnect is disabled before enabling 2FA but were missing the other way around. 2022-04-25 13:49:36 -04:00			`end`

			`it "should be valid" do`
			`SiteSetting.enforce_second_factor = "no"`

DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32 2023-06-21 10:00:19 -04:00			`expect(validator.valid_value?("t")).to eq(true)`
FIX: Check 2FA is disabled before enabling DiscourseConnect. (#16542) Both settings are incompatible. We validated that DiscourseConnect is disabled before enabling 2FA but were missing the other way around. 2022-04-25 13:49:36 -04:00			`end`
			`end`
FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 03:00:49 -05:00			`end`
			`end`