Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/components/auth/managed_authenticator_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

314 lines
12 KiB
Ruby
Raw Normal View History

DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction
2019-04-29 20:27:42 -04:00
# frozen_string_literal: true
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
require 'rails_helper'
describe Auth::ManagedAuthenticator do
let(:authenticator) {
Class.new(described_class) do
DEV: Enable `Style/SingleLineMethods` and `Style/Semicolon` in Rubocop (#6717)
2018-12-03 22:48:13 -05:00
def name
"myauth"
end
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
end.new
}
let(:hash) {
UX: Ignore name parameter from IDP when it is equal to email (#8869) Some auth providers (e.g. Auth0 with default configuration) send the email address in the name field. In Discourse, the name field is made public, so this commit adds a safeguard to prevent emails being made public.
2020-02-05 11:03:18 -05:00
OmniAuth::AuthHash.new(
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
provider: "myauth",
uid: "1234",
info: {
name: "Best Display Name",
email: "awesome@example.com",
nickname: "IAmGroot"
},
credentials: {
token: "supersecrettoken"
},
extra: {
raw_info: {
randominfo: "some info"
}
}
UX: Ignore name parameter from IDP when it is equal to email (#8869) Some auth providers (e.g. Auth0 with default configuration) send the email address in the name field. In Discourse, the name field is made public, so this commit adds a safeguard to prevent emails being made public.
2020-02-05 11:03:18 -05:00
)
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
}
FIX: Use database to persist metadata during social registration (#6750) Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 10:10:06 -05:00
let(:create_hash) {
UX: Ignore name parameter from IDP when it is equal to email (#8869) Some auth providers (e.g. Auth0 with default configuration) send the email address in the name field. In Discourse, the name field is made public, so this commit adds a safeguard to prevent emails being made public.
2020-02-05 11:03:18 -05:00
OmniAuth::AuthHash.new(
FIX: Use database to persist metadata during social registration (#6750) Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 10:10:06 -05:00
provider: "myauth",
uid: "1234"
UX: Ignore name parameter from IDP when it is equal to email (#8869) Some auth providers (e.g. Auth0 with default configuration) send the email address in the name field. In Discourse, the name field is made public, so this commit adds a safeguard to prevent emails being made public.
2020-02-05 11:03:18 -05:00
)
FIX: Use database to persist metadata during social registration (#6750) Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 10:10:06 -05:00
}
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
describe 'after_authenticate' do
it 'can match account from an existing association' do
user = Fabricate(:user)
FIX: ManagedAuthenticator should automatically update last_used time
2019-02-27 10:29:26 -05:00
associated = UserAssociatedAccount.create!(user: user, provider_name: 'myauth', provider_uid: "1234", last_used: 1.year.ago)
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
result = authenticator.after_authenticate(hash)
expect(result.user.id).to eq(user.id)
associated.reload
FIX: ManagedAuthenticator should automatically update last_used time
2019-02-27 10:29:26 -05:00
expect(associated.last_used).to be >= 1.day.ago
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
expect(associated.info["name"]).to eq("Best Display Name")
expect(associated.info["email"]).to eq("awesome@example.com")
expect(associated.credentials["token"]).to eq("supersecrettoken")
expect(associated.extra["raw_info"]["randominfo"]).to eq("some info")
end
describe 'connecting to another user account' do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-06 23:12:20 -04:00
fab!(:user1) { Fabricate(:user) }
fab!(:user2) { Fabricate(:user) }
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
before { UserAssociatedAccount.create!(user: user1, provider_name: 'myauth', provider_uid: "1234") }
it 'works by default' do
result = authenticator.after_authenticate(hash, existing_account: user2)
expect(result.user.id).to eq(user2.id)
expect(UserAssociatedAccount.exists?(user_id: user1.id)).to eq(false)
FIX: Prioritize explicit 'connect' over matching by email This is an edge case that was previously handled by TwitterAuthenticator, but not FacebookAuthenticator.
2018-12-07 09:12:08 -05:00
expect(UserAssociatedAccount.exists?(user_id: user2.id)).to eq(true)
end
it 'still works if another user has a matching email' do
Fabricate(:user, email: hash.dig(:info, :email))
result = authenticator.after_authenticate(hash, existing_account: user2)
expect(result.user.id).to eq(user2.id)
expect(UserAssociatedAccount.exists?(user_id: user1.id)).to eq(false)
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
expect(UserAssociatedAccount.exists?(user_id: user2.id)).to eq(true)
end
it 'does not work when disabled' do
authenticator = Class.new(described_class) do
DEV: Enable `Style/SingleLineMethods` and `Style/Semicolon` in Rubocop (#6717)
2018-12-03 22:48:13 -05:00
def name
"myauth"
end
def can_connect_existing_user?
false
end
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
end.new
result = authenticator.after_authenticate(hash, existing_account: user2)
expect(result.user.id).to eq(user1.id)
expect(UserAssociatedAccount.exists?(user_id: user1.id)).to eq(true)
expect(UserAssociatedAccount.exists?(user_id: user2.id)).to eq(false)
end
end
describe 'match by email' do
FIX: Downcase email coming back from auth-provider
2019-08-13 12:53:38 -04:00
it 'downcases the email address from the authprovider' do
result = authenticator.after_authenticate(hash.deep_merge(info: { email: "HELLO@example.com" }))
expect(result.email).to eq('hello@example.com')
end
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
it 'works normally' do
user = Fabricate(:user)
result = authenticator.after_authenticate(hash.deep_merge(info: { email: user.email }))
expect(result.user.id).to eq(user.id)
expect(UserAssociatedAccount.find_by(provider_name: 'myauth', provider_uid: "1234").user_id).to eq(user.id)
end
it 'works if there is already an association with the target account' do
user = Fabricate(:user, email: "awesome@example.com")
result = authenticator.after_authenticate(hash)
expect(result.user.id).to eq(user.id)
end
it 'does not match if match_by_email is false' do
authenticator = Class.new(described_class) do
DEV: Enable `Style/SingleLineMethods` and `Style/Semicolon` in Rubocop (#6717)
2018-12-03 22:48:13 -05:00
def name
"myauth"
end
def match_by_email
false
end
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
end.new
user = Fabricate(:user, email: "awesome@example.com")
result = authenticator.after_authenticate(hash)
expect(result.user).to eq(nil)
end
end
context 'when no matching user' do
it 'returns the correct information' do
FIX: Use database to persist metadata during social registration (#6750) Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 10:10:06 -05:00
expect {
result = authenticator.after_authenticate(hash)
DEV: Style and performance improvements Follow-up from 9db8291
2018-12-11 04:58:20 -05:00
expect(result.user).to eq(nil)
expect(result.username).to eq("IAmGroot")
expect(result.email).to eq("awesome@example.com")
FIX: Use database to persist metadata during social registration (#6750) Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 10:10:06 -05:00
}.to change { UserAssociatedAccount.count }.by(1)
expect(UserAssociatedAccount.last.user).to eq(nil)
expect(UserAssociatedAccount.last.info["nickname"]).to eq("IAmGroot")
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
end
it 'works if there is already an association with the target account' do
user = Fabricate(:user, email: "awesome@example.com")
result = authenticator.after_authenticate(hash)
expect(result.user.id).to eq(user.id)
end
FIX: Do not raise exception if the authenticator email is missing Followup to 296cdc53ee41bb58d0fe5c56df6fc1f7100dd7d4
2019-08-14 07:08:59 -04:00
it 'works if there is no email' do
expect {
result = authenticator.after_authenticate(hash.deep_merge(info: { email: nil }))
expect(result.user).to eq(nil)
expect(result.username).to eq("IAmGroot")
expect(result.email).to eq(nil)
}.to change { UserAssociatedAccount.count }.by(1)
expect(UserAssociatedAccount.last.user).to eq(nil)
expect(UserAssociatedAccount.last.info["nickname"]).to eq("IAmGroot")
end
UX: Ignore name parameter from IDP when it is equal to email (#8869) Some auth providers (e.g. Auth0 with default configuration) send the email address in the name field. In Discourse, the name field is made public, so this commit adds a safeguard to prevent emails being made public.
2020-02-05 11:03:18 -05:00
it 'will ignore name when equal to email' do
result = authenticator.after_authenticate(hash.deep_merge(info: { name: hash.info.email }))
expect(result.email).to eq(hash.info.email)
expect(result.name).to eq(nil)
end
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
end
FIX: Improve avatar loading, and add tests Follow-up from 4e2cc9c
2018-12-04 10:09:32 -05:00
describe "avatar on update" do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-06 23:12:20 -04:00
fab!(:user) { Fabricate(:user) }
FIX: Improve avatar loading, and add tests Follow-up from 4e2cc9c
2018-12-04 10:09:32 -05:00
let!(:associated) { UserAssociatedAccount.create!(user: user, provider_name: 'myauth', provider_uid: "1234") }
it "schedules the job upon update correctly" do
# No image supplied, do not schedule
expect { result = authenticator.after_authenticate(hash) }
.to change { Jobs::DownloadAvatarFromUrl.jobs.count }.by(0)
# Image supplied, schedule
expect { result = authenticator.after_authenticate(hash.deep_merge(info: { image: "https://some.domain/image.jpg" })) }
.to change { Jobs::DownloadAvatarFromUrl.jobs.count }.by(1)
# User already has profile picture, don't schedule
user.user_avatar = Fabricate(:user_avatar, custom_upload: Fabricate(:upload))
user.save!
expect { result = authenticator.after_authenticate(hash.deep_merge(info: { image: "https://some.domain/image.jpg" })) }
.to change { Jobs::DownloadAvatarFromUrl.jobs.count }.by(0)
end
end
DEV: Add profile fetching support to `ManagedAuthenticator`
2018-12-07 09:04:21 -05:00
describe "profile on update" do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-06 23:12:20 -04:00
fab!(:user) { Fabricate(:user) }
DEV: Add profile fetching support to `ManagedAuthenticator`
2018-12-07 09:04:21 -05:00
let!(:associated) { UserAssociatedAccount.create!(user: user, provider_name: 'myauth', provider_uid: "1234") }
it "updates the user's location and bio, unless already set" do
{ description: :bio_raw, location: :location }.each do |auth_hash_key, profile_key|
user.user_profile.update(profile_key => "Initial Value")
# No value supplied, do not overwrite
expect { result = authenticator.after_authenticate(hash) }
.not_to change { user.user_profile.reload; user.user_profile[profile_key] }
# Value supplied, still do not overwrite
expect { result = authenticator.after_authenticate(hash.deep_merge(info: { auth_hash_key => "New Value" })) }
.not_to change { user.user_profile.reload; user.user_profile[profile_key] }
# User has not set a value, so overwrite
user.user_profile.update(profile_key => "")
authenticator.after_authenticate(hash.deep_merge(info: { auth_hash_key => "New Value" }))
user.user_profile.reload
expect(user.user_profile[profile_key]).to eq("New Value")
end
end
end
FEATURE: Fetch email from auth provider if current user email is invalid (#7163) If the existing email address for a user ends in `.invalid`, we should take the email address from an authentication payload, and replace the invalid address. This typically happens when we import users from a system without email addresses. This commit also adds some extensibility so that plugin authenticators can define `always_update_user_email?`
2019-03-14 07:33:30 -04:00
describe "email update" do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-06 23:12:20 -04:00
fab!(:user) { Fabricate(:user) }
FEATURE: Fetch email from auth provider if current user email is invalid (#7163) If the existing email address for a user ends in `.invalid`, we should take the email address from an authentication payload, and replace the invalid address. This typically happens when we import users from a system without email addresses. This commit also adds some extensibility so that plugin authenticators can define `always_update_user_email?`
2019-03-14 07:33:30 -04:00
let!(:associated) { UserAssociatedAccount.create!(user: user, provider_name: 'myauth', provider_uid: "1234") }
it "updates the user's email if currently invalid" do
user.update!(email: "someemail@discourse.org")
# Existing email is valid, do not change
expect { result = authenticator.after_authenticate(hash) }
.not_to change { user.reload.email }
user.update!(email: "someemail@discourse.invalid")
# Existing email is invalid, expect change
expect { result = authenticator.after_authenticate(hash) }
.to change { user.reload.email }
expect(user.email).to eq("awesome@example.com")
end
it "doesn't raise error if email is taken" do
other_user = Fabricate(:user, email: "awesome@example.com")
user.update!(email: "someemail@discourse.invalid")
expect { result = authenticator.after_authenticate(hash) }
.not_to change { user.reload.email }
expect(user.email).to eq("someemail@discourse.invalid")
end
end
FIX: Improve avatar loading, and add tests Follow-up from 4e2cc9c
2018-12-04 10:09:32 -05:00
describe "avatar on create" do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-06 23:12:20 -04:00
fab!(:user) { Fabricate(:user) }
FIX: Use database to persist metadata during social registration (#6750) Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 10:10:06 -05:00
let!(:association) { UserAssociatedAccount.create!(provider_name: 'myauth', provider_uid: "1234") }
FIX: Improve avatar loading, and add tests Follow-up from 4e2cc9c
2018-12-04 10:09:32 -05:00
it "doesn't schedule with no image" do
FIX: Use database to persist metadata during social registration (#6750) Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 10:10:06 -05:00
expect { result = authenticator.after_create_account(user, extra_data: create_hash) }
FIX: Improve avatar loading, and add tests Follow-up from 4e2cc9c
2018-12-04 10:09:32 -05:00
.to change { Jobs::DownloadAvatarFromUrl.jobs.count }.by(0)
end
it "schedules with image" do
FIX: Use database to persist metadata during social registration (#6750) Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 10:10:06 -05:00
association.info["image"] = "https://some.domain/image.jpg"
association.save!
expect { result = authenticator.after_create_account(user, extra_data: create_hash) }
FIX: Improve avatar loading, and add tests Follow-up from 4e2cc9c
2018-12-04 10:09:32 -05:00
.to change { Jobs::DownloadAvatarFromUrl.jobs.count }.by(1)
end
end
DEV: Add profile fetching support to `ManagedAuthenticator`
2018-12-07 09:04:21 -05:00
describe "profile on create" do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-06 23:12:20 -04:00
fab!(:user) { Fabricate(:user) }
FIX: Use database to persist metadata during social registration (#6750) Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 10:10:06 -05:00
let!(:association) { UserAssociatedAccount.create!(provider_name: 'myauth', provider_uid: "1234") }
DEV: Add profile fetching support to `ManagedAuthenticator`
2018-12-07 09:04:21 -05:00
it "doesn't explode without profile" do
FIX: Use database to persist metadata during social registration (#6750) Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 10:10:06 -05:00
authenticator.after_create_account(user, extra_data: create_hash)
DEV: Add profile fetching support to `ManagedAuthenticator`
2018-12-07 09:04:21 -05:00
end
it "works with profile" do
FIX: Use database to persist metadata during social registration (#6750) Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 10:10:06 -05:00
association.info["location"] = "DiscourseVille"
association.info["description"] = "Online forum expert"
association.save!
authenticator.after_create_account(user, extra_data: create_hash)
DEV: Add profile fetching support to `ManagedAuthenticator`
2018-12-07 09:04:21 -05:00
expect(user.user_profile.bio_raw).to eq("Online forum expert")
expect(user.user_profile.location).to eq("DiscourseVille")
end
end
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
end
describe 'description_for_user' do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-06 23:12:20 -04:00
fab!(:user) { Fabricate(:user) }
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
it 'returns empty string if no entry for user' do
expect(authenticator.description_for_user(user)).to eq("")
end
it 'returns correct information' do
association = UserAssociatedAccount.create!(user: user, provider_name: 'myauth', provider_uid: "1234", info: { nickname: "somenickname", email: "test@domain.tld", name: "bestname" })
expect(authenticator.description_for_user(user)).to eq('test@domain.tld')
association.update(info: { nickname: "somenickname", name: "bestname" })
expect(authenticator.description_for_user(user)).to eq('somenickname')
association.update(info: { nickname: "bestname" })
expect(authenticator.description_for_user(user)).to eq('bestname')
FIX: Display generic descriptor for associated account with no info
2019-06-03 07:14:02 -04:00
association.update(info: {})
expect(authenticator.description_for_user(user)).to eq(I18n.t("associated_accounts.connected"))
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
end
end
describe 'revoke' do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-06 23:12:20 -04:00
fab!(:user) { Fabricate(:user) }
DEV: Introduce Auth::ManagedAuthenticator A generic implementation of Auth::Authenticator which stores data in the new UserAssociatedAccount model. This should help significantly reduce the duplicated logic across different auth providers.
2018-11-28 10:44:16 -05:00
it 'raises exception if no entry for user' do
expect { authenticator.revoke(user) }.to raise_error(Discourse::NotFound)
end
context "with valid record" do
before do
UserAssociatedAccount.create!(user: user, provider_name: 'myauth', provider_uid: "1234", info: { name: "somename" })
end
it 'revokes correctly' do
expect(authenticator.description_for_user(user)).to eq("somename")
expect(authenticator.can_revoke?).to eq(true)
expect(authenticator.revoke(user)).to eq(true)
expect(authenticator.description_for_user(user)).to eq("")
end
end
end
end