diff options
author | Cindy Pallares <cindy@gitlab.com> | 2018-11-28 19:06:02 +0000 |
---|---|---|
committer | Cindy Pallares <cindy@gitlab.com> | 2018-11-28 19:13:59 -0500 |
commit | fe5f75930e781ef854b458fafa307ebb90a8ed2e (patch) | |
tree | 7160814e28d056568685e8fe84456755ce02fecd /spec/controllers/dashboard_controller_spec.rb | |
parent | e122e14ac6a25c7813ca888a97bd4a3298e78d9d (diff) | |
download | gitlab-ce-fe5f75930e781ef854b458fafa307ebb90a8ed2e.tar.gz |
Merge branch 'security-fix-pat-web-access' into 'master'
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"
See merge request gitlab/gitlabhq!2583
Diffstat (limited to 'spec/controllers/dashboard_controller_spec.rb')
-rw-r--r-- | spec/controllers/dashboard_controller_spec.rb | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/spec/controllers/dashboard_controller_spec.rb b/spec/controllers/dashboard_controller_spec.rb index 187542ba30c..c857a78d5e8 100644 --- a/spec/controllers/dashboard_controller_spec.rb +++ b/spec/controllers/dashboard_controller_spec.rb @@ -1,21 +1,26 @@ require 'spec_helper' describe DashboardController do - let(:user) { create(:user) } - let(:project) { create(:project) } + context 'signed in' do + let(:user) { create(:user) } + let(:project) { create(:project) } - before do - project.add_maintainer(user) - sign_in(user) - end + before do + project.add_maintainer(user) + sign_in(user) + end - describe 'GET issues' do - it_behaves_like 'issuables list meta-data', :issue, :issues - it_behaves_like 'issuables requiring filter', :issues - end + describe 'GET issues' do + it_behaves_like 'issuables list meta-data', :issue, :issues + it_behaves_like 'issuables requiring filter', :issues + end - describe 'GET merge requests' do - it_behaves_like 'issuables list meta-data', :merge_request, :merge_requests - it_behaves_like 'issuables requiring filter', :merge_requests + describe 'GET merge requests' do + it_behaves_like 'issuables list meta-data', :merge_request, :merge_requests + it_behaves_like 'issuables requiring filter', :merge_requests + end end + + it_behaves_like 'authenticates sessionless user', :issues, :atom, author_id: User.first + it_behaves_like 'authenticates sessionless user', :issues_calendar, :ics end |