From 391533c9f641e3a0509d2cbd68bad431bf568361 Mon Sep 17 00:00:00 2001
From: jorg-vr <jorg.vr@live.be>
Date: Thu, 14 Sep 2023 13:59:20 +0200
Subject: [PATCH] Add tests

---
 .../omniauth_callbacks_controller_test.rb     | 56 ++++++++++++++++++-
 1 file changed, 55 insertions(+), 1 deletion(-)

diff --git a/test/controllers/auth/omniauth_callbacks_controller_test.rb b/test/controllers/auth/omniauth_callbacks_controller_test.rb
index 05f2e8cc2d..5caa8ff223 100644
--- a/test/controllers/auth/omniauth_callbacks_controller_test.rb
+++ b/test/controllers/auth/omniauth_callbacks_controller_test.rb
@@ -23,7 +23,8 @@ def omniauth_mock_identity(identity, params = {})
         email: identity.user.email,
         first_name: identity.user.first_name,
         last_name: identity.user.last_name,
-        institution: identity.provider.identifier
+        institution: identity.provider.identifier,
+        username: identity.user.username
       },
       extra: {
         raw_info: {
@@ -773,4 +774,57 @@ def omniauth_path(provider)
     # Done.
     sign_out user
   end
+
+  test 'existing users can link new provider within institution, based only on username' do
+    institution = create :institution
+    user = create :user, institution: institution, identities: [], username: 'foo'
+    first_provider = create :provider, institution: institution, mode: :prefer, identities: []
+    second_provider = create :provider, institution: institution, mode: :secondary, identities: []
+
+    # Link user to first provider.
+    first_identity = create :identity, provider: first_provider, user: user, identifier: 'bar'
+
+    # change user email but don't save
+    user.email = 'foo@bars.co'
+
+    # Build, but don't save the identity for the second provider.
+    # This allows us to log in with the second provider for the 'first' time.
+    second_identity = build :identity, provider: second_provider, user: user, identifier: 'bars'
+    omniauth_mock_identity second_identity
+
+    # Simulate the user logging in with the second provider.
+    # It should not create a user.
+    assert_difference 'User.count', 0 do
+      post omniauth_url(second_provider)
+      follow_redirect!
+    end
+
+    # It should render the page where the user can choose.
+    assert_response :success
+
+    # It is actually the page we expect.
+    assert_select 'h1', t('auth.redirect_to_known_provider.title')
+    # The other provider is listed as a possibility.
+    assert_select 'a.institution-sign-in' do |link|
+      assert_equal omniauth_path(first_provider), link.attr('href').to_s
+    end
+
+    omniauth_mock_identity first_identity
+
+    # The user listens to what we say and clicks the button.
+    post omniauth_url(first_provider)
+    follow_redirect!
+
+    # It should have been linked.
+    assert_redirected_to root_path
+    assert_equal @controller.current_user, user
+
+    user.identities.reload
+
+    # The user should have two identities.
+    assert_equal 2, user.identities.length
+
+    # Done.
+    sign_out user
+  end
 end