2019-04-30 08:27:42 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2015-10-11 17:41:23 +08:00
|
|
|
require "rails_helper"
|
2014-02-25 11:30:49 +08:00
|
|
|
|
|
|
|
describe DiscourseSingleSignOn do
|
|
|
|
before do
|
2018-06-19 22:25:10 +08:00
|
|
|
@sso_url = "http://example.com/discourse_sso"
|
2014-02-25 11:30:49 +08:00
|
|
|
@sso_secret = "shjkfdhsfkjh"
|
|
|
|
|
2014-11-26 14:25:54 +08:00
|
|
|
SiteSetting.sso_url = @sso_url
|
2017-12-23 16:46:48 +08:00
|
|
|
SiteSetting.enable_sso = true
|
2014-11-26 14:25:54 +08:00
|
|
|
SiteSetting.sso_secret = @sso_secret
|
2019-03-14 22:47:38 +08:00
|
|
|
Jobs.run_immediately!
|
2014-02-25 11:30:49 +08:00
|
|
|
end
|
|
|
|
|
2014-03-20 05:14:09 +08:00
|
|
|
def make_sso
|
2014-02-25 11:30:49 +08:00
|
|
|
sso = SingleSignOn.new
|
|
|
|
sso.sso_url = "http://meta.discorse.org/topics/111"
|
|
|
|
sso.sso_secret = "supersecret"
|
|
|
|
sso.nonce = "testing"
|
|
|
|
sso.email = "some@email.com"
|
|
|
|
sso.username = "sam"
|
|
|
|
sso.name = "sam saffron"
|
|
|
|
sso.external_id = "100"
|
2016-08-29 09:28:19 +08:00
|
|
|
sso.avatar_url = "https://cdn.discourse.org/user_avatar.png"
|
|
|
|
sso.avatar_force_update = false
|
|
|
|
sso.bio = "about"
|
|
|
|
sso.admin = false
|
|
|
|
sso.moderator = false
|
|
|
|
sso.suppress_welcome_message = false
|
2015-05-21 21:41:36 +08:00
|
|
|
sso.require_activation = false
|
2017-02-01 08:42:27 +08:00
|
|
|
sso.title = "user title"
|
2014-04-22 11:52:13 +08:00
|
|
|
sso.custom_fields["a"] = "Aa"
|
|
|
|
sso.custom_fields["b.b"] = "B.b"
|
2018-06-20 08:30:23 +08:00
|
|
|
sso.website = "https://www.discourse.org/"
|
2014-03-20 05:14:09 +08:00
|
|
|
sso
|
|
|
|
end
|
2014-02-25 11:30:49 +08:00
|
|
|
|
2014-03-20 05:14:09 +08:00
|
|
|
def test_parsed(parsed, sso)
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(parsed.nonce).to eq sso.nonce
|
|
|
|
expect(parsed.email).to eq sso.email
|
|
|
|
expect(parsed.username).to eq sso.username
|
|
|
|
expect(parsed.name).to eq sso.name
|
|
|
|
expect(parsed.external_id).to eq sso.external_id
|
2016-08-29 09:28:19 +08:00
|
|
|
expect(parsed.avatar_url).to eq sso.avatar_url
|
|
|
|
expect(parsed.avatar_force_update).to eq sso.avatar_force_update
|
|
|
|
expect(parsed.bio).to eq sso.bio
|
|
|
|
expect(parsed.admin).to eq sso.admin
|
|
|
|
expect(parsed.moderator).to eq sso.moderator
|
|
|
|
expect(parsed.suppress_welcome_message).to eq sso.suppress_welcome_message
|
2015-05-21 21:41:36 +08:00
|
|
|
expect(parsed.require_activation).to eq false
|
2017-02-01 08:42:27 +08:00
|
|
|
expect(parsed.title).to eq sso.title
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(parsed.custom_fields["a"]).to eq "Aa"
|
|
|
|
expect(parsed.custom_fields["b.b"]).to eq "B.b"
|
2018-06-20 08:30:23 +08:00
|
|
|
expect(parsed.website).to eq sso.website
|
2014-03-20 05:14:09 +08:00
|
|
|
end
|
|
|
|
|
2014-12-29 10:30:54 +08:00
|
|
|
it "can do round trip parsing correctly" do
|
|
|
|
sso = SingleSignOn.new
|
|
|
|
sso.sso_secret = "test"
|
|
|
|
sso.name = "sam saffron"
|
|
|
|
sso.username = "sam"
|
|
|
|
sso.email = "sam@sam.com"
|
|
|
|
|
|
|
|
sso = SingleSignOn.parse(sso.payload, "test")
|
|
|
|
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(sso.name).to eq "sam saffron"
|
|
|
|
expect(sso.username).to eq "sam"
|
|
|
|
expect(sso.email).to eq "sam@sam.com"
|
2014-12-29 10:30:54 +08:00
|
|
|
end
|
|
|
|
|
2015-02-24 04:58:45 +08:00
|
|
|
let(:ip_address) { "127.0.0.1" }
|
|
|
|
|
2014-06-02 15:32:39 +08:00
|
|
|
it "can lookup or create user when name is blank" do
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "test"
|
|
|
|
sso.name = ""
|
|
|
|
sso.email = "test@test.com"
|
|
|
|
sso.external_id = "A"
|
2017-06-22 10:23:31 +08:00
|
|
|
sso.suppress_welcome_message = true
|
2015-02-24 04:58:45 +08:00
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
2017-06-22 10:23:31 +08:00
|
|
|
|
|
|
|
expect(user.persisted?).to eq(true)
|
2014-06-02 15:32:39 +08:00
|
|
|
end
|
2016-05-17 15:31:34 +08:00
|
|
|
|
2016-06-21 17:28:58 +08:00
|
|
|
it "unstaged users" do
|
2017-05-10 05:20:38 +08:00
|
|
|
SiteSetting.sso_overrides_name = true
|
|
|
|
|
2016-06-21 17:28:58 +08:00
|
|
|
email = "staged@user.com"
|
|
|
|
Fabricate(:user, staged: true, email: email)
|
|
|
|
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "staged"
|
2017-05-10 05:20:38 +08:00
|
|
|
sso.name = "Bob O'Bob"
|
2016-06-21 17:28:58 +08:00
|
|
|
sso.email = email
|
|
|
|
sso.external_id = "B"
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
|
2017-05-10 05:20:38 +08:00
|
|
|
user.reload
|
|
|
|
|
2016-06-21 17:28:58 +08:00
|
|
|
expect(user).to_not be_nil
|
|
|
|
expect(user.staged).to be(false)
|
2017-05-10 05:20:38 +08:00
|
|
|
|
|
|
|
expect(user.name).to eq("Bob O'Bob")
|
2016-06-21 17:28:58 +08:00
|
|
|
end
|
|
|
|
|
2019-04-11 00:53:30 +08:00
|
|
|
context "reviewables" do
|
|
|
|
let(:sso) do
|
|
|
|
DiscourseSingleSignOn.new.tap do |sso|
|
|
|
|
sso.username = "staged"
|
|
|
|
sso.name = "Bob O'Bob"
|
|
|
|
sso.email = "bob@obob.com"
|
|
|
|
sso.external_id = "B"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't create reviewables if we aren't approving users" do
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
reviewable = ReviewableUser.find_by(target: user)
|
|
|
|
expect(reviewable).to be_blank
|
|
|
|
end
|
|
|
|
|
|
|
|
it "creates reviewables if needed" do
|
|
|
|
SiteSetting.must_approve_users = true
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
reviewable = ReviewableUser.find_by(target: user)
|
|
|
|
expect(reviewable).to be_present
|
|
|
|
expect(reviewable).to be_pending
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-05-17 15:31:34 +08:00
|
|
|
it "can set admin and moderator" do
|
|
|
|
admin_group = Group[:admins]
|
|
|
|
mod_group = Group[:moderators]
|
|
|
|
staff_group = Group[:staff]
|
|
|
|
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "misteradmin"
|
|
|
|
sso.name = "Bob Admin"
|
|
|
|
sso.email = "admin@admin.com"
|
|
|
|
sso.external_id = "id"
|
|
|
|
sso.admin = true
|
|
|
|
sso.moderator = true
|
2017-06-22 10:23:31 +08:00
|
|
|
sso.suppress_welcome_message = true
|
2016-05-17 15:31:34 +08:00
|
|
|
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
staff_group.reload
|
|
|
|
|
|
|
|
expect(mod_group.users.where('users.id = ?', user.id).exists?).to eq(true)
|
|
|
|
expect(staff_group.users.where('users.id = ?', user.id).exists?).to eq(true)
|
|
|
|
expect(admin_group.users.where('users.id = ?', user.id).exists?).to eq(true)
|
|
|
|
end
|
2014-06-02 15:32:39 +08:00
|
|
|
|
2018-04-10 11:17:23 +08:00
|
|
|
it "can force a list of groups with the groups attribute" do
|
|
|
|
user = Fabricate(:user)
|
|
|
|
group1 = Fabricate(:group, name: 'group1')
|
|
|
|
group2 = Fabricate(:group, name: 'group2')
|
|
|
|
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "bobsky"
|
|
|
|
sso.name = "Bob"
|
|
|
|
sso.email = user.email
|
|
|
|
sso.external_id = "A"
|
|
|
|
|
|
|
|
sso.groups = "#{group2.name.capitalize},group4,badname,trust_level_4"
|
|
|
|
sso.lookup_or_create_user(ip_address)
|
|
|
|
|
|
|
|
SiteSetting.sso_overrides_groups = true
|
|
|
|
|
|
|
|
group1.reload
|
|
|
|
expect(group1.usernames).to eq("")
|
|
|
|
expect(group2.usernames).to eq("")
|
|
|
|
|
|
|
|
group1.add(user)
|
|
|
|
group1.save
|
|
|
|
|
|
|
|
sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(group1.usernames).to eq("")
|
|
|
|
expect(group2.usernames).to eq(user.username)
|
2018-04-10 13:30:18 +08:00
|
|
|
|
|
|
|
sso.groups = "badname,trust_level_4"
|
|
|
|
sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(group1.usernames).to eq("")
|
|
|
|
expect(group2.usernames).to eq("")
|
2018-04-10 11:17:23 +08:00
|
|
|
end
|
|
|
|
|
2016-11-11 13:57:31 +08:00
|
|
|
it "can specify groups" do
|
|
|
|
|
|
|
|
user = Fabricate(:user)
|
|
|
|
|
|
|
|
add_group1 = Fabricate(:group, name: 'group1')
|
|
|
|
add_group2 = Fabricate(:group, name: 'group2')
|
|
|
|
existing_group = Fabricate(:group, name: 'group3')
|
2017-08-12 06:09:22 +08:00
|
|
|
add_group4 = Fabricate(:group, name: 'GROUP4')
|
|
|
|
existing_group2 = Fabricate(:group, name: 'GRoup5')
|
2016-11-11 13:57:31 +08:00
|
|
|
|
2017-08-12 06:09:22 +08:00
|
|
|
[existing_group, existing_group2].each do |g|
|
|
|
|
g.add(user)
|
|
|
|
g.save!
|
|
|
|
end
|
2016-11-11 13:57:31 +08:00
|
|
|
|
|
|
|
add_group1.add(user)
|
|
|
|
existing_group.save!
|
|
|
|
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "bobsky"
|
|
|
|
sso.name = "Bob"
|
|
|
|
sso.email = user.email
|
|
|
|
sso.external_id = "A"
|
|
|
|
|
2017-08-12 06:09:22 +08:00
|
|
|
sso.add_groups = "#{add_group1.name},#{add_group2.name.capitalize},group4,badname"
|
|
|
|
sso.remove_groups = "#{existing_group.name},#{existing_group2.name.downcase},badname"
|
2016-11-11 13:57:31 +08:00
|
|
|
|
|
|
|
sso.lookup_or_create_user(ip_address)
|
|
|
|
|
|
|
|
existing_group.reload
|
|
|
|
expect(existing_group.usernames).to eq("")
|
|
|
|
|
2017-08-12 06:09:22 +08:00
|
|
|
existing_group2.reload
|
|
|
|
expect(existing_group2.usernames).to eq("")
|
|
|
|
|
2016-11-11 13:57:31 +08:00
|
|
|
add_group1.reload
|
|
|
|
expect(add_group1.usernames).to eq(user.username)
|
|
|
|
|
|
|
|
add_group2.reload
|
|
|
|
expect(add_group2.usernames).to eq(user.username)
|
2017-08-12 06:09:22 +08:00
|
|
|
|
|
|
|
add_group4.reload
|
|
|
|
expect(add_group4.usernames).to eq(user.username)
|
2016-11-11 13:57:31 +08:00
|
|
|
end
|
|
|
|
|
2018-03-10 05:06:55 +08:00
|
|
|
it 'can override username properly when only the case changes' do
|
|
|
|
SiteSetting.sso_overrides_username = true
|
|
|
|
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "testuser"
|
|
|
|
sso.name = "test user"
|
|
|
|
sso.email = "test@test.com"
|
|
|
|
sso.external_id = "100"
|
|
|
|
sso.bio = "This **is** the bio"
|
|
|
|
sso.suppress_welcome_message = true
|
|
|
|
|
|
|
|
# create the original user
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.username).to eq "testuser"
|
|
|
|
|
|
|
|
# change the username case
|
|
|
|
sso.username = "TestUser"
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.username).to eq "TestUser"
|
|
|
|
end
|
|
|
|
|
2018-03-14 06:39:39 +08:00
|
|
|
it 'behaves properly when sso_overrides_username is set but username is missing or blank' do
|
|
|
|
SiteSetting.sso_overrides_username = true
|
|
|
|
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "testuser"
|
|
|
|
sso.name = "test user"
|
|
|
|
sso.email = "test@test.com"
|
|
|
|
sso.external_id = "100"
|
|
|
|
sso.bio = "This **is** the bio"
|
|
|
|
sso.suppress_welcome_message = true
|
|
|
|
|
|
|
|
# create the original user
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.username).to eq "testuser"
|
|
|
|
|
|
|
|
# remove username from payload
|
|
|
|
sso.username = nil
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.username).to eq "testuser"
|
|
|
|
|
|
|
|
# set username in payload to blank
|
|
|
|
sso.username = ''
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.username).to eq "testuser"
|
|
|
|
end
|
|
|
|
|
2015-03-27 06:39:35 +08:00
|
|
|
it "can override name / email / username" do
|
|
|
|
admin = Fabricate(:admin)
|
|
|
|
|
2017-07-10 10:12:21 +08:00
|
|
|
SiteSetting.email_editable = false
|
2015-03-27 06:39:35 +08:00
|
|
|
SiteSetting.sso_overrides_name = true
|
|
|
|
SiteSetting.sso_overrides_email = true
|
|
|
|
SiteSetting.sso_overrides_username = true
|
|
|
|
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "bob%the$admin"
|
|
|
|
sso.name = "Bob Admin"
|
|
|
|
sso.email = admin.email
|
|
|
|
sso.external_id = "A"
|
|
|
|
|
|
|
|
sso.lookup_or_create_user(ip_address)
|
|
|
|
|
|
|
|
admin.reload
|
|
|
|
|
|
|
|
expect(admin.name).to eq "Bob Admin"
|
|
|
|
expect(admin.username).to eq "bob_the_admin"
|
|
|
|
expect(admin.email).to eq admin.email
|
|
|
|
|
|
|
|
sso.email = "TEST@bob.com"
|
|
|
|
|
2015-03-27 07:25:32 +08:00
|
|
|
sso.name = "Louis C.K."
|
|
|
|
|
2015-03-27 06:39:35 +08:00
|
|
|
sso.lookup_or_create_user(ip_address)
|
|
|
|
|
|
|
|
admin.reload
|
2015-03-27 07:04:16 +08:00
|
|
|
|
2015-03-27 06:39:35 +08:00
|
|
|
expect(admin.email).to eq("test@bob.com")
|
2015-03-27 07:04:16 +08:00
|
|
|
expect(admin.username).to eq "bob_the_admin"
|
2015-03-27 07:25:32 +08:00
|
|
|
expect(admin.name).to eq "Louis C.K."
|
2015-03-27 06:39:35 +08:00
|
|
|
end
|
|
|
|
|
2014-03-20 05:14:09 +08:00
|
|
|
it "can fill in data on way back" do
|
|
|
|
sso = make_sso
|
|
|
|
|
|
|
|
url, payload = sso.to_url.split("?")
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(url).to eq sso.sso_url
|
2014-03-20 05:14:09 +08:00
|
|
|
parsed = SingleSignOn.parse(payload, "supersecret")
|
|
|
|
|
|
|
|
test_parsed(parsed, sso)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "handles sso_url with query params" do
|
|
|
|
sso = make_sso
|
|
|
|
sso.sso_url = "http://tcdev7.wpengine.com/?action=showlogin"
|
|
|
|
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(sso.to_url.split('?').size).to eq 2
|
2014-03-20 05:14:09 +08:00
|
|
|
|
|
|
|
url, payload = sso.to_url.split("?")
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(url).to eq "http://tcdev7.wpengine.com/"
|
2014-03-20 05:14:09 +08:00
|
|
|
parsed = SingleSignOn.parse(payload, "supersecret")
|
2014-02-25 11:30:49 +08:00
|
|
|
|
2014-03-20 05:14:09 +08:00
|
|
|
test_parsed(parsed, sso)
|
2014-02-25 11:30:49 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "validates nonce" do
|
|
|
|
_ , payload = DiscourseSingleSignOn.generate_url.split("?")
|
|
|
|
|
|
|
|
sso = DiscourseSingleSignOn.parse(payload)
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(sso.nonce_valid?).to eq true
|
2014-02-25 11:30:49 +08:00
|
|
|
|
|
|
|
sso.expire_nonce!
|
|
|
|
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(sso.nonce_valid?).to eq false
|
2014-02-25 11:30:49 +08:00
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
it "generates a correct sso url" do
|
|
|
|
url, payload = DiscourseSingleSignOn.generate_url.split("?")
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(url).to eq @sso_url
|
2014-02-25 11:30:49 +08:00
|
|
|
|
|
|
|
sso = DiscourseSingleSignOn.parse(payload)
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(sso.nonce).to_not be_nil
|
2014-02-25 11:30:49 +08:00
|
|
|
end
|
2015-01-28 23:47:59 +08:00
|
|
|
|
2018-08-30 07:57:53 +08:00
|
|
|
context 'user locale' do
|
|
|
|
it 'sets default user locale if specified' do
|
|
|
|
SiteSetting.allow_user_locale = true
|
|
|
|
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "test"
|
|
|
|
sso.name = "test"
|
|
|
|
sso.email = "test@test.com"
|
|
|
|
sso.external_id = "123"
|
|
|
|
sso.locale = "es"
|
|
|
|
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
|
|
|
|
expect(user.locale).to eq("es")
|
|
|
|
|
|
|
|
user.update_column(:locale, "he")
|
|
|
|
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.locale).to eq("he")
|
|
|
|
|
|
|
|
sso.locale_force_update = true
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.locale).to eq("es")
|
|
|
|
|
|
|
|
sso.locale = "fake"
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.locale).to eq("es")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-05-16 01:00:34 +08:00
|
|
|
context 'trusting emails' do
|
2017-06-22 10:23:31 +08:00
|
|
|
let(:sso) do
|
2015-05-16 01:00:34 +08:00
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "test"
|
|
|
|
sso.name = "test"
|
|
|
|
sso.email = "test@example.com"
|
|
|
|
sso.external_id = "A"
|
2017-06-22 10:23:31 +08:00
|
|
|
sso.suppress_welcome_message = true
|
2015-05-16 01:00:34 +08:00
|
|
|
sso
|
2017-06-22 10:23:31 +08:00
|
|
|
end
|
2015-05-16 01:00:34 +08:00
|
|
|
|
|
|
|
it 'activates users by default' do
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.active).to eq(true)
|
|
|
|
end
|
|
|
|
|
2015-05-20 00:16:02 +08:00
|
|
|
it 'does not activate user when asked not to' do
|
|
|
|
sso.require_activation = true
|
2015-05-16 01:00:34 +08:00
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.active).to eq(false)
|
2018-09-11 06:24:02 +08:00
|
|
|
|
|
|
|
user.activate
|
|
|
|
|
|
|
|
sso.external_id = "B"
|
|
|
|
|
|
|
|
expect do
|
|
|
|
sso.lookup_or_create_user(ip_address)
|
|
|
|
end.to raise_error(ActiveRecord::RecordInvalid)
|
|
|
|
|
2015-05-16 01:00:34 +08:00
|
|
|
end
|
|
|
|
|
2017-11-08 22:55:15 +08:00
|
|
|
it 'does not deactivate user if email provided is capitalized' do
|
|
|
|
SiteSetting.email_editable = false
|
|
|
|
SiteSetting.sso_overrides_email = true
|
|
|
|
sso.require_activation = true
|
|
|
|
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.active).to eq(false)
|
|
|
|
|
|
|
|
user.update_columns(active: true)
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.active).to eq(true)
|
|
|
|
|
|
|
|
sso.email = "Test@example.com"
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.active).to eq(true)
|
|
|
|
end
|
|
|
|
|
2017-05-17 04:18:18 +08:00
|
|
|
it 'deactivates accounts that have updated email address' do
|
|
|
|
|
2017-07-10 10:12:21 +08:00
|
|
|
SiteSetting.email_editable = false
|
2017-05-17 04:18:18 +08:00
|
|
|
SiteSetting.sso_overrides_email = true
|
|
|
|
sso.require_activation = true
|
|
|
|
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.active).to eq(false)
|
|
|
|
|
|
|
|
old_email = user.email
|
|
|
|
|
|
|
|
user.update_columns(active: true)
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.active).to eq(true)
|
|
|
|
|
2017-04-27 02:47:36 +08:00
|
|
|
user.primary_email.update_columns(email: 'xXx@themovie.com')
|
2017-05-17 04:18:18 +08:00
|
|
|
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.email).to eq(old_email)
|
|
|
|
expect(user.active).to eq(false)
|
|
|
|
|
|
|
|
end
|
|
|
|
|
2015-05-16 01:00:34 +08:00
|
|
|
end
|
|
|
|
|
2015-03-21 01:03:24 +08:00
|
|
|
context 'welcome emails' do
|
|
|
|
let(:sso) {
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "test"
|
|
|
|
sso.name = "test"
|
|
|
|
sso.email = "test@example.com"
|
|
|
|
sso.external_id = "A"
|
|
|
|
sso
|
|
|
|
}
|
|
|
|
|
|
|
|
it "sends a welcome email by default" do
|
|
|
|
User.any_instance.expects(:enqueue_welcome_message).once
|
2017-05-17 04:18:18 +08:00
|
|
|
_user = sso.lookup_or_create_user(ip_address)
|
2015-03-21 01:03:24 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "suppresses the welcome email when asked to" do
|
|
|
|
User.any_instance.expects(:enqueue_welcome_message).never
|
|
|
|
sso.suppress_welcome_message = true
|
2017-05-17 04:18:18 +08:00
|
|
|
_user = sso.lookup_or_create_user(ip_address)
|
2015-03-21 01:03:24 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-02-01 08:42:27 +08:00
|
|
|
context 'setting title for a user' do
|
|
|
|
let(:sso) {
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = 'test'
|
|
|
|
sso.name = 'test'
|
|
|
|
sso.email = 'test@test.com'
|
|
|
|
sso.external_id = '100'
|
|
|
|
sso.title = "The User's Title"
|
|
|
|
sso
|
|
|
|
}
|
|
|
|
|
2017-02-07 23:41:27 +08:00
|
|
|
it 'sets title correctly' do
|
2017-02-01 08:42:27 +08:00
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.title).to eq(sso.title)
|
|
|
|
|
2017-02-07 23:41:27 +08:00
|
|
|
sso.title = "farmer"
|
2017-02-01 08:42:27 +08:00
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
|
2017-02-07 23:41:27 +08:00
|
|
|
expect(user.title).to eq("farmer")
|
|
|
|
|
|
|
|
sso.title = nil
|
2017-02-01 08:42:27 +08:00
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
|
2017-02-07 23:41:27 +08:00
|
|
|
expect(user.title).to eq("farmer")
|
2017-02-01 08:42:27 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-08-01 13:29:28 +08:00
|
|
|
context 'setting bio for a user' do
|
2017-06-22 10:23:31 +08:00
|
|
|
let(:sso) do
|
2016-08-01 13:29:28 +08:00
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "test"
|
|
|
|
sso.name = "test"
|
|
|
|
sso.email = "test@test.com"
|
|
|
|
sso.external_id = "100"
|
|
|
|
sso.bio = "This **is** the bio"
|
2017-06-22 10:23:31 +08:00
|
|
|
sso.suppress_welcome_message = true
|
2016-08-01 13:29:28 +08:00
|
|
|
sso
|
2017-06-22 10:23:31 +08:00
|
|
|
end
|
2016-08-01 13:29:28 +08:00
|
|
|
|
|
|
|
it 'can set bio if supplied on new users or users with empty bio' do
|
|
|
|
# new account
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.user_profile.bio_cooked).to match_html("<p>This <strong>is</strong> the bio</p>")
|
|
|
|
|
|
|
|
# no override by default
|
|
|
|
sso.bio = "new profile"
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
|
|
|
|
expect(user.user_profile.bio_cooked).to match_html("<p>This <strong>is</strong> the bio</p>")
|
|
|
|
|
|
|
|
# yes override for blank
|
2017-06-22 10:23:31 +08:00
|
|
|
user.user_profile.update!(bio_raw: '')
|
2016-08-01 13:29:28 +08:00
|
|
|
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
expect(user.user_profile.bio_cooked).to match_html("<p>new profile</p>")
|
|
|
|
|
|
|
|
# yes override if site setting
|
|
|
|
sso.bio = "new profile 2"
|
|
|
|
SiteSetting.sso_overrides_bio = true
|
|
|
|
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
2017-06-22 10:23:31 +08:00
|
|
|
expect(user.user_profile.bio_cooked).to match_html("<p>new profile 2</p")
|
2016-08-01 13:29:28 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
2016-09-02 10:04:22 +08:00
|
|
|
context 'when sso_overrides_avatar is not enabled' do
|
|
|
|
|
|
|
|
it "correctly handles provided avatar_urls" do
|
2017-06-22 10:23:31 +08:00
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.external_id = 666
|
|
|
|
sso.email = "sam@sam.com"
|
|
|
|
sso.name = "sam"
|
|
|
|
sso.username = "sam"
|
|
|
|
sso.avatar_url = "http://awesome.com/image.png"
|
|
|
|
sso.suppress_welcome_message = true
|
|
|
|
|
2019-04-08 22:58:21 +08:00
|
|
|
FileHelper.stubs(:download).returns(file_from_fixtures("logo.png"), file_from_fixtures("logo.png"))
|
2017-06-22 10:23:31 +08:00
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
user.reload
|
|
|
|
avatar_id = user.uploaded_avatar_id
|
|
|
|
|
|
|
|
# initial creation ...
|
|
|
|
expect(avatar_id).to_not eq(nil)
|
|
|
|
|
|
|
|
# junk avatar id should be updated
|
|
|
|
old_id = user.uploaded_avatar_id
|
|
|
|
Upload.destroy(old_id)
|
2019-04-08 22:58:21 +08:00
|
|
|
FileHelper.stubs(:download).returns(file_from_fixtures("logo.png"), file_from_fixtures("logo.png"))
|
2017-06-22 10:23:31 +08:00
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
user.reload
|
|
|
|
avatar_id = user.uploaded_avatar_id
|
|
|
|
|
|
|
|
expect(avatar_id).to_not eq(nil)
|
|
|
|
expect(old_id).to_not eq(avatar_id)
|
|
|
|
|
2018-03-28 16:20:08 +08:00
|
|
|
# FileHelper.stubs(:download) { raise "should not be called" }
|
|
|
|
# sso.avatar_url = "https://some.new/avatar.png"
|
|
|
|
# user = sso.lookup_or_create_user(ip_address)
|
|
|
|
# user.reload
|
|
|
|
#
|
|
|
|
# # avatar updated but no override specified ...
|
|
|
|
# expect(user.uploaded_avatar_id).to eq(avatar_id)
|
|
|
|
#
|
|
|
|
# sso.avatar_force_update = true
|
|
|
|
# FileHelper.stubs(:download).returns(file_from_fixtures("logo-dev.png"))
|
|
|
|
# user = sso.lookup_or_create_user(ip_address)
|
|
|
|
# user.reload
|
|
|
|
#
|
|
|
|
# # we better have a new avatar
|
|
|
|
# expect(user.uploaded_avatar_id).not_to eq(avatar_id)
|
|
|
|
# expect(user.uploaded_avatar_id).not_to eq(nil)
|
|
|
|
#
|
|
|
|
# avatar_id = user.uploaded_avatar_id
|
|
|
|
#
|
|
|
|
# sso.avatar_force_update = true
|
|
|
|
# FileHelper.stubs(:download) { raise "not found" }
|
|
|
|
# user = sso.lookup_or_create_user(ip_address)
|
|
|
|
# user.reload
|
|
|
|
#
|
|
|
|
# # we better have the same avatar
|
|
|
|
# expect(user.uploaded_avatar_id).to eq(avatar_id)
|
2016-09-02 10:04:22 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
2015-01-28 23:47:59 +08:00
|
|
|
context 'when sso_overrides_avatar is enabled' do
|
2019-05-07 11:12:20 +08:00
|
|
|
fab!(:sso_record) { Fabricate(:single_sign_on_record, external_avatar_url: "http://example.com/an_image.png") }
|
2016-10-25 01:55:30 +08:00
|
|
|
|
2015-01-29 00:52:07 +08:00
|
|
|
let!(:sso) {
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "test"
|
|
|
|
sso.name = "test"
|
|
|
|
sso.email = sso_record.user.email
|
|
|
|
sso.external_id = sso_record.external_id
|
|
|
|
sso
|
|
|
|
}
|
2016-10-25 01:55:30 +08:00
|
|
|
|
2015-01-29 00:52:07 +08:00
|
|
|
let(:logo) { file_from_fixtures("logo.png") }
|
2015-01-28 23:47:59 +08:00
|
|
|
|
|
|
|
before do
|
|
|
|
SiteSetting.sso_overrides_avatar = true
|
|
|
|
end
|
|
|
|
|
|
|
|
it "deal with no avatar url passed for an existing user with an avatar" do
|
2016-10-25 01:55:30 +08:00
|
|
|
Sidekiq::Testing.inline! do
|
|
|
|
# Deliberately not setting avatar_url so it should not update
|
|
|
|
sso_record.user.update_columns(uploaded_avatar_id: -1)
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
user.reload
|
|
|
|
|
|
|
|
expect(user).to_not be_nil
|
|
|
|
expect(user.uploaded_avatar_id).to eq(-1)
|
|
|
|
end
|
2015-01-28 23:47:59 +08:00
|
|
|
end
|
2015-01-29 00:52:07 +08:00
|
|
|
|
|
|
|
it "deal with no avatar_force_update passed as a boolean" do
|
2016-10-25 01:55:30 +08:00
|
|
|
Sidekiq::Testing.inline! do
|
|
|
|
FileHelper.stubs(:download).returns(logo)
|
2015-01-29 00:52:07 +08:00
|
|
|
|
2016-10-25 01:55:30 +08:00
|
|
|
sso_record.user.update_columns(uploaded_avatar_id: -1)
|
2016-09-02 10:04:22 +08:00
|
|
|
|
2016-10-25 01:55:30 +08:00
|
|
|
sso.avatar_url = "http://example.com/a_different_image.png"
|
|
|
|
sso.avatar_force_update = false
|
2015-01-29 00:52:07 +08:00
|
|
|
|
2016-10-25 01:55:30 +08:00
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
user.reload
|
2016-09-02 10:04:22 +08:00
|
|
|
|
2016-10-25 01:55:30 +08:00
|
|
|
expect(user).to_not be_nil
|
|
|
|
expect(user.uploaded_avatar_id).to_not eq(-1)
|
|
|
|
end
|
2015-01-29 00:52:07 +08:00
|
|
|
end
|
2015-01-28 23:47:59 +08:00
|
|
|
end
|
2018-05-07 16:03:26 +08:00
|
|
|
|
|
|
|
context 'when sso_overrides_profile_background is not enabled' do
|
|
|
|
|
|
|
|
it "correctly handles provided profile_background_urls" do
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.external_id = 666
|
|
|
|
sso.email = "sam@sam.com"
|
|
|
|
sso.name = "sam"
|
|
|
|
sso.username = "sam"
|
|
|
|
sso.profile_background_url = "http://awesome.com/image.png"
|
|
|
|
sso.suppress_welcome_message = true
|
|
|
|
|
|
|
|
FileHelper.stubs(:download).returns(file_from_fixtures("logo.png"))
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
user.reload
|
|
|
|
user.user_profile.reload
|
2019-04-29 11:58:52 +08:00
|
|
|
profile_background_url = user.profile_background_upload.url
|
2018-05-07 16:03:26 +08:00
|
|
|
|
|
|
|
# initial creation ...
|
2019-04-29 11:58:52 +08:00
|
|
|
expect(profile_background_url).to_not eq(nil)
|
|
|
|
expect(profile_background_url).to_not eq('')
|
2018-05-07 16:03:26 +08:00
|
|
|
|
|
|
|
FileHelper.stubs(:download) { raise "should not be called" }
|
|
|
|
sso.profile_background_url = "https://some.new/avatar.png"
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
user.reload
|
|
|
|
user.user_profile.reload
|
|
|
|
|
|
|
|
# profile_background updated but no override specified ...
|
2019-04-29 11:58:52 +08:00
|
|
|
expect(user.profile_background_upload.url).to eq(profile_background_url)
|
2018-05-07 16:03:26 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when sso_overrides_profile_background is enabled' do
|
2019-05-07 11:12:20 +08:00
|
|
|
fab!(:sso_record) { Fabricate(:single_sign_on_record, external_profile_background_url: "http://example.com/an_image.png") }
|
2018-05-07 16:03:26 +08:00
|
|
|
|
|
|
|
let!(:sso) {
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "test"
|
|
|
|
sso.name = "test"
|
|
|
|
sso.email = sso_record.user.email
|
|
|
|
sso.external_id = sso_record.external_id
|
|
|
|
sso
|
|
|
|
}
|
|
|
|
|
|
|
|
let(:logo) { file_from_fixtures("logo.png") }
|
|
|
|
|
|
|
|
before do
|
|
|
|
SiteSetting.sso_overrides_profile_background = true
|
|
|
|
end
|
|
|
|
|
|
|
|
it "deal with no profile_background_url passed for an existing user with a profile_background" do
|
2019-04-29 11:58:52 +08:00
|
|
|
# Deliberately not setting profile_background_url so it should not update
|
|
|
|
sso_record.user.user_profile.clear_profile_background
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
user.reload
|
2018-05-07 16:03:26 +08:00
|
|
|
|
2019-04-29 11:58:52 +08:00
|
|
|
expect(user.profile_background_upload).to eq(nil)
|
2018-05-07 16:03:26 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "deal with a profile_background_url passed for an existing user with a profile_background" do
|
2019-04-29 11:58:52 +08:00
|
|
|
url = "http://example.com/a_different_image.png"
|
|
|
|
stub_request(:get, url).to_return(body: logo)
|
2018-05-07 16:03:26 +08:00
|
|
|
|
2019-04-29 11:58:52 +08:00
|
|
|
sso_record.user.user_profile.clear_profile_background
|
|
|
|
sso.profile_background_url = "http://example.com/a_different_image.png"
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
user.reload
|
2018-05-07 16:03:26 +08:00
|
|
|
|
2019-04-29 11:58:52 +08:00
|
|
|
expect(user.profile_background_upload).to_not eq(nil)
|
2018-05-07 16:03:26 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when sso_overrides_card_background is not enabled' do
|
|
|
|
|
|
|
|
it "correctly handles provided card_background_urls" do
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.external_id = 666
|
|
|
|
sso.email = "sam@sam.com"
|
|
|
|
sso.name = "sam"
|
|
|
|
sso.username = "sam"
|
|
|
|
sso.card_background_url = "http://awesome.com/image.png"
|
|
|
|
sso.suppress_welcome_message = true
|
|
|
|
FileHelper.stubs(:download).returns(file_from_fixtures("logo.png"))
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
user.reload
|
|
|
|
user.user_profile.reload
|
2019-04-29 11:58:52 +08:00
|
|
|
card_background_url = user.user_profile.card_background_upload.url
|
2018-05-07 16:03:26 +08:00
|
|
|
|
|
|
|
# initial creation ...
|
2019-04-29 11:58:52 +08:00
|
|
|
expect(card_background_url).to be_present
|
2018-05-07 16:03:26 +08:00
|
|
|
|
|
|
|
FileHelper.stubs(:download) { raise "should not be called" }
|
|
|
|
sso.card_background_url = "https://some.new/avatar.png"
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
user.reload
|
|
|
|
user.user_profile.reload
|
|
|
|
|
|
|
|
# card_background updated but no override specified ...
|
2019-04-29 11:58:52 +08:00
|
|
|
expect(user.user_profile.card_background_upload.url).to eq(
|
|
|
|
card_background_url
|
|
|
|
)
|
2018-05-07 16:03:26 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when sso_overrides_card_background is enabled' do
|
2019-05-07 11:12:20 +08:00
|
|
|
fab!(:sso_record) { Fabricate(:single_sign_on_record, external_card_background_url: "http://example.com/an_image.png") }
|
2018-05-07 16:03:26 +08:00
|
|
|
|
|
|
|
let!(:sso) {
|
|
|
|
sso = DiscourseSingleSignOn.new
|
|
|
|
sso.username = "test"
|
|
|
|
sso.name = "test"
|
|
|
|
sso.email = sso_record.user.email
|
|
|
|
sso.external_id = sso_record.external_id
|
|
|
|
sso
|
|
|
|
}
|
|
|
|
|
|
|
|
let(:logo) { file_from_fixtures("logo.png") }
|
|
|
|
|
|
|
|
before do
|
|
|
|
SiteSetting.sso_overrides_card_background = true
|
|
|
|
end
|
|
|
|
|
|
|
|
it "deal with no card_background_url passed for an existing user with a card_background" do
|
2019-04-29 11:58:52 +08:00
|
|
|
# Deliberately not setting card_background_url so it should not update
|
|
|
|
sso_record.user.user_profile.clear_card_background
|
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
user.reload
|
2018-05-07 16:03:26 +08:00
|
|
|
|
2019-04-29 11:58:52 +08:00
|
|
|
expect(user.user_profile.card_background_upload).to eq(nil)
|
2018-05-07 16:03:26 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "deal with a card_background_url passed for an existing user with a card_background_url" do
|
2019-04-29 11:58:52 +08:00
|
|
|
url = "http://example.com/a_different_image.png"
|
|
|
|
stub_request(:get, url).to_return(body: logo)
|
2018-05-07 16:03:26 +08:00
|
|
|
|
2019-04-29 11:58:52 +08:00
|
|
|
sso_record.user.user_profile.clear_card_background
|
|
|
|
sso.card_background_url = url
|
2018-05-07 16:03:26 +08:00
|
|
|
|
2019-04-29 11:58:52 +08:00
|
|
|
user = sso.lookup_or_create_user(ip_address)
|
|
|
|
user.reload
|
2018-05-07 16:03:26 +08:00
|
|
|
|
2019-04-29 11:58:52 +08:00
|
|
|
expect(user.user_profile.card_background_upload.url).to_not eq('')
|
2018-05-07 16:03:26 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-02-25 11:30:49 +08:00
|
|
|
end
|