Add external auth spec

Follow up to #9295. If we revert that PR's changes, and run these tests they fail when it tries to Marshal.dump the params internal IO object. Note that the actual failure in test is slightly different from prod. In test we get `TypeError: no _dump_data is defined for class StringIO` because the TestRequest has a StringIO internally. In prod we get `can't dump IO` because the real request has a real IO object internally. Even so, this test still demonstrates the Marshal issue, while also providing an end-to-end test for external auth login.
ManageIQ · Oct 24, 2024 · 7fc10a8 · 7fc10a8
1 parent 61578ea
commit 7fc10a8
Showing 1 changed file with 48 additions and 0 deletions.
diff --git a/spec/controllers/dashboard_controller_spec.rb b/spec/controllers/dashboard_controller_spec.rb
@@ -90,6 +90,54 @@
     end
   end
 
+  context "external auth support" do
+    let(:user) { FactoryBot.create(:user, :role => "random") }
+    let(:user_name) { user.userid }
+    let(:user_domain) { "ipa.example.org" }
+    let(:user_email) { "#{user_name}@#{user_domain}" }
+    let(:user_group) { user.miq_groups.first.description }
+
+    before do
+      EvmSpecHelper.create_guid_miq_server_zone
+
+      stub_settings_merge(:authentication => {:mode => 'httpd', :httpd_role => true})
+      request.headers.merge!(
+        "HTTP_X_REMOTE_USER"        => user_name,
+        "HTTP_X_REMOTE_USER_EMAIL"  => user_email,
+        "HTTP_X_REMOTE_USER_DOMAIN" => user_domain,
+        "HTTP_X_REMOTE_USER_GROUPS" => user_group
+      )
+    end
+
+    it "initiates a task when logging in" do
+      skip_data_checks
+      post :external_authenticate, :params => {:user_name => user_name, :user_password => 'dummy'}
+      expect_failed_login # Not really failed, but waiting to complete
+
+      task = MiqTask.first
+      expect(task).to have_attributes(
+        :name    => "External httpd User Authorization of '#{user_name}'",
+        :message => "User authorized successfully",
+        :state   => "Finished",
+        :status  => "Ok",
+        :userid  => user_email
+      )
+
+      post :wait_for_task, :params => {:task_id => task.id}
+      expect_successful_login(user)
+    end
+
+    it "serializes the session properly between the task initiation and waiting for the task" do
+      skip_data_checks
+      post :external_authenticate, :params => {:user_name => user_name, :user_password => 'dummy'}
+
+      # In Rails test environment, we use memory session storage, but in production
+      # we use memcached. memcached Marshal.dump's the session, so we do that here
+      # manually to ensure it doesn't blow up.
+      Marshal.load(Marshal.dump(session))
+    end
+  end
+
   context "SAML and OIDC support" do
     before { EvmSpecHelper.create_guid_miq_server_zone }