diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-20 12:26:25 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-20 12:26:25 +0000 |
commit | a09983ae35713f5a2bbb100981116d31ce99826e (patch) | |
tree | 2ee2af7bd104d57086db360a7e6d8c9d5d43667a /spec/requests/api/api_spec.rb | |
parent | 18c5ab32b738c0b6ecb4d0df3994000482f34bd8 (diff) | |
download | gitlab-ce-a09983ae35713f5a2bbb100981116d31ce99826e.tar.gz |
Add latest changes from gitlab-org/gitlab@13-2-stable-ee
Diffstat (limited to 'spec/requests/api/api_spec.rb')
-rw-r--r-- | spec/requests/api/api_spec.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/spec/requests/api/api_spec.rb b/spec/requests/api/api_spec.rb index 201c0d1796c..bd0426601db 100644 --- a/spec/requests/api/api_spec.rb +++ b/spec/requests/api/api_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe API::API do +RSpec.describe API::API do include GroupAPIHelpers describe 'Record user last activity in after hook' do @@ -36,6 +36,14 @@ describe API::API do expect(response).to have_gitlab_http_status(:ok) end + it 'does not authorize user for revoked token' do + revoked = create(:personal_access_token, :revoked, user: user, scopes: [:read_api]) + + get api('/groups', personal_access_token: revoked) + + expect(response).to have_gitlab_http_status(:unauthorized) + end + it 'does not authorize user for post request' do params = attributes_for_group_api |