[C] Update oauth tests

Author: timfrazee

api/app/controllers/concerns/manages_oauth_cookie.rb

@@ -36,7 +36,7 @@ def clean_up_auth_code!(code = params[:auth_code])
   def cookie_domain
     domain = Rails.application.config.manifold.domain
 
-    if Rails.env.development? && domain.include?(":")
+    if (Rails.env.development? || Rails.env.test?) && domain.include?(":")
       domain.split(":")[0]
     else
       ".#{domain}"

api/app/models/identity.rb

@@ -9,7 +9,7 @@ class Identity < ApplicationRecord
 
   has_many :user_group_memberships, as: :source
 
-  validates :provider, inclusion: { in: (ManifoldEnv.oauth.known_strategies + SamlConfig.provider_names) }
+  validates :provider, inclusion: { in: ->(_) { (ManifoldEnv.oauth.known_strategies + SamlConfig.provider_names) } }
   validates :uid, :provider, presence: true
   validates :uid, uniqueness: { scope: %i(provider) }
 

api/app/operations/user_groups/remove_member.rb

@@ -14,7 +14,7 @@ class RemoveMember
     def call(user_group, user_or_identity)
       parse_user_or_identity(user_or_identity)
 
-      user_group.memberships.where(user:, identity:).destroy_all
+      user_group.memberships.where(user:, source: identity).destroy_all
 
       Success()
     end

api/app/services/external_auth/auth_action.rb

@@ -10,7 +10,7 @@ module AuthAction
       object :auth_hash, class: "OmniAuth::AuthHash", converter: :new
 
       validates :provider,
-                inclusion: { in: (ManifoldEnv.oauth.known_strategies + SamlConfig.provider_names) },
+                inclusion: { in: ->(_) { (ManifoldEnv.oauth.known_strategies + SamlConfig.provider_names) } },
                 presence: true
 
       delegate :info, to: :auth_hash, prefix: :auth

api/spec/requests/oauth_spec.rb

@@ -6,6 +6,8 @@
   let(:user_group) { FactoryBot.create(:user_group) }
   let(:entitleable) { FactoryBot.create(:project) }
 
+  let!(:omniauth_uid) { "12345" }
+
   let!(:user_group_external_identifier) { FactoryBot.create(:external_identifier, identifiable: user_group) }
   let!(:entitleable_external_identifier) { FactoryBot.create(:external_identifier, identifiable: entitleable) }
 
@@ -14,7 +16,7 @@
   let(:auth_hash) do
     {
       provider: provider.to_s,
-      uid: "12345",
+      uid: omniauth_uid,
       info: {
         first_name: Faker::Name.first_name,
         last_name: Faker::Name.last_name,
@@ -25,6 +27,11 @@
     }
   end
 
+  before do
+    OmniAuth.config.mock_auth[provider] = OmniAuth::AuthHash.new(auth_hash)
+    Rails.application.env_config["omniauth.auth"] = OmniAuth.config.mock_auth[provider]
+  end
+
   context "as mocked google_oauth2 OAuth" do
     let(:provider) { :google_oauth2 }
 
@@ -33,9 +40,6 @@
         settings.integrations.google_oauth_client_id = "TEST"
         settings.secrets.google_oauth_client_secret = "TEST"
       end.save
-
-      OmniAuth.config.mock_auth[provider] = OmniAuth::AuthHash.new(auth_hash)
-      Rails.application.env_config["omniauth.auth"] = OmniAuth.config.mock_auth[provider]
     end
 
     describe "/auth/:provider/callback" do
@@ -59,39 +63,75 @@
 
       context "with entitlements defined" do
 
-
         it "creates entitlements" do
           expect do
             post "/auth/google_oauth2"
             follow_redirect!
           end.to change(Entitlement, :count).by(1)
         end
       end
+
+      context "with an existing user" do
+        let!(:user) { FactoryBot.create(:user) }
+        let!(:identity) { FactoryBot.create(:identity, user: user, provider: provider.to_s, uid: omniauth_uid) }
+
+        context "with an existing user group membership associated with the identity" do
+          let!(:user_group_membership) { FactoryBot.create(:user_group_membership, user_group:, user:, source: identity) }
+
+          context "and an OAuth request that does NOT include the user group" do
+            before do
+              OmniAuth.config.mock_auth[provider][:info][:user_groups] = nil
+            end
+            it "removes the user group membership" do
+              expect do
+                post "/auth/google_oauth2"
+                follow_redirect!
+              end.to change(UserGroupMembership, :count).by(-1)
+            end
+          end
+        end
+
+        context "with an existing entitlement associated with the identity" do
+          let!(:entitlement) do
+            FactoryBot.create(:entitlement,
+                              :read_access,
+                              target: user,
+                              entitler: identity.to_upsertable_entitler,
+                              subject: entitleable
+                              )
+          end
+
+          context "and an OAuth request that does NOT include the entitleable" do
+            before do
+              OmniAuth.config.mock_auth[provider][:info][:entitlements] = nil
+            end
+            it "removes the entitlement" do
+              expect do
+                post "/auth/google_oauth2"
+                follow_redirect!
+              end.to change(Entitlement, :count).by(-1)
+            end
+          end
+        end
+      end
     end
   end
 
   context "as mocked SAML" do
-    let(:provider_name) { "saml" }
+    let(:provider) { :saml }
 
     before do
-      allow_any_instance_of(SamlConfig).to receive(:provider_names).and_return([provider_name])
-
-      OmniAuth.config.mock_auth[:saml] = OmniAuth::AuthHash.new({
-        provider: provider_name,
-        uid: "12345",
-        info: {
-          first_name: Faker::Name.first_name,
-          last_name: Faker::Name.last_name,
-          email: Faker::Internet.email
-        }
-      })
-
-      Rails.application.env_config["omniauth.auth"] = OmniAuth.config.mock_auth[:saml]
+      allow(SamlConfig).to receive(:provider_names).and_return([provider.to_s])
+      allow_any_instance_of(SamlConfig).to receive(:provider_names).and_return([provider.to_s])
+
+      # Clear any cached config
+      SamlConfig.instance_variable_set("@instance", nil)
     end
 
-    xit "does some shit" do
+    it "creates the identity" do
       expect do
         post "/auth/saml"
+        follow_redirect!
       end.to change { Identity.count }.by(1)
     end
   end