SONAR-8416 improve ITs on authentication

Complete check on message displayed in ui when functional authentication errors are generated
Add ITs when errors are generated during callback of OAuth2 authentication plugins

12 files changed, 386 insertions, 16 deletions

diff --git a/it/it-plugins/oauth2-auth-plugin/src/main/java/FakeOAuth2IdProvider.java b/it/it-plugins/oauth2-auth-plugin/src/main/java/FakeOAuth2IdProvider.java
index 5f3f73ec0a9..5ed8ff0c89d 100644
--- a/it/it-plugins/oauth2-auth-plugin/src/main/java/FakeOAuth2IdProvider.java
+++ b/it/it-plugins/oauth2-auth-plugin/src/main/java/FakeOAuth2IdProvider.java
@@ -21,21 +21,24 @@
 import org.sonar.api.config.Settings;
 import org.sonar.api.server.authentication.Display;
 import org.sonar.api.server.authentication.OAuth2IdentityProvider;
+import org.sonar.api.server.authentication.UnauthorizedException;
 import org.sonar.api.server.authentication.UserIdentity;
 
 public class FakeOAuth2IdProvider implements OAuth2IdentityProvider {
 
   private static final String ENABLED = "sonar.auth.fake-oauth2-id-provider.enabled";
+  private static final String ALLOWS_USERS_TO_SIGN_UP = "sonar.auth.fake-oauth2-id-provider.allowsUsersToSignUp";
   private static final String URL = "sonar.auth.fake-oauth2-id-provider.url";
   private static final String USER_INFO = "sonar.auth.fake-oauth2-id-provider.user";
 
+  private static final String THROW_UNAUTHORIZED_EXCEPTION = "sonar.auth.fake-oauth2-id-provider.throwUnauthorizedMessage";
+
   private final Settings settings;
 
   public FakeOAuth2IdProvider(Settings settings) {
     this.settings = settings;
   }
 
-
   @Override
   public void init(InitContext context) {
     String url = settings.getString(URL);
@@ -51,6 +54,11 @@ public class FakeOAuth2IdProvider implements OAuth2IdentityProvider {
     if (userInfoProperty == null) {
       throw new IllegalStateException(String.format("The property %s is required", USER_INFO));
     }
+    boolean throwUnauthorizedException = settings.getBoolean(THROW_UNAUTHORIZED_EXCEPTION);
+    if (throwUnauthorizedException) {
+      throw new UnauthorizedException("A functional error has happened");
+    }
+
     String[] userInfos = userInfoProperty.split(",");
     context.authenticate(UserIdentity.builder()
       .setLogin(userInfos[0])
@@ -86,7 +94,12 @@ public class FakeOAuth2IdProvider implements OAuth2IdentityProvider {
 
   @Override
   public boolean allowsUsersToSignUp() {
+    if (settings.hasKey(ALLOWS_USERS_TO_SIGN_UP)) {
+      return settings.getBoolean(ALLOWS_USERS_TO_SIGN_UP);
+    }
+    // If property is not defined, default behaviour is not always allow users to sign up
     return true;
+
   }
 
 }
diff --git a/it/it-tests/src/test/java/it/user/BaseIdentityProviderTest.java b/it/it-tests/src/test/java/it/user/BaseIdentityProviderTest.java
index 127ab3dd7d8..7a8a51f2d2c 100644
--- a/it/it-tests/src/test/java/it/user/BaseIdentityProviderTest.java
+++ b/it/it-tests/src/test/java/it/user/BaseIdentityProviderTest.java
@@ -43,7 +43,6 @@ import static util.selenium.Selenese.runSelenese;
 
 /**
  * TODO : Add missing ITs
- * - creating new user using email already used
  * - display multiple identity provider plugins (probably in another class)
  */
 public class BaseIdentityProviderTest {
@@ -99,7 +98,7 @@ public class BaseIdentityProviderTest {
   }
 
   @Test
-  public void authenticate_user() throws Exception {
+  public void authenticate_user_through_ui() throws Exception {
     enablePlugin();
     setUserCreatedByAuthPlugin(USER_LOGIN, USER_PROVIDER_ID, USER_NAME, USER_EMAIL);
 
@@ -120,6 +119,18 @@ public class BaseIdentityProviderTest {
   }
 
   @Test
+  public void fail_when_email_already_exists() throws Exception {
+    enablePlugin();
+    setUserCreatedByAuthPlugin(USER_LOGIN, USER_PROVIDER_ID, USER_NAME, USER_EMAIL);
+    userRule.createUser("another", "Another", USER_EMAIL, "another");
+
+    runSelenese(ORCHESTRATOR,"/user/BaseIdentityProviderTest/fail_when_email_already_exists.html");
+
+    File logFile = ORCHESTRATOR.getServer().getWebLogs();
+    assertThat(FileUtils.readFileToString(logFile)).doesNotContain("You can't sign up because email 'john@email.com' is already used by an existing user. This means that you probably already registered with another account");
+  }
+
+  @Test
   public void fail_to_authenticate_when_not_allowed_to_sign_up() throws Exception {
     enablePlugin();
     setUserCreatedByAuthPlugin(USER_LOGIN, USER_PROVIDER_ID, USER_NAME, USER_EMAIL);
@@ -186,7 +197,8 @@ public class BaseIdentityProviderTest {
     setUserCreatedByAuthPlugin(USER_LOGIN, USER_PROVIDER_ID, USER_NAME, USER_EMAIL);
     setServerProperty(ORCHESTRATOR, "sonar.auth.fake-base-id-provider.throwUnauthorizedMessage", "true");
 
-    runSelenese(ORCHESTRATOR, "/user/BaseIdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html");
+    runSelenese(ORCHESTRATOR,
+        "/user/BaseIdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html");
 
     File logFile = ORCHESTRATOR.getServer().getWebLogs();
     assertThat(FileUtils.readFileToString(logFile)).doesNotContain("A functional error has happened");
diff --git a/it/it-tests/src/test/java/it/user/OAuth2IdentityProviderTest.java b/it/it-tests/src/test/java/it/user/OAuth2IdentityProviderTest.java
index ef1a2f0a3f5..41dddd73041 100644
--- a/it/it-tests/src/test/java/it/user/OAuth2IdentityProviderTest.java
+++ b/it/it-tests/src/test/java/it/user/OAuth2IdentityProviderTest.java
@@ -21,9 +21,11 @@ package it.user;
 
 import com.sonar.orchestrator.Orchestrator;
 import it.Category4Suite;
+import java.io.File;
 import java.net.HttpURLConnection;
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
+import org.apache.commons.io.FileUtils;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -37,7 +39,9 @@ import util.user.UserRule;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static util.ItUtils.newAdminWsClient;
+import static util.ItUtils.resetSettings;
 import static util.ItUtils.setServerProperty;
+import static util.selenium.Selenese.runSelenese;
 
 /**
  * There's only tests specific to OAuth2 in this class
@@ -78,29 +82,90 @@ public class OAuth2IdentityProviderTest {
     fakeServerAuthProvider = new MockWebServer();
     fakeServerAuthProvider.start();
     fakeServerAuthProviderUrl = fakeServerAuthProvider.url("").url().toString();
+    userRule.resetUsers();
+    resetSettings(ORCHESTRATOR, null, "sonar.auth.fake-oauth2-id-provider.enabled",
+      "sonar.auth.fake-oauth2-id-provider.url",
+      "sonar.auth.fake-oauth2-id-provider.user",
+      "sonar.auth.fake-oauth2-id-provider.throwUnauthorizedMessage",
+      "sonar.auth.fake-oauth2-id-provider.allowsUsersToSignUp");
   }
 
   @After
   public void tearDown() throws Exception {
     fakeServerAuthProvider.shutdown();
-    setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.enabled", null);
-    setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.url", null);
-    setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.user", null);
   }
 
   @Test
   public void create_new_user_when_authenticate() throws Exception {
     simulateRedirectionToCallback();
-
-    setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.enabled", "true");
-    setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.url", fakeServerAuthProviderUrl);
-    setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.user", USER_LOGIN + "," + USER_PROVIDER_ID + "," + USER_NAME + "," + USER_EMAIL);
+    enablePlugin();
 
     authenticateWithFakeAuthProvider();
 
     userRule.verifyUserExists(USER_LOGIN, USER_NAME, USER_EMAIL);
   }
 
+  @Test
+  public void authenticate_user_through_ui() throws Exception {
+    simulateRedirectionToCallback();
+    enablePlugin();
+
+    runSelenese(ORCHESTRATOR,"/user/OAuth2IdentityProviderTest/authenticate_user.html");
+
+    userRule.verifyUserExists(USER_LOGIN, USER_NAME, USER_EMAIL);
+  }
+
+  @Test
+  public void display_unauthorized_page_when_authentication_failed_in_callback() throws Exception {
+    simulateRedirectionToCallback();
+    enablePlugin();
+
+    // As this property is null, the plugin will throw an exception
+    setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.user", null);
+
+    runSelenese(ORCHESTRATOR,"/user/OAuth2IdentityProviderTest/display_unauthorized_page_when_authentication_failed.html");
+
+    userRule.verifyUserDoesNotExist(USER_LOGIN);
+  }
+
+  @Test
+  public void fail_to_authenticate_when_not_allowed_to_sign_up() throws Exception {
+    simulateRedirectionToCallback();
+    enablePlugin();
+    setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.allowsUsersToSignUp", "false");
+
+    runSelenese(ORCHESTRATOR, "/user/OAuth2IdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html");
+
+    userRule.verifyUserDoesNotExist(USER_LOGIN);
+  }
+
+  @Test
+  public void display_message_in_ui_but_not_in_log_when_unauthorized_exception_in_callback() throws Exception {
+    simulateRedirectionToCallback();
+    enablePlugin();
+    setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.throwUnauthorizedMessage", "true");
+
+    runSelenese(ORCHESTRATOR,"/user/OAuth2IdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html");
+
+    File logFile = ORCHESTRATOR.getServer().getWebLogs();
+    assertThat(FileUtils.readFileToString(logFile)).doesNotContain("A functional error has happened");
+    assertThat(FileUtils.readFileToString(logFile)).doesNotContain("UnauthorizedException");
+
+    userRule.verifyUserDoesNotExist(USER_LOGIN);
+  }
+
+  @Test
+  public void fail_when_email_already_exists() throws Exception {
+    simulateRedirectionToCallback();
+    enablePlugin();
+    userRule.createUser("another", "Another", USER_EMAIL, "another");
+
+    runSelenese(ORCHESTRATOR,"/user/OAuth2IdentityProviderTest/fail_when_email_already_exists.html");
+
+    File logFile = ORCHESTRATOR.getServer().getWebLogs();
+    assertThat(FileUtils.readFileToString(logFile)).doesNotContain("You can't sign up because email 'john@email.com' is already used by an existing user. This means that you probably already registered with another account");
+  }
+
   private void authenticateWithFakeAuthProvider() {
     WsResponse response = adminWsClient.wsConnector().call(
       new GetRequest(("/sessions/init/" + FAKE_PROVIDER_KEY)));
@@ -114,4 +179,10 @@ public class OAuth2IdentityProviderTest {
       .setBody("Redirect to SonarQube"));
   }
 
+  private void enablePlugin() {
+    setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.enabled", "true");
+    setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.url", fakeServerAuthProviderUrl);
+    setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.user", USER_LOGIN + "," + USER_PROVIDER_ID + "," + USER_NAME + "," + USER_EMAIL);
+  }
+
 }
diff --git a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html
new file mode 100644
index 00000000000..b62763fb7c9
--- /dev/null
+++ b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head profile="http://selenium-ide.openqa.org/profiles/test-case">
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+  <title>fail_to_authenticate_when_not_allowed_to_sign_up</title>
+</head>
+<body>
+<table cellpadding="1" cellspacing="1" border="1">
+  <thead>
+  <tr>
+    <td rowspan="1" colspan="3">french</td>
+  </tr>
+  </thead>
+  <tbody>
+  <tr>
+    <td>open</td>
+    <td>/sessions/new</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>content</td>
+    <td>*Log in with Fake base identity provider*</td>
+  </tr>
+  <tr>
+    <td>click</td>
+    <td>css=.oauth-providers a</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>bd</td>
+    <td>*You're not authorized to access this page. Please contact the administrator.*</td>
+  </tr>
+  <tr>
+    <td>assertText</td>
+    <td>bd</td>
+    <td>*Reason : A functional error has happened*</td>
+  </tr>
+  </tbody>
+</table>
+</body>
+</html>
diff --git a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_unauthorized_page_when_authentication_failed.html b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_unauthorized_page_when_authentication_failed.html
index db0799b4e32..47a19a2df41 100644
--- a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_unauthorized_page_when_authentication_failed.html
+++ b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_unauthorized_page_when_authentication_failed.html
@@ -15,7 +15,17 @@
   <tbody>
   <tr>
     <td>open</td>
-    <td>/sessions/init/fake-base-id-provider</td>
+    <td>/sessions/new</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>content</td>
+    <td>*Log in with Fake base identity provider*</td>
+  </tr>
+  <tr>
+    <td>click</td>
+    <td>css=.oauth-providers a</td>
     <td></td>
   </tr>
   <tr>
diff --git a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html
index d53f5239da9..40c300bd701 100644
--- a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html
+++ b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html
@@ -15,13 +15,23 @@
   <tbody>
   <tr>
     <td>open</td>
-    <td>/sessions/init/fake-base-id-provider</td>
+    <td>/sessions/new</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>content</td>
+    <td>*Log in with Fake base identity provider*</td>
+  </tr>
+  <tr>
+    <td>click</td>
+    <td>css=.oauth-providers a</td>
     <td></td>
   </tr>
   <tr>
     <td>waitForText</td>
     <td>bd</td>
-    <td>*You're not authorized to access this page. Please contact the administrator.*</td>
+    <td>*You're not authorized to access this page. Please contact the administrator.*Reason : 'fake-base-id-provider' users are not allowed to sign up*</td>
   </tr>
   </tbody>
 </table>
diff --git a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_when_email_already_exists.html b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_when_email_already_exists.html
new file mode 100644
index 00000000000..b6f7e600ac3
--- /dev/null
+++ b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_when_email_already_exists.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head profile="http://selenium-ide.openqa.org/profiles/test-case">
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+  <title>fail_when_email_already_exists</title>
+</head>
+<body>
+<table cellpadding="1" cellspacing="1" border="1">
+  <thead>
+  <tr>
+    <td rowspan="1" colspan="3">french</td>
+  </tr>
+  </thead>
+  <tbody>
+  <tr>
+    <td>open</td>
+    <td>/sessions/new</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>content</td>
+    <td>*Log in with Fake base identity provider*</td>
+  </tr>
+  <tr>
+    <td>click</td>
+    <td>css=.oauth-providers a</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>bd</td>
+    <td>*You're not authorized to access this page. Please contact the administrator.*</td>
+  </tr>
+  <tr>
+    <td>assertText</td>
+    <td>bd</td>
+    <td>*You can't sign up because email 'john@email.com' is already used by an existing user. This means that you probably already registered with another account*</td>
+  </tr>
+  </tbody>
+</table>
+</body>
+</html>
diff --git a/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/authenticate_user.html b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/authenticate_user.html
new file mode 100644
index 00000000000..22b34ba03c9
--- /dev/null
+++ b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/authenticate_user.html
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+
+<body>
+<table cellpadding="1" cellspacing="1" border="1">
+  <tr>
+    <td>open</td>
+    <td>/sessions/new</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>content</td>
+    <td>*Log in with Fake oauth2 identity provider*</td>
+  </tr>
+  <tr>
+    <td>click</td>
+    <td>css=.oauth-providers a</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>id=global-navigation</td>
+    <td>*John*</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html
new file mode 100644
index 00000000000..6a38ed69063
--- /dev/null
+++ b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head profile="http://selenium-ide.openqa.org/profiles/test-case">
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+  <title>fail_to_authenticate_when_not_allowed_to_sign_up</title>
+</head>
+<body>
+<table cellpadding="1" cellspacing="1" border="1">
+  <thead>
+  <tr>
+    <td rowspan="1" colspan="3">french</td>
+  </tr>
+  </thead>
+  <tbody>
+  <tr>
+    <td>open</td>
+    <td>/sessions/new</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>content</td>
+    <td>*Log in with Fake oauth2 identity provider*</td>
+  </tr>
+  <tr>
+    <td>click</td>
+    <td>css=.oauth-providers a</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>bd</td>
+    <td>*You're not authorized to access this page. Please contact the administrator.*</td>
+  </tr>
+  <tr>
+    <td>assertText</td>
+    <td>bd</td>
+    <td>*Reason : A functional error has happened*</td>
+  </tr>
+  </tbody>
+</table>
+</body>
+</html>
diff --git a/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_unauthorized_page_when_authentication_failed.html b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_unauthorized_page_when_authentication_failed.html
new file mode 100644
index 00000000000..b01d24aad4c
--- /dev/null
+++ b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_unauthorized_page_when_authentication_failed.html
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head profile="http://selenium-ide.openqa.org/profiles/test-case">
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+  <title>display_unauthorized_page_when_authentication_failed</title>
+</head>
+<body>
+<table cellpadding="1" cellspacing="1" border="1">
+  <thead>
+  <tr>
+    <td rowspan="1" colspan="3">french</td>
+  </tr>
+  </thead>
+  <tbody>
+  <tr>
+    <td>open</td>
+    <td>/sessions/new</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>content</td>
+    <td>*Log in with Fake oauth2 identity provider*</td>
+  </tr>
+  <tr>
+    <td>click</td>
+    <td>css=.oauth-providers a</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>bd</td>
+    <td>*You're not authorized to access this page. Please contact the administrator.*</td>
+  </tr>
+  </tbody>
+</table>
+</body>
+</html>
diff --git a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/diplay_message_in_ui_but_not_in_log_when_unauthorized_exception.html b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html
index 4d06368ae6c..a3da2de8ed0 100644
--- a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/diplay_message_in_ui_but_not_in_log_when_unauthorized_exception.html
+++ b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html
@@ -15,13 +15,23 @@
   <tbody>
   <tr>
     <td>open</td>
-    <td>/sessions/init/fake-base-id-provider</td>
+    <td>/sessions/new</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>content</td>
+    <td>*Log in with Fake oauth2 identity provider*</td>
+  </tr>
+  <tr>
+    <td>click</td>
+    <td>css=.oauth-providers a</td>
     <td></td>
   </tr>
   <tr>
     <td>waitForText</td>
     <td>bd</td>
-    <td>*You're not authorized to access this page. Please contact the administrator.*Reason : A functional error has happened*</td>
+    <td>*You're not authorized to access this page. Please contact the administrator.*Reason : 'fake-oauth2-id-provider' users are not allowed to sign up*</td>
   </tr>
   </tbody>
 </table>
diff --git a/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/fail_when_email_already_exists.html b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/fail_when_email_already_exists.html
new file mode 100644
index 00000000000..7d038ac592d
--- /dev/null
+++ b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/fail_when_email_already_exists.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head profile="http://selenium-ide.openqa.org/profiles/test-case">
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+  <title>fail_when_email_already_exists</title>
+</head>
+<body>
+<table cellpadding="1" cellspacing="1" border="1">
+  <thead>
+  <tr>
+    <td rowspan="1" colspan="3">french</td>
+  </tr>
+  </thead>
+  <tbody>
+  <tr>
+    <td>open</td>
+    <td>/sessions/new</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>content</td>
+    <td>*Log in with Fake oauth2 identity provider*</td>
+  </tr>
+  <tr>
+    <td>click</td>
+    <td>css=.oauth-providers a</td>
+    <td></td>
+  </tr>
+  <tr>
+    <td>waitForText</td>
+    <td>bd</td>
+    <td>*You're not authorized to access this page. Please contact the administrator.*</td>
+  </tr>
+  <tr>
+    <td>assertText</td>
+    <td>bd</td>
+    <td>*You can't sign up because email 'john@email.com' is already used by an existing user. This means that you probably already registered with another account*</td>
+  </tr>
+  </tbody>
+</table>
+</body>
+</html>