Skip to content
Snippets Groups Projects
Unverified Commit 6812408a authored by David Taylor's avatar David Taylor Committed by GitHub
Browse files

DEV: Introduce syntax_tree for ruby formatting (#76)

parent 128f4e75
No related branches found
No related tags found
No related merge requests found
Showing
with 418 additions and 442 deletions
......@@ -55,3 +55,12 @@ jobs:
- name: Rubocop
if: ${{ !cancelled() }}
run: bundle exec rubocop .
- name: Syntax Tree
if: ${{ !cancelled() }}
run: |
if test -f .streerc; then
bundle exec stree check Gemfile $(git ls-files '*.rb') $(git ls-files '*.rake')
else
echo "Stree config not detected for this repository. Skipping."
fi
......@@ -80,7 +80,7 @@ jobs:
- name: Get yarn cache directory
id: yarn-cache-dir
run: echo "::set-output name=dir::$(yarn cache dir)"
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
- name: Yarn cache
uses: actions/cache@v3
......@@ -130,7 +130,7 @@ jobs:
shell: bash
run: |
if [ 0 -lt $(find plugins/${{ github.event.repository.name }}/spec -type f -name "*.rb" 2> /dev/null | wc -l) ]; then
echo "::set-output name=files_exist::true"
echo "files_exist=true" >> $GITHUB_OUTPUT
fi
- name: Plugin RSpec
......@@ -142,7 +142,7 @@ jobs:
shell: bash
run: |
if [ 0 -lt $(find plugins/${{ github.event.repository.name }}/test/javascripts -type f \( -name "*.js" -or -name "*.es6" \) 2> /dev/null | wc -l) ]; then
echo "::set-output name=files_exist::true"
echo "files_exist=true" >> $GITHUB_OUTPUT
fi
- name: Plugin QUnit
......
inherit_gem:
rubocop-discourse: default.yml
rubocop-discourse: stree-compat.yml
--print-width=100
--plugins=plugin/trailing_comma
# frozen_string_literal: true
source 'https://rubygems.org'
source "https://rubygems.org"
group :development do
gem 'rubocop-discourse'
gem "rubocop-discourse"
gem "syntax_tree"
end
......@@ -6,6 +6,7 @@ GEM
parallel (1.22.1)
parser (3.1.2.1)
ast (~> 2.4.1)
prettier_print (1.2.0)
rainbow (3.1.1)
regexp_parser (2.6.0)
rexml (3.2.5)
......@@ -27,6 +28,8 @@ GEM
rubocop-rspec (2.13.2)
rubocop (~> 1.33)
ruby-progressbar (1.11.0)
syntax_tree (5.1.0)
prettier_print (>= 1.2.0)
unicode-display_width (2.3.0)
PLATFORMS
......@@ -39,6 +42,7 @@ PLATFORMS
DEPENDENCIES
rubocop-discourse
syntax_tree
BUNDLED WITH
2.3.10
......@@ -10,10 +10,7 @@ class ::DiscourseSaml::SamlOmniauthStrategy < OmniAuth::Strategies::SAML
authn_request = OneLogin::RubySaml::Authrequest.new
params = authn_request.create_params(settings, additional_params_for_authn_request)
destination = settings.idp_sso_service_url
render_auto_submitted_form(
destination: destination,
params: params
)
render_auto_submitted_form(destination: destination, params: params)
end
else
super
......@@ -21,7 +18,8 @@ class ::DiscourseSaml::SamlOmniauthStrategy < OmniAuth::Strategies::SAML
end
def callback_phase
if request.request_method.downcase.to_sym == :post && !request.params["SameSite"] && request.params["SAMLResponse"]
if request.request_method.downcase.to_sym == :post && !request.params["SameSite"] &&
request.params["SAMLResponse"]
env[Rack::RACK_SESSION_OPTIONS][:skip] = true # Do not set any session cookies. They'll override our SameSite ones
# Make browser re-issue the request in a same-site context so we get cookies
......@@ -30,8 +28,8 @@ class ::DiscourseSaml::SamlOmniauthStrategy < OmniAuth::Strategies::SAML
destination: callback_url,
params: {
"SAMLResponse" => request.params["SAMLResponse"],
"SameSite" => "1"
}
"SameSite" => "1",
},
)
else
super
......@@ -41,13 +39,15 @@ class ::DiscourseSaml::SamlOmniauthStrategy < OmniAuth::Strategies::SAML
private
def render_auto_submitted_form(destination:, params:)
submit_script_url = UrlHelper.absolute("#{Discourse.base_path}/plugins/discourse-saml/javascripts/submit-form-on-load.js", GlobalSetting.cdn_url)
submit_script_url =
UrlHelper.absolute(
"#{Discourse.base_path}/plugins/discourse-saml/javascripts/submit-form-on-load.js",
GlobalSetting.cdn_url,
)
inputs = params.map do |key, value|
<<~HTML
inputs = params.map { |key, value| <<~HTML }.join("\n")
<input type="hidden" name="#{CGI.escapeHTML(key)}" value="#{CGI.escapeHTML(value)}"/>
HTML
end.join("\n")
html = <<~HTML
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
......@@ -73,7 +73,7 @@ class ::DiscourseSaml::SamlOmniauthStrategy < OmniAuth::Strategies::SAML
</html>
HTML
r = Rack::Response.new(html, 200, { 'content-type' => 'text/html' })
r = Rack::Response.new(html, 200, { "content-type" => "text/html" })
r.finish
end
end
......@@ -23,24 +23,28 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
attrs = "#{attrs}|#{custom_attrs}" if custom_attrs.present?
attrs.split("|").uniq.map do |name|
{ name: name, name_format: attribute_name_format, friendly_name: name }
end
attrs
.split("|")
.uniq
.map { |name| { name: name, name_format: attribute_name_format, friendly_name: name } }
end
def attribute_statements
result = {}
statements = "name:fullName,name|email:email,mail|first_name:first_name,firstname,firstName|last_name:last_name,lastname,lastName|nickname:screenName"
statements =
"name:fullName,name|email:email,mail|first_name:first_name,firstname,firstName|last_name:last_name,lastname,lastName|nickname:screenName"
custom_statements = setting(:attribute_statements)
statements = "#{statements}|#{custom_statements}" if custom_statements.present?
statements.split("|").map do |statement|
attrs = statement.split(":", 2)
next if attrs.count != 2
(result[attrs[0]] ||= []) << attrs[1].split(",")
result[attrs[0]].flatten!
end
statements
.split("|")
.map do |statement|
attrs = statement.split(":", 2)
next if attrs.count != 2
(result[attrs[0]] ||= []) << attrs[1].split(",")
result[attrs[0]].flatten!
end
result
end
......@@ -48,9 +52,7 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
def register_middleware(omniauth)
omniauth.provider ::DiscourseSaml::SamlOmniauthStrategy,
name: name,
setup: lambda { |env|
setup_strategy(env["omniauth.strategy"])
}
setup: lambda { |env| setup_strategy(env["omniauth.strategy"]) }
end
def setup_strategy(strategy)
......@@ -68,7 +70,7 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
assertion_consumer_service_url: SamlAuthenticator.saml_base_url + "/auth/#{name}/callback",
single_logout_service_url: SamlAuthenticator.saml_base_url + "/auth/#{name}/slo",
name_identifier_format: setting(:name_identifier_format).presence,
request_method: (setting(:request_method)&.downcase == 'post') ? "POST" : "GET",
request_method: (setting(:request_method)&.downcase == "post") ? "POST" : "GET",
certificate: setting(:sp_certificate).presence,
private_key: setting(:sp_private_key).presence,
security: {
......@@ -76,15 +78,16 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
want_assertions_signed: !!setting(:want_assertions_signed),
logout_requests_signed: !!setting(:logout_requests_signed),
logout_responses_signed: !!setting(:logout_responses_signed),
signature_method: XMLSecurity::Document::RSA_SHA1
signature_method: XMLSecurity::Document::RSA_SHA1,
},
idp_slo_session_destroy: proc do |env, session|
user = CurrentUser.lookup_from_env(env)
if user
user.user_auth_tokens.destroy_all
user.logged_out
end
end
idp_slo_session_destroy:
proc do |env, session|
user = CurrentUser.lookup_from_env(env)
if user
user.user_auth_tokens.destroy_all
user.logged_out
end
end,
)
end
......@@ -94,12 +97,8 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
group_attribute = setting(:groups_attribute)
if setting(:validate_email_fields).present? && attributes.multi(group_attribute).present?
validate_email_fields = setting(:validate_email_fields).split("|").map(&:downcase)
member_of = attributes.multi(group_attribute).map { |g| g.downcase.split(',') }.flatten
if (validate_email_fields & member_of).present?
true
else
false
end
member_of = attributes.multi(group_attribute).map { |g| g.downcase.split(",") }.flatten
(validate_email_fields & member_of).present? ? true : false
else
setting(:default_emails_valid)
end
......@@ -111,14 +110,12 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
extra_data = auth.extra || {}
attributes = extra_data[:raw_info] || OneLogin::RubySaml::Attributes.new
auth[:uid] = attributes.single('uid') || auth[:uid] if setting(:use_attributes_uid)
auth[:uid] = attributes.single("uid") || auth[:uid] if setting(:use_attributes_uid)
uid = auth[:uid]
auth.info[:email] ||= uid if uid.to_s&.include?("@")
if uid && setting(:use_attributes_uid)
auth.info[:nickname] = uid.to_s
end
auth.info[:nickname] = uid.to_s if uid && setting(:use_attributes_uid)
auth.extra = { "raw_info" => attributes.attributes }
result = super
......@@ -130,21 +127,16 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
end
if setting(:debug_auth)
data = {
uid: uid,
info: info,
attributes: attributes
}
data = { uid: uid, info: info, attributes: attributes }
log("#{name}_auth: #{data.inspect}")
end
if setting(:skip_email_validation)
result.skip_email_validation = true
end
result.skip_email_validation = true if setting(:skip_email_validation)
if result.user.blank?
result.username = '' if setting(:clear_username)
result.user = auto_create_account(result, uid) if setting(:auto_create_account) && result.email_valid
result.username = "" if setting(:clear_username)
result.user = auto_create_account(result, uid) if setting(:auto_create_account) &&
result.email_valid
else
user = result.user
sync_groups(user, attributes, info)
......@@ -168,10 +160,11 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
def after_create_account(user, auth)
super
uaa = UserAssociatedAccount.find_by(
provider_name: auth.extra_data[:provider],
provider_uid: auth.extra_data[:uid]
)
uaa =
UserAssociatedAccount.find_by(
provider_name: auth.extra_data[:provider],
provider_uid: auth.extra_data[:uid],
)
info = OmniAuth::AuthHash::InfoHash.new(uaa.info)
attributes = OneLogin::RubySaml::Attributes.new(uaa.extra&.[]("raw_info") || {})
......@@ -194,7 +187,7 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
primary_email: UserEmail.new(email: try_email, primary: true),
name: resolve_name(result.name, result.username, result.email),
username: resolve_username(result.username, result.name, result.email, uid),
active: true
active: true,
}
user = User.create!(user_params)
......@@ -213,28 +206,27 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
groups_fullsync = setting(:groups_fullsync)
raw_group_list = attributes.multi(setting(:groups_attribute)) || []
user_group_list = raw_group_list.map { |g| g.downcase.split(',') }.flatten
user_group_list = raw_group_list.map { |g| g.downcase.split(",") }.flatten
if setting(:groups_ldap_leafcn).present?
# Change cn=groupname,cn=groups,dc=example,dc=com to groupname
user_group_list = user_group_list.map { |group| group.split('=', 2).last }
user_group_list = user_group_list.map { |group| group.split("=", 2).last }
end
if groups_fullsync
user_has_groups = user.groups.where(automatic: false).pluck(:name).map(&:downcase)
groups_to_add = user_group_list - user_has_groups
if user_has_groups.present?
groups_to_remove = user_has_groups - user_group_list
end
groups_to_remove = user_has_groups - user_group_list if user_has_groups.present?
else
total_group_list = setting(:sync_groups_list).split('|').map(&:downcase)
total_group_list = setting(:sync_groups_list).split("|").map(&:downcase)
groups_to_add = info['groups_to_add'] || attributes.multi('groups_to_add')&.join(',') || ''
groups_to_add = groups_to_add.downcase.split(',')
groups_to_add = info["groups_to_add"] || attributes.multi("groups_to_add")&.join(",") || ""
groups_to_add = groups_to_add.downcase.split(",")
groups_to_add += user_group_list
groups_to_remove = info['groups_to_remove'] || attributes.multi('groups_to_remove')&.join(',') || ''
groups_to_remove = groups_to_remove.downcase.split(',')
groups_to_remove =
info["groups_to_remove"] || attributes.multi("groups_to_remove")&.join(",") || ""
groups_to_remove = groups_to_remove.downcase.split(",")
if total_group_list.present?
groups_to_add = total_group_list & groups_to_add
......@@ -247,13 +239,13 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
return if user_group_list.blank? && groups_to_add.blank? && groups_to_remove.blank?
Group.where('LOWER(name) IN (?) AND NOT automatic', groups_to_add).each do |group|
group.add user
end
Group
.where("LOWER(name) IN (?) AND NOT automatic", groups_to_add)
.each { |group| group.add user }
Group.where('LOWER(name) IN (?) AND NOT automatic', groups_to_remove).each do |group|
group.remove user
end
Group
.where("LOWER(name) IN (?) AND NOT automatic", groups_to_remove)
.each { |group| group.remove user }
end
def sync_custom_fields(user, attributes, info)
......@@ -272,20 +264,22 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
def sync_user_fields(user, attributes, info)
statements = setting(:user_field_statements) || ""
statements.split("|").each do |statement|
key, field_id = statement.split(":")
next if key.blank? || field_id.blank?
statements
.split("|")
.each do |statement|
key, field_id = statement.split(":")
next if key.blank? || field_id.blank?
val = info[key] || attributes.multi(key)&.join(",")
user.custom_fields["user_field_#{field_id}"] = val if val.present?
end
val = info[key] || attributes.multi(key)&.join(",")
user.custom_fields["user_field_#{field_id}"] = val if val.present?
end
end
def sync_moderator(user, attributes)
return unless setting(:sync_moderator)
is_moderator_attribute = setting(:moderator_attribute) || 'isModerator'
is_moderator = ['1', 'true'].include?(attributes.single(is_moderator_attribute).to_s.downcase)
is_moderator_attribute = setting(:moderator_attribute) || "isModerator"
is_moderator = %w[1 true].include?(attributes.single(is_moderator_attribute).to_s.downcase)
return if user.moderator == is_moderator
......@@ -296,8 +290,8 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
def sync_admin(user, attributes)
return unless setting(:sync_admin)
is_admin_attribute = setting(:admin_attribute) || 'isAdmin'
is_admin = ['1', 'true'].include?(attributes.single(is_admin_attribute).to_s.downcase)
is_admin_attribute = setting(:admin_attribute) || "isAdmin"
is_admin = %w[1 true].include?(attributes.single(is_admin_attribute).to_s.downcase)
return if user.admin == is_admin
......@@ -308,7 +302,7 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
def sync_trust_level(user, attributes)
return unless setting(:sync_trust_level)
trust_level_attribute = setting(:trust_level_attribute) || 'trustLevel'
trust_level_attribute = setting(:trust_level_attribute) || "trustLevel"
level = attributes.single(trust_level_attribute).to_i
return unless level.between?(1, 4)
......@@ -326,7 +320,7 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
def sync_locale(user, attributes)
return unless setting(:sync_locale)
locale_attribute = setting(:locale_attribute) || 'locale'
locale_attribute = setting(:locale_attribute) || "locale"
locale = attributes.single(locale_attribute)
return unless LocaleSiteSetting.valid_value?(locale)
......@@ -360,13 +354,10 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
def idp_cert_multi
return unless setting(:cert_multi).present?
certificates = setting(:cert_multi).split('|')
certificates = setting(:cert_multi).split("|")
certificates.push(setting(:cert)) if setting(:cert).present?
{
signing: certificates,
encryption: []
}
{ signing: certificates, encryption: [] }
end
def resolve_name(name, username, email)
......
......@@ -7,15 +7,13 @@
# url: https://github.com/discourse/discourse-saml
# transpile_js: true
gem 'macaddr', '1.0.0'
gem 'uuid', '2.3.7'
gem 'rexml', '3.2.5'
gem 'ruby-saml', '1.13.0'
gem "omniauth-saml", '1.9.0'
if !GlobalSetting.try("saml_target_url")
enabled_site_setting :saml_enabled
end
gem "macaddr", "1.0.0"
gem "uuid", "2.3.7"
gem "rexml", "3.2.5"
gem "ruby-saml", "1.13.0"
gem "omniauth-saml", "1.9.0"
enabled_site_setting :saml_enabled if !GlobalSetting.try("saml_target_url")
on(:before_session_destroy) do |data|
next if !DiscourseSaml.setting(:slo_target_url).present?
......@@ -42,9 +40,10 @@ module ::DiscourseSaml
return if !DiscourseSaml.setting(:forced_domains).present?
return if email.blank?
DiscourseSaml.setting(:forced_domains).split(/[,|]/).each do |domain|
return true if email.end_with?("@#{domain}")
end
DiscourseSaml
.setting(:forced_domains)
.split(/[,|]/)
.each { |domain| return true if email.end_with?("@#{domain}") }
false
end
......@@ -79,7 +78,8 @@ after_initialize do
::SessionController.prepend(::DiscourseSaml::SessionControllerExtensions)
# "SAML Forced Domains" - Prevent login via other omniauth strategies
class ::DiscourseSaml::ForcedSamlError < StandardError; end
class ::DiscourseSaml::ForcedSamlError < StandardError
end
on(:after_auth) do |authenticator, result|
next if authenticator.name == "saml"
if [result.user&.email, result.email].any? { |e| ::DiscourseSaml.is_saml_forced_domain?(e) }
......@@ -88,7 +88,7 @@ after_initialize do
end
Users::OmniauthCallbacksController.rescue_from(::DiscourseSaml::ForcedSamlError) do
flash[:error] = I18n.t("login.use_saml_auth")
render('failure')
render("failure")
end
end
......@@ -100,6 +100,4 @@ require_relative "lib/saml_authenticator"
name = GlobalSetting.try(:saml_title)
button_title = GlobalSetting.try(:saml_button_title) || GlobalSetting.try(:saml_title)
auth_provider title: button_title,
pretty_name: name,
authenticator: SamlAuthenticator.new
auth_provider title: button_title, pretty_name: name, authenticator: SamlAuthenticator.new
# frozen_string_literal: true
require 'rails_helper'
require "rails_helper"
describe "SAML cross-site with same-site cookie", type: :request do
before do
......@@ -16,7 +16,7 @@ describe "SAML cross-site with same-site cookie", type: :request do
with: {
"action" => "http://test.localhost/auth/saml/callback",
"method" => "post",
}
},
)
expect(response.body).to have_tag(
......@@ -25,7 +25,7 @@ describe "SAML cross-site with same-site cookie", type: :request do
"name" => "SAMLResponse",
"value" => "somesamldata",
"type" => "hidden",
}
},
)
expect(response.body).to have_tag(
......@@ -34,7 +34,7 @@ describe "SAML cross-site with same-site cookie", type: :request do
"name" => "SameSite",
"value" => "1",
"type" => "hidden",
}
},
)
expect(response.body).to have_tag("script")
......
# frozen_string_literal: true
require 'rails_helper'
require "rails_helper"
describe "SAML Forced Domains" do
let(:password) { "abcdefghijklmnop" }
let(:saml_user) do
Fabricate(
:user,
email: "user@samlonly.example.com",
password: password
).tap { |u| u.activate }
Fabricate(:user, email: "user@samlonly.example.com", password: password).tap { |u| u.activate }
end
let(:other_user) do
Fabricate(
:user,
email: "user@example.com",
password: password
).tap { |u| u.activate }
Fabricate(:user, email: "user@example.com", password: password).tap { |u| u.activate }
end
before do
......@@ -27,27 +19,21 @@ describe "SAML Forced Domains" do
describe "username/password login" do
it "works as normal when feature disabled" do
post "/session.json", params: {
login: saml_user.username, password: password
}
post "/session.json", params: { login: saml_user.username, password: password }
expect(response.status).to eq(200)
expect(session[:current_user_id]).to eq(saml_user.id)
end
it "blocks logins for blocked domains" do
SiteSetting.saml_forced_domains = "samlonly.example.com"
post "/session.json", params: {
login: saml_user.username, password: password
}
post "/session.json", params: { login: saml_user.username, password: password }
expect(response.status).to eq(200)
expect(response.parsed_body["error"]).to eq(I18n.t("login.use_saml_auth"))
expect(session[:current_user_id]).to eq(nil)
end
it "allows logins for other domains" do
post "/session.json", params: {
login: other_user.username, password: password
}
post "/session.json", params: { login: other_user.username, password: password }
expect(response.status).to eq(200)
expect(session[:current_user_id]).to eq(other_user.id)
end
......@@ -57,9 +43,13 @@ describe "SAML Forced Domains" do
it "works as normal when feature disabled" do
post "/u/email-login.json", params: { login: saml_user.email }
expect(response.status).to eq(200)
expect_job_enqueued(job: :critical_user_email, args: {
user_id: saml_user.id, type: 'email_login'
})
expect_job_enqueued(
job: :critical_user_email,
args: {
user_id: saml_user.id,
type: "email_login",
},
)
end
it "blocks login for blocked domains" do
......@@ -73,21 +63,27 @@ describe "SAML Forced Domains" do
SiteSetting.saml_forced_domains = "samlonly.example.com"
post "/u/email-login.json", params: { login: other_user.email }
expect(response.status).to eq(200)
expect_job_enqueued(job: :critical_user_email, args: {
user_id: other_user.id, type: 'email_login'
})
expect_job_enqueued(
job: :critical_user_email,
args: {
user_id: other_user.id,
type: "email_login",
},
)
end
end
describe "external login" do
let(:mock_auth) do
OmniAuth::AuthHash.new(
provider: 'google_oauth2',
uid: '123545',
info: OmniAuth::AuthHash::InfoHash.new(
email: saml_user.email,
),
extra: { raw_info: { email_verified: true } }
provider: "google_oauth2",
uid: "123545",
info: OmniAuth::AuthHash::InfoHash.new(email: saml_user.email),
extra: {
raw_info: {
email_verified: true,
},
},
)
end
......
# frozen_string_literal: true
require 'rails_helper'
require "rails_helper"
describe "SAML POST-mode functionality", type: :request do
before do
......@@ -26,7 +26,7 @@ describe "SAML POST-mode functionality", type: :request do
with: {
"action" => "https://example.com/samlidp",
"method" => "post",
}
},
)
expect(response.body).to have_tag(
......@@ -34,14 +34,15 @@ describe "SAML POST-mode functionality", type: :request do
with: {
"name" => "SAMLRequest",
"type" => "hidden",
}
},
)
html = Nokogiri::HTML5(response.body)
html = Nokogiri.HTML5(response.body)
script_url = html.at("script").attribute("src").value
csp = response.headers["content-security-policy"]
script_src = csp.split(";").find { |directive| directive.strip.start_with?("script-src") }.split(" ")
script_src =
csp.split(";").find { |directive| directive.strip.start_with?("script-src") }.split(" ")
included_in_csp = script_src.any? { |allowed_src| script_url.start_with?(allowed_src) }
expect(included_in_csp).to eq(true)
......@@ -58,7 +59,7 @@ describe "SAML POST-mode functionality", type: :request do
with: {
"action" => "https://example.com/samlidp",
"method" => "post",
}
},
)
expect(response.body).to have_tag(
......@@ -66,14 +67,15 @@ describe "SAML POST-mode functionality", type: :request do
with: {
"name" => "SAMLRequest",
"type" => "hidden",
}
},
)
html = Nokogiri::HTML5(response.body)
html = Nokogiri.HTML5(response.body)
script_url = html.at("script").attribute("src").value
csp = response.headers["content-security-policy"]
script_src = csp.split(";").find { |directive| directive.strip.start_with?("script-src") }.split(" ")
script_src =
csp.split(";").find { |directive| directive.strip.start_with?("script-src") }.split(" ")
included_in_csp = script_src.any? { |allowed_src| script_url.start_with?(allowed_src) }
expect(included_in_csp).to eq(true)
......
# frozen_string_literal: true
require 'rails_helper'
require "rails_helper"
describe "SAML Single Log Out" do
let(:user) { Fabricate(:user) }
......
......@@ -8,12 +8,9 @@ describe "SAML staged user handling", type: :request do
SiteSetting.saml_enabled = true
OmniAuth.config.test_mode = true
OmniAuth.config.mock_auth[:saml] = OmniAuth::AuthHash.new(
provider: 'saml',
uid: '123545',
info: OmniAuth::AuthHash::InfoHash.new(
nickname: staged.username,
email: staged.email,
),
provider: "saml",
uid: "123545",
info: OmniAuth::AuthHash::InfoHash.new(nickname: staged.username, email: staged.email),
)
UsersController.any_instance.stubs(:honeypot_value).returns(nil)
......@@ -25,17 +22,10 @@ describe "SAML staged user handling", type: :request do
expect(response.status).to eq(302)
expect(response.location).to eq("http://test.localhost/")
expect(session[:authentication]).to include(
username: staged.username,
email: staged.email
)
expect(session[:authentication]).to include(username: staged.username, email: staged.email)
expect(JSON.parse(cookies[:authentication_data])["username"]).to eq(staged.username)
post "/u.json", params: {
name: staged.name,
username: staged.username,
email: staged.email
}
post "/u.json", params: { name: staged.name, username: staged.username, email: staged.email }
expect(response.status).to eq(200)
expect(UserAssociatedAccount.where(user: staged).count).to eq(1)
......
......@@ -8,19 +8,18 @@ describe "SAML Overrides Email", type: :request do
fab!(:new_email) { "new@example.com" }
fab!(:new_username) { "newusername" }
fab!(:user) { Fabricate(:user, email: initial_email, username: initial_username) }
fab!(:uac) { UserAssociatedAccount.create!(user: user, provider_name: "saml", provider_uid: "12345") }
fab!(:uac) do
UserAssociatedAccount.create!(user: user, provider_name: "saml", provider_uid: "12345")
end
before do
SiteSetting.saml_enabled = true
OmniAuth.config.test_mode = true
OmniAuth.config.mock_auth[:saml] = OmniAuth::AuthHash.new(
provider: 'saml',
uid: '12345',
info: OmniAuth::AuthHash::InfoHash.new(
email: new_email,
nickname: new_username,
),
provider: "saml",
uid: "12345",
info: OmniAuth::AuthHash::InfoHash.new(email: new_email, nickname: new_username),
)
end
......@@ -34,7 +33,7 @@ describe "SAML Overrides Email", type: :request do
expect(user.username).to eq(initial_username)
end
it 'updates user email if enabled' do
it "updates user email if enabled" do
SiteSetting.saml_sync_email = true
get "/auth/saml/callback"
......@@ -45,7 +44,7 @@ describe "SAML Overrides Email", type: :request do
expect(user.username).to eq(initial_username)
end
it 'updates username if enabled' do
it "updates username if enabled" do
SiteSetting.saml_omit_username = true
get "/auth/saml/callback"
......
This diff is collapsed.
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment