SPEC: fix users_controller tests after upstream changes

also add new test so that we'll know if whole session gets wiped after authentication 73172f00d3
2019-09-17 15:28:39 +01:00 · 2019-09-17 15:28:39 +01:00 · f3cd386078
--- a/plugin.rb
+++ b/plugin.rb
@ -1,6 +1,6 @@
 # name: mozilla-iam
 # about: A plugin to integrate Discourse with Mozilla's Identity and Access Management (IAM) system
-# version: 1.5.1
+# version: 1.5.2
 # authors: Leo McArdle
 # url: https://github.com/mozilla/discourse-mozilla-iam

--- a/spec/requests/authenticator_spec.rb
+++ b/spec/requests/authenticator_spec.rb
@ -0,0 +1,60 @@
+require_relative '../iam_helper'
+
+describe MozillaIAM::Authenticator do
+
+  before do
+    OmniAuth::Strategies::Auth0.any_instance.stubs(:no_client_id?).returns(false)
+    OmniAuth::Strategies::Auth0.any_instance.stubs(:no_client_secret?).returns(false)
+    OmniAuth::Strategies::Auth0.any_instance.stubs(:no_domain?).returns(false)
+    SiteSetting.enable_local_logins = false
+    OmniAuth.config.test_mode = true
+  end
+
+  it "does all the right things on signup" do
+    stub_jwks_request()
+    OmniAuth.config.mock_auth[:auth0] = OmniAuth::AuthHash.new({
+      credentials: {
+        id_token: create_id_token({
+          name: "Bob",
+          username: "bob",
+          email: "bob@example.com"
+        }, {
+          "https://sso.mozilla.com/claim/AAL": "MAXIMUM"
+        })
+      }
+    })
+
+    get "/auth/auth0"
+    expect(response.location).to eq "http://test.localhost/auth/auth0/callback"
+    get response.location
+    expect(response.location).to eq "http://test.localhost/"
+    get "/latest"
+
+    stub_apis_profile_request(create_uid("bob"), {})
+
+    get '/u/hp.json'
+    hp = JSON.parse(response.body)
+    post "/u.json", params: {
+      name: "Bob",
+      username: "bob",
+      email: "bob@example.com",
+      password_confirmation: hp["value"],
+      challenge: hp["challenge"].reverse
+    }
+
+    expect(session[:mozilla_iam]).to be
+
+    get "/latest"
+
+    session_data = MozillaIAM::SessionData.find_or_create(session, cookies)
+    expect(session_data.aal).to eq "MAXIMUM"
+
+    auth_token = UserAuthToken.find(session_data.user_auth_token_id)
+    expect(auth_token.user_id).to eq User.find_by_username("bob").id
+  end
+
+  after do
+    OmniAuth.config.test_mode = false
+  end
+
+end
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@ -24,12 +24,16 @@ describe UsersController do

    context "without dinopark_enabled" do
      it "creates user as normal" do
+        UserAuthenticator.any_instance.stubs(:authenticator_name).returns("auth0")
+        MozillaIAM::Authenticator.any_instance.expects(:after_create_account).with() do |_, auth|
+          session[:authentication]&.[](:dinopark_enabled).nil?
+        end
+
        post "/u.json", params: create_params.merge({
          dinopark_enabled: false
        })
        expect(response.status).to eq 200
        expect(User.find(JSON.parse(response.body)["user_id"]).username).to eq "jillbloggs"
-        expect(session[:authentication]&.[](:dinopark_enabled)).to be_nil
      end

      it "doesn't set show_dinopark_banner cookie" do
@ -43,22 +47,30 @@ describe UsersController do

    context "with dinopark_enabled" do
      it "creates user and sets dinopark_enabled flag in auth data" do
+        UserAuthenticator.any_instance.stubs(:authenticator_name).returns("auth0")
+        MozillaIAM::Authenticator.any_instance.expects(:after_create_account).with() do |_, auth|
+          auth[:dinopark_enabled] == true
+        end
+
        post "/u.json", params: create_params.merge({
          dinopark_enabled: true
        })
        expect(response.status).to eq 200
        expect(User.find(JSON.parse(response.body)["user_id"]).username).to eq "jillbloggs"
-        expect(session[:authentication]&.[](:dinopark_enabled)).to eq true
      end

      it "uses unique username if its taken" do
+        UserAuthenticator.any_instance.stubs(:authenticator_name).returns("auth0")
+        MozillaIAM::Authenticator.any_instance.expects(:after_create_account).with() do |_, auth|
+          auth[:dinopark_enabled] == true
+        end
+
        Fabricate(:user, username: "jillbloggs")
        post "/u.json", params: create_params.merge({
          dinopark_enabled: true
        })
        expect(response.status).to eq 200
        expect(User.find(JSON.parse(response.body)["user_id"]).username).to eq "jillbloggs1"
-        expect(session[:authentication]&.[](:dinopark_enabled)).to eq true
      end

      it "sets show_dinopark_banner cookie" do