From 7fc10a84aec2906c6936d73a3feec726a80c67b1 Mon Sep 17 00:00:00 2001
From: Jason Frey <fryguy9@gmail.com>
Date: Wed, 23 Oct 2024 17:57:51 -0400
Subject: [PATCH] Add external auth spec

Follow up to #9295. If we revert that PR's changes, and run these tests
they fail when it tries to Marshal.dump the params internal IO object.

Note that the actual failure in test is slightly different from prod. In
test we get `TypeError: no _dump_data is defined for class StringIO`
because the TestRequest has a StringIO internally. In prod we get
`can't dump IO` because the real request has a real IO object
internally. Even so, this test still demonstrates the Marshal issue,
while also providing an end-to-end test for external auth login.
---
 spec/controllers/dashboard_controller_spec.rb | 48 +++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/spec/controllers/dashboard_controller_spec.rb b/spec/controllers/dashboard_controller_spec.rb
index a891712ffee..ee4bc48d71b 100644
--- a/spec/controllers/dashboard_controller_spec.rb
+++ b/spec/controllers/dashboard_controller_spec.rb
@@ -90,6 +90,54 @@
     end
   end
 
+  context "external auth support" do
+    let(:user) { FactoryBot.create(:user, :role => "random") }
+    let(:user_name) { user.userid }
+    let(:user_domain) { "ipa.example.org" }
+    let(:user_email) { "#{user_name}@#{user_domain}" }
+    let(:user_group) { user.miq_groups.first.description }
+
+    before do
+      EvmSpecHelper.create_guid_miq_server_zone
+
+      stub_settings_merge(:authentication => {:mode => 'httpd', :httpd_role => true})
+      request.headers.merge!(
+        "HTTP_X_REMOTE_USER"        => user_name,
+        "HTTP_X_REMOTE_USER_EMAIL"  => user_email,
+        "HTTP_X_REMOTE_USER_DOMAIN" => user_domain,
+        "HTTP_X_REMOTE_USER_GROUPS" => user_group
+      )
+    end
+
+    it "initiates a task when logging in" do
+      skip_data_checks
+      post :external_authenticate, :params => {:user_name => user_name, :user_password => 'dummy'}
+      expect_failed_login # Not really failed, but waiting to complete
+
+      task = MiqTask.first
+      expect(task).to have_attributes(
+        :name    => "External httpd User Authorization of '#{user_name}'",
+        :message => "User authorized successfully",
+        :state   => "Finished",
+        :status  => "Ok",
+        :userid  => user_email
+      )
+
+      post :wait_for_task, :params => {:task_id => task.id}
+      expect_successful_login(user)
+    end
+
+    it "serializes the session properly between the task initiation and waiting for the task" do
+      skip_data_checks
+      post :external_authenticate, :params => {:user_name => user_name, :user_password => 'dummy'}
+
+      # In Rails test environment, we use memory session storage, but in production
+      # we use memcached. memcached Marshal.dump's the session, so we do that here
+      # manually to ensure it doesn't blow up.
+      Marshal.load(Marshal.dump(session))
+    end
+  end
+
   context "SAML and OIDC support" do
     before { EvmSpecHelper.create_guid_miq_server_zone }