/
microsoft_auth_spec.rb
112 lines (95 loc) · 3.45 KB
/
microsoft_auth_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# frozen_string_literal: true
describe "Microsoft OAuth2" do
let(:access_token) { "microsoft_access_token_448" }
let(:client_id) { "abcdef11223344" }
let(:client_secret) { "adddcccdddd99922" }
let(:temp_code) { "microsoft_temp_code_544254" }
fab!(:user1) { Fabricate(:user) }
def setup_ms_emails_stub(email:)
stub_request(:get, "https://graph.microsoft.com/v1.0/me").with(
headers: {
"Authorization" => "Bearer #{access_token}",
},
).to_return(
status: 200,
body:
JSON.dump(
businessPhones: ["+1 425 555 0109"],
displayName: "Adele Vance",
givenName: "Adele",
jobTitle: "Retail Manager",
mail: email,
mobilePhone: "+1 425 555 0109",
officeLocation: "18/2111",
preferredLanguage: "en-US",
surname: "Vance",
userPrincipalName: email,
id: "87d349ed-44d7-43e1-9a83-5f2406dee5bd",
),
headers: {
"Content-Type" => "application/json",
},
)
end
before do
SiteSetting.microsoft_auth_enabled = true
SiteSetting.microsoft_auth_client_id = client_id
SiteSetting.microsoft_auth_client_secret = client_secret
stub_request(:post, "https://login.microsoftonline.com/common/oauth2/v2.0/token").with(
body:
hash_including(
"client_id" => client_id,
"client_secret" => client_secret,
"code" => temp_code,
"grant_type" => "authorization_code",
"redirect_uri" => "http://test.localhost/auth/microsoft_office365/callback",
),
).to_return(
status: 200,
body:
Rack::Utils.build_query(
access_token: access_token,
token_type: "Bearer",
expires_in: 3599,
scope: "openid email profile https://graph.microsoft.com/User.Read",
),
headers: {
"Content-Type" => "application/x-www-form-urlencoded",
},
)
end
it "signs in the user whose email matches the email included in the API response from microsoft when `microsoft_auth_email_verified` site setting is true" do
SiteSetting.microsoft_auth_email_verified = true
post "/auth/microsoft_office365"
expect(response.status).to eq(302)
expect(response.location).to start_with(
"https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
)
setup_ms_emails_stub(email: user1.email)
post "/auth/microsoft_office365/callback",
params: {
state: session["omniauth.state"],
code: temp_code,
}
expect(response.status).to eq(302)
expect(response.location).to eq("http://test.localhost/")
expect(session[:current_user_id]).to eq(user1.id)
end
it "does not sign in the user whose email matches the email included in the API response from microsoft when `microsoft_auth_email_verified` site setting is false" do
SiteSetting.microsoft_auth_email_verified = false
post "/auth/microsoft_office365"
expect(response.status).to eq(302)
expect(response.location).to start_with(
"https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
)
setup_ms_emails_stub(email: user1.email)
post "/auth/microsoft_office365/callback",
params: {
state: session["omniauth.state"],
code: temp_code,
}
expect(response.status).to eq(302)
expect(response.location).to eq("http://test.localhost/")
expect(session[:current_user_id]).to eq(nil)
end
end