mirror of
https://github.com/Freika/dawarich.git
synced 2026-01-11 17:51:39 -05:00
b1393ee674
* Implement OmniAuth GitHub authentication * Fix omniauth GitHub scope to include user email access * Remove margin-bottom * Implement Google OAuth2 authentication * Implement OIDC authentication for Dawarich using omniauth_openid_connect gem. * Add patreon account linking and patron checking service * Update docker-compose.yml to use boolean values instead of strings * Add support for KML files * Add tests * Update changelog * Remove patreon OAuth integration * Move omniauthable to a concern * Update an icon in integrations * Update changelog * Update app version * Fix family location sharing toggle * Move family location sharing to its own controller * Update changelog * Implement basic tagging functionality for places, allowing users to categorize and label places with custom tags. * Add places management API and tags feature * Add some changes related to places management feature * Fix some tests * Fix sometests * Add places layer * Update places layer to use Leaflet.Control.Layers.Tree for hierarchical layer control * Rework tag form * Add hashtag * Add privacy zones to tags * Add notes to places and manage place tags * Update changelog * Update e2e tests * Extract tag serializer to its own file * Fix some tests * Fix tags request specs * Fix some tests * Fix rest of the tests * Revert some changes * Add missing specs * Revert changes in place export/import code * Fix some specs * Fix PlaceFinder to only consider global places when finding existing places * Fix few more specs * Fix visits creator spec * Fix last tests * Update place creating modal * Add home location based on "Home" tagged place * Save enabled tag layers * Some fixes * Fix bug where enabling place tag layers would trigger saving enabled layers, overwriting with incomplete data * Update migration to use disable_ddl_transaction! and add up/down methods * Fix tag layers restoration and filtering logic * Update OIDC auto-registration and email/password registration settings * Fix potential xss
135 lines
4.5 KiB
Ruby
135 lines
4.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
|
|
RSpec.describe 'Users::OmniauthCallbacks', type: :request do
|
|
let(:email) { 'oauth_user@example.com' }
|
|
|
|
before do
|
|
Rails.application.env_config['devise.mapping'] = Devise.mappings[:user]
|
|
end
|
|
|
|
shared_examples 'successful OAuth authentication' do |provider, provider_name|
|
|
context "when user doesn't exist" do
|
|
it 'creates a new user and signs them in' do
|
|
expect do
|
|
Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[provider]
|
|
get "/users/auth/#{provider}/callback"
|
|
end.to change(User, :count).by(1)
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
|
|
user = User.find_by(email: email)
|
|
expect(user).to be_present
|
|
expect(user.encrypted_password).to be_present
|
|
end
|
|
end
|
|
|
|
context 'when user already exists' do
|
|
let!(:existing_user) { create(:user, email: email) }
|
|
|
|
it 'signs in the existing user without creating a new one' do
|
|
expect do
|
|
Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[provider]
|
|
get "/users/auth/#{provider}/callback"
|
|
end.not_to change(User, :count)
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
end
|
|
|
|
context 'when user creation fails' do
|
|
before do
|
|
allow(User).to receive(:create).and_return(
|
|
User.new(email: email).tap do |u|
|
|
u.errors.add(:email, 'is invalid')
|
|
end
|
|
)
|
|
end
|
|
|
|
it 'redirects to registration with error message' do
|
|
Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[provider]
|
|
get "/users/auth/#{provider}/callback"
|
|
|
|
expect(response).to redirect_to(new_user_registration_url)
|
|
end
|
|
end
|
|
end
|
|
|
|
# Self-hosted configuration (SELF_HOSTED=true) uses OpenID Connect
|
|
describe 'GET /users/auth/openid_connect/callback' do
|
|
before do
|
|
mock_openid_connect_auth(email: email)
|
|
end
|
|
|
|
include_examples 'successful OAuth authentication', :openid_connect, 'OpenID Connect'
|
|
|
|
context 'when OIDC auto-registration is disabled' do
|
|
around do |example|
|
|
original_value = ENV['OIDC_AUTO_REGISTER']
|
|
ENV['OIDC_AUTO_REGISTER'] = 'false'
|
|
example.run
|
|
ENV['OIDC_AUTO_REGISTER'] = original_value
|
|
end
|
|
|
|
context "when user doesn't exist" do
|
|
it 'rejects the user with an appropriate error message' do
|
|
expect do
|
|
Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
|
|
get '/users/auth/openid_connect/callback'
|
|
end.not_to change(User, :count)
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
expect(flash[:alert]).to include('Your account must be created by an administrator')
|
|
end
|
|
end
|
|
|
|
context 'when user already exists (account linking)' do
|
|
let!(:existing_user) { create(:user, email: email) }
|
|
|
|
it 'signs in the existing user and links OIDC provider' do
|
|
expect do
|
|
Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
|
|
get '/users/auth/openid_connect/callback'
|
|
end.not_to change(User, :count)
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
expect(flash[:notice]).to include('OpenID Connect')
|
|
|
|
existing_user.reload
|
|
expect(existing_user.provider).to eq('openid_connect')
|
|
expect(existing_user.uid).to be_present
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'OAuth flow integration with OpenID Connect' do
|
|
context 'with OpenID Connect (Authelia/Authentik/Keycloak)' do
|
|
before { mock_openid_connect_auth(email: 'oidc@example.com') }
|
|
|
|
it 'completes the full OAuth flow' do
|
|
expect do
|
|
Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
|
|
get '/users/auth/openid_connect/callback'
|
|
end.to change(User, :count).by(1)
|
|
|
|
user = User.find_by(email: 'oidc@example.com')
|
|
expect(user).to be_present
|
|
expect(user.email).to eq('oidc@example.com')
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'CSRF protection' do
|
|
it 'does not raise CSRF error for OpenID Connect callback' do
|
|
mock_openid_connect_auth(email: email)
|
|
|
|
expect do
|
|
Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
|
|
get '/users/auth/openid_connect/callback'
|
|
end.not_to raise_error
|
|
end
|
|
end
|
|
end
|