authorization_spec.rb 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe Authorization, type: :model do
  4. describe 'User assets' do
  5. subject(:authorization) { create(:twitter_authorization) }
  6. it 'does update assets after new authorizations created' do
  7. authorization.user.assets({})
  8. create(:twitter_authorization, provider: 'twitter2', user: authorization.user)
  9. assets = authorization.user.reload.assets({})
  10. expect(assets[:User][authorization.user.id]['accounts'].keys.count).to eq(2)
  11. end
  12. end
  13. describe 'Account linking' do
  14. let(:auth_hash) do
  15. {
  16. 'info' => auth_info,
  17. 'uid' => auth_uid,
  18. 'provider' => provider,
  19. 'credentials' => auth_credentials,
  20. }
  21. end
  22. let(:auth_info) { {} }
  23. let(:auth_uid) { SecureRandom.uuid }
  24. let(:auth_credentials) do
  25. {
  26. 'token' => '1234',
  27. 'secret' => '1234',
  28. }
  29. end
  30. let(:provider) { 'saml' }
  31. let(:user) { create(:user, login: auth_uid) }
  32. before do
  33. Setting.set('auth_third_party_auto_link_at_inital_login', true)
  34. user
  35. end
  36. shared_examples 'links account with email address', :aggregate_failures do
  37. it 'linked account' do
  38. authorization = described_class.create_from_hash(auth_hash)
  39. expect(authorization.user_id).to eq(user.id)
  40. expect(authorization.provider).to eq(provider)
  41. end
  42. end
  43. context 'when saml is the provider' do
  44. context 'when auth provider provides no email address' do
  45. it 'linked account with uid' do
  46. authorization = described_class.create_from_hash(auth_hash)
  47. expect(authorization.user_id).to eq(user.id)
  48. end
  49. end
  50. end
  51. context 'when auth provider provides an email address' do
  52. let(:email) { 'john.doe@example.com' }
  53. let(:auth_info) do
  54. {
  55. 'email' => email,
  56. }
  57. end
  58. let(:user) { create(:user, login: auth_uid, email: email) }
  59. context 'when "github" is the provider' do
  60. let(:provider) { 'github' }
  61. include_examples 'links account with email address'
  62. end
  63. context 'when "gitlab" is the provider' do
  64. let(:provider) { 'gitlab' }
  65. include_examples 'links account with email address'
  66. end
  67. context 'when "facebook" is the provider' do
  68. let(:provider) { 'facebook' }
  69. include_examples 'links account with email address'
  70. end
  71. context 'when "twitter" is the provider' do
  72. let(:provider) { 'twitter' }
  73. include_examples 'links account with email address'
  74. end
  75. context 'when "linkedin" is the provider' do
  76. let(:provider) { 'linkedin' }
  77. include_examples 'links account with email address'
  78. end
  79. context 'when "microsoft_office365" is the provider' do
  80. let(:provider) { 'microsoft_office365' }
  81. include_examples 'links account with email address'
  82. end
  83. context 'when "google_oauth2" is the provider' do
  84. let(:provider) { 'google_oauth2' }
  85. include_examples 'links account with email address'
  86. end
  87. context 'when "weibo" is the provider' do
  88. let(:provider) { 'weibo' }
  89. include_examples 'links account with email address'
  90. end
  91. end
  92. end
  93. describe 'Account linking notification', sends_notification_emails: true do
  94. subject(:authorization) { create(:authorization, user: agent, provider: provider) }
  95. let(:agent) { create(:agent) }
  96. let(:provider) { 'github' }
  97. let(:provider_name) { 'GitHub' }
  98. shared_examples 'sending out email notification' do
  99. it 'sends out an email notification' do
  100. check_notification do
  101. authorization
  102. sent(
  103. template: 'user_auth_provider',
  104. user: authorization.user,
  105. objects: hash_including({ user: authorization.user, provider: provider_name })
  106. )
  107. end
  108. end
  109. end
  110. shared_examples 'not sending out email notification' do
  111. it 'does not send out an email notification' do
  112. check_notification do
  113. authorization
  114. not_sent(
  115. template: 'user_auth_provider',
  116. user: authorization.user,
  117. objects: hash_including({ user: authorization.user, provider: provider_name })
  118. )
  119. end
  120. end
  121. end
  122. context 'with setting turned on' do
  123. before do
  124. Setting.set('auth_third_party_linking_notification', true)
  125. end
  126. context 'when linking with an existing account' do
  127. it_behaves_like 'sending out email notification'
  128. context 'when user has no email address' do
  129. let(:agent) { create(:agent, email: '') }
  130. it_behaves_like 'not sending out email notification'
  131. end
  132. end
  133. context 'when creating a new account' do
  134. let(:agent) { create(:agent, source: 'github') }
  135. it_behaves_like 'not sending out email notification'
  136. end
  137. context 'with SAML as the provider' do
  138. let(:provider) { 'saml' }
  139. let(:provider_name) { 'Custom Provider' }
  140. before do
  141. Setting.set('auth_saml_credentials', { display_name: provider_name })
  142. end
  143. it_behaves_like 'sending out email notification'
  144. end
  145. end
  146. context 'with setting turned off' do
  147. before do
  148. Setting.set('auth_third_party_linking_notification', false)
  149. end
  150. it_behaves_like 'not sending out email notification'
  151. end
  152. end
  153. end