2025-05-05 09:29:55 +02:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
2023-04-04 15:38:49 +02:00
|
|
|
#-- copyright
|
|
|
|
|
# OpenProject is an open source project management software.
|
2024-07-30 13:42:36 +02:00
|
|
|
# Copyright (C) the OpenProject GmbH
|
2023-04-04 15:38:49 +02:00
|
|
|
#
|
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
|
# modify it under the terms of the GNU General Public License version 3.
|
|
|
|
|
#
|
|
|
|
|
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
|
|
|
|
|
# Copyright (C) 2006-2013 Jean-Philippe Lang
|
|
|
|
|
# Copyright (C) 2010-2013 the ChiliProject Team
|
|
|
|
|
#
|
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
|
# modify it under the terms of the GNU General Public License
|
|
|
|
|
# as published by the Free Software Foundation; either version 2
|
|
|
|
|
# of the License, or (at your option) any later version.
|
|
|
|
|
#
|
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
|
# along with this program; if not, write to the Free Software
|
|
|
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
|
#
|
|
|
|
|
# See COPYRIGHT and LICENSE files for more details.
|
|
|
|
|
#++
|
|
|
|
|
|
|
|
|
|
require "spec_helper"
|
|
|
|
|
require "rack/test"
|
|
|
|
|
|
2024-08-21 10:48:02 +02:00
|
|
|
RSpec.describe "OpenID Google provider callback", with_ee: %i[sso_auth_providers] do
|
2023-04-04 15:38:49 +02:00
|
|
|
include Rack::Test::Methods
|
|
|
|
|
include API::V3::Utilities::PathHelper
|
|
|
|
|
|
2024-10-11 19:19:43 +02:00
|
|
|
let(:provider) { create(:oidc_provider_google, limit_self_registration: false) }
|
2023-04-11 15:00:27 +02:00
|
|
|
let(:auth_hash) do
|
|
|
|
|
{ "state" => "623960f1b4f1020941387659f022497f536ad3c95fa7e53b0f03bdbf36debd59f76320801ea2723df520",
|
|
|
|
|
"code" => "4/0AVHEtk6HMPLH08Uw8OVoSaAbd2oTi7Z6wOlBsMQ99Yj3qgKhhyKAxUQBvQ2MZuRzvueOgQ",
|
|
|
|
|
"scope" => "email profile https://www.googleapis.com/auth/userinfo.email openid https://www.googleapis.com/auth/userinfo.profile",
|
|
|
|
|
"authuser" => "0",
|
|
|
|
|
"prompt" => "none" }
|
|
|
|
|
end
|
|
|
|
|
let(:uri) do
|
2024-10-11 19:19:43 +02:00
|
|
|
uri = URI("/auth/#{provider.slug}/callback")
|
2023-04-04 15:38:49 +02:00
|
|
|
uri.query = URI.encode_www_form([["code", auth_hash["code"]],
|
|
|
|
|
["state", auth_hash["state"]],
|
|
|
|
|
["scope", auth_hash["scope"]],
|
|
|
|
|
["authuser", auth_hash["authuser"]],
|
|
|
|
|
["prompt", auth_hash["prompt"]]])
|
2023-04-11 15:00:27 +02:00
|
|
|
uri
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
before do
|
2024-10-11 19:19:43 +02:00
|
|
|
stub_request(:post, "https://oauth2.googleapis.com/token").to_return(
|
2023-04-04 15:38:49 +02:00
|
|
|
status: 200,
|
|
|
|
|
body: {
|
|
|
|
|
"access_token" =>
|
|
|
|
|
"ya29.a0Ael9sCPGoZQiKuMHHVKiaiWV9NatII8T7ZY6XiwTcY-VtvSnmPH53BXDoWGU7OpFY7ctZjY0Qf-Cd_5HHULGoF_m-3WEgMvuO7F11nbYI7qoe95enqneFgDh__vvTxGRAGPpl_Xf7qbXVznh35-DHuvhyPAZmMwaCgYKAQISARASFQF4udJhMeehVtS01I8wd8HL6ReQDw0166",
|
|
|
|
|
"expires_in" => 3594,
|
|
|
|
|
"scope" =>
|
|
|
|
|
"https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid",
|
|
|
|
|
"token_type" => "Bearer",
|
|
|
|
|
"id_token" =>
|
|
|
|
|
"eyJhbGciOiJSUzI1NiIsImtpZCI6IjFhYWU4ZDdjOTIwNThiNWVlYTQ1Njg5NWJmODkwODQ1NzFlMzA2ZjMiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiYXpwIjoiNDI3NzUwNzQ4MTg2LWQ4OGozamNlYmN2bGlxMmd0a3RiZm1oc2lhNjYxZDU4LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiYXVkIjoiNDI3NzUwNzQ4MTg2LWQ4OGozamNlYmN2bGlxMmd0a3RiZm1oc2lhNjYxZDU4LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTA3NDAzNTExMDM3OTIxMzU1MzA3IiwiZW1haWwiOiJiYTFhc2hwYXNoQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdF9oYXNoIjoiVFBtc0ZHRng4cjdrb3RiZkJud0xVdyIsImlhdCI6MTY4MDYxMjE5NCwiZXhwIjoxNjgwNjE1Nzk0fQ.IDKlHDVg1d7tAqb8eRiq90T52xnwVX9huDjpdLoJpqr4xlnTrFCdalxJBBHd9Cv39g2KPuJaCU21B59yNAyJP6bl5P8e9Ky-y8wOFcgHqcG5qXcNtxCS3imASCchRTtre8yp9AQGYkTIC0Jh6lWg0trdfO-_idKBsd5naJeaeYdeZGkpQ8D4dxn_odla67BO3y2mUtyE4gEbzyq6wTXDATN4ucM4Dyp3Wdk7YpYYuFN1g-sF6NFl4YqugQ4zk-pYYtPLlPgGiqi3_hO9kYbRDhNBtfbMx568m-CyM2tiOIkb4utPR20scSiRqnY2oxOcd5g9znvJOjtanHM3KVdj5g"
|
|
|
|
|
}.to_json,
|
|
|
|
|
headers: { "content-type" => "application/json; charset=utf-8" }
|
|
|
|
|
)
|
2024-10-11 19:19:43 +02:00
|
|
|
stub_request(:get, "https://openidconnect.googleapis.com/v1/userinfo").to_return(
|
2023-04-04 15:38:49 +02:00
|
|
|
status: 200,
|
|
|
|
|
body: { "sub" => "107403511037921355307",
|
|
|
|
|
"name" => "Firstname Lastname",
|
|
|
|
|
"given_name" => "Firstname",
|
|
|
|
|
"family_name" => "Lastname",
|
|
|
|
|
"picture" => "https://lh3.googleusercontent.com/a/AGNmyxZtDAl-mgOOCF_DCo-WWEct-LyVp7zGhXkfKR8r=s96-c",
|
|
|
|
|
"email" => "email@dummy.com",
|
|
|
|
|
"email_verified" => true,
|
|
|
|
|
"locale" => "en-GB" }.to_json,
|
|
|
|
|
headers: { "content-type" => "application/json; charset=utf-8" }
|
|
|
|
|
)
|
2023-04-11 15:00:27 +02:00
|
|
|
|
2023-04-04 15:38:49 +02:00
|
|
|
allow_any_instance_of(OmniAuth::Strategies::OpenIDConnect).to receive(:session) {
|
2024-10-11 19:19:43 +02:00
|
|
|
{
|
|
|
|
|
"omniauth.state" => auth_hash["state"]
|
|
|
|
|
}
|
2023-04-11 15:00:27 +02:00
|
|
|
}
|
|
|
|
|
end
|
2023-04-04 15:38:49 +02:00
|
|
|
|
2024-10-11 19:19:43 +02:00
|
|
|
it "redirects user without errors", :webmock do
|
|
|
|
|
response = get(uri.to_s)
|
2024-06-24 17:35:16 +02:00
|
|
|
expect(response).to have_http_status(:found)
|
2024-06-25 08:42:12 +02:00
|
|
|
expect(response.location).to eq("http://#{Setting.host_name}/two_factor_authentication/request")
|
2023-04-04 15:38:49 +02:00
|
|
|
end
|
|
|
|
|
end
|
