From 590ddfdcba3d8b88d3351591d307087aaf0d15e0 Mon Sep 17 00:00:00 2001
From: James Edwards-Jones <jedwardsjones@gitlab.com>
Date: Tue, 27 Mar 2018 23:24:02 +0100
Subject: [PATCH] Adds validators and rack cookie helper

These changes are backported from EE, related to SAML settings in
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4549
---
 app/validators/certificate_fingerprint_validator.rb |  9 +++++++++
 app/validators/top_level_group_validator.rb         |  7 +++++++
 spec/support/cookie_helper.rb                       | 13 +++++++++++++
 spec/support/login_helpers.rb                       |  4 ++++
 4 files changed, 33 insertions(+)
 create mode 100644 app/validators/certificate_fingerprint_validator.rb
 create mode 100644 app/validators/top_level_group_validator.rb

diff --git a/app/validators/certificate_fingerprint_validator.rb b/app/validators/certificate_fingerprint_validator.rb
new file mode 100644
index 00000000000..17df756183a
--- /dev/null
+++ b/app/validators/certificate_fingerprint_validator.rb
@@ -0,0 +1,9 @@
+class CertificateFingerprintValidator < ActiveModel::EachValidator
+  FINGERPRINT_PATTERN = /\A([a-zA-Z0-9]{2}[\s\-:]?){16,}\z/.freeze
+
+  def validate_each(record, attribute, value)
+    unless value.try(:match, FINGERPRINT_PATTERN)
+      record.errors.add(attribute, "must be a hash containing only letters, numbers, spaces, : and -")
+    end
+  end
+end
diff --git a/app/validators/top_level_group_validator.rb b/app/validators/top_level_group_validator.rb
new file mode 100644
index 00000000000..7e2e735e0cf
--- /dev/null
+++ b/app/validators/top_level_group_validator.rb
@@ -0,0 +1,7 @@
+class TopLevelGroupValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    if value&.subgroup?
+      record.errors.add(attribute, "must be a top level Group")
+    end
+  end
+end
diff --git a/spec/support/cookie_helper.rb b/spec/support/cookie_helper.rb
index d72925e1838..5ff7b0b68c9 100644
--- a/spec/support/cookie_helper.rb
+++ b/spec/support/cookie_helper.rb
@@ -2,12 +2,25 @@
 #
 module CookieHelper
   def set_cookie(name, value, options = {})
+    case page.driver
+    when Capybara::RackTest::Driver
+      rack_set_cookie(name, value)
+    else
+      selenium_set_cookie(name, value, options)
+    end
+  end
+
+  def selenium_set_cookie(name, value, options = {})
     # Selenium driver will not set cookies for a given domain when the browser is at `about:blank`.
     # It also doesn't appear to allow overriding the cookie path. loading `/` is the most inclusive.
     visit options.fetch(:path, '/') unless on_a_page?
     page.driver.browser.manage.add_cookie(name: name, value: value, **options)
   end
 
+  def rack_set_cookie(name, value)
+    page.driver.browser.set_cookie("#{name}=#{value}")
+  end
+
   def get_cookie(name)
     page.driver.browser.manage.cookie_named(name)
   end
diff --git a/spec/support/login_helpers.rb b/spec/support/login_helpers.rb
index d08183846a0..db34090e971 100644
--- a/spec/support/login_helpers.rb
+++ b/spec/support/login_helpers.rb
@@ -140,6 +140,10 @@ module LoginHelpers
     end
     allow(Gitlab::Auth::OAuth::Provider).to receive_messages(providers: [:saml], config_for: mock_saml_config)
     stub_omniauth_setting(messages)
+    stub_saml_authorize_path_helpers
+  end
+
+  def stub_saml_authorize_path_helpers
     allow_any_instance_of(Object).to receive(:user_saml_omniauth_authorize_path).and_return('/users/auth/saml')
     allow_any_instance_of(Object).to receive(:omniauth_authorize_path).with(:user, "saml").and_return('/users/auth/saml')
   end
-- 
GitLab