Merge branch '33408-upgrade-devise' into 'master'

Upgrade devise and dependencies Closes #20175 See merge request !18225

Merge branch '33408-upgrade-devise' into 'master'
87485e7c · Lin Jen-Shin · af24ba11 · 48d7d967 · 87485e7c · 87485e7c
Commit 87485e7c authored 5 years ago by Lin Jen-Shin
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -95,7 +95,7 @@ GEM
    babosa (1.0.2)
    base32 (0.3.2)
    batch-loader (1.4.0)
-    bcrypt (3.1.12)
+    bcrypt (3.1.13)
    bcrypt_pbkdf (1.0.0)
    benchmark-ips (2.3.0)
    benchmark-memory (0.1.2)
@@ -209,10 +209,10 @@ GEM
    descendants_tracker (0.0.4)
      thread_safe (~> 0.3, >= 0.3.1)
    device_detector (1.0.0)
-    devise (4.6.2)
+    devise (4.7.1)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
-      railties (>= 4.1.0, < 6.0)
+      railties (>= 4.1.0)
      responders
      warden (~> 1.2.3)
    devise-two-factor (3.0.0)
@@ -488,7 +488,7 @@ GEM
      mime-types (~> 3.0)
      multi_xml (>= 0.5.2)
    httpclient (2.8.3)
-    i18n (1.6.0)
+    i18n (1.7.0)
      concurrent-ruby (~> 1.0)
    i18n_data (0.8.0)
    icalendar (2.4.1)
@@ -770,8 +770,8 @@ GEM
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.2.0)
-      loofah (~> 2.2, >= 2.2.2)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
    rails-i18n (5.1.1)
      i18n (>= 0.7, < 2)
      railties (>= 5.0, < 6)
@@ -824,9 +824,9 @@ GEM
      declarative-option (< 0.2.0)
      uber (< 0.2.0)
    request_store (1.3.1)
-    responders (2.4.0)
-      actionpack (>= 4.2.0, < 5.3)
-      railties (>= 4.2.0, < 5.3)
+    responders (2.4.1)
+      actionpack (>= 4.2.0, < 6.0)
+      railties (>= 4.2.0, < 6.0)
    rest-client (2.0.2)
      http-cookie (>= 1.0.2, < 2.0)
      mime-types (>= 1.16, < 4.0)
@@ -1058,8 +1058,8 @@ GEM
      descendants_tracker (~> 0.0, >= 0.0.3)
      equalizer (~> 0.0, >= 0.0.9)
    vmstat (2.3.0)
-    warden (1.2.7)
-      rack (>= 1.0)
+    warden (1.2.8)
+      rack (>= 2.0.6)
    webfinger (1.1.0)
      activesupport
      httpclient (>= 2.4)

--- a/spec/requests/openid_connect_spec.rb
+++ b/spec/requests/openid_connect_spec.rb
@@ -148,34 +148,25 @@ def request_user_info!
      end
    end

-    # These 2 calls shouldn't actually throw, they should be handled as an
-    # unauthorized request, so we should be able to check the response.
-    #
-    # This was not possible due to an issue with Warden:
-    # https://github.com/hassox/warden/pull/162
-    #
-    # When the patch gets merged and we update Warden, these specs will need to
-    # updated to check the response instead of a raised exception.
-    # https://gitlab.com/gitlab-org/gitlab-foss/issues/40218
    context 'when user is blocked' do
-      it 'returns authentication error' do
+      it 'redirects to login page' do
        access_grant
        user.block!

-        expect do
-          request_access_token!
-        end.to raise_error UncaughtThrowError
+        request_access_token!
+
+        expect(response).to redirect_to('/users/sign_in')
      end
    end

    context 'when user is ldap_blocked' do
-      it 'returns authentication error' do
+      it 'redirects to login page' do
        access_grant
        user.ldap_block!

-        expect do
-          request_access_token!
-        end.to raise_error UncaughtThrowError
+        request_access_token!
+
+        expect(response).to redirect_to('/users/sign_in')
      end
    end
  end