Add latest changes from gitlab-org/gitlab@13-2-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-07-20 12:26:25 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-07-20 12:26:25 +0000
commit: a09983ae35713f5a2bbb100981116d31ce99826e (patch)
tree: 2ee2af7bd104d57086db360a7e6d8c9d5d43667a /spec/requests/api/api_spec.rb
parent: 18c5ab32b738c0b6ecb4d0df3994000482f34bd8 (diff)
download: gitlab-ce-a09983ae35713f5a2bbb100981116d31ce99826e.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/spec/requests/api/api_spec.rb b/spec/requests/api/api_spec.rb
index 201c0d1796c..bd0426601db 100644
--- a/spec/requests/api/api_spec.rb
+++ b/spec/requests/api/api_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe API::API do
+RSpec.describe API::API do
   include GroupAPIHelpers
 
   describe 'Record user last activity in after hook' do
@@ -36,6 +36,14 @@ describe API::API do
         expect(response).to have_gitlab_http_status(:ok)
       end
 
+      it 'does not authorize user for revoked token' do
+        revoked = create(:personal_access_token, :revoked, user: user, scopes: [:read_api])
+
+        get api('/groups', personal_access_token: revoked)
+
+        expect(response).to have_gitlab_http_status(:unauthorized)
+      end
+
       it 'does not authorize user for post request' do
         params = attributes_for_group_api
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-07-20 12:26:25 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-07-20 12:26:25 +0000
commit	a09983ae35713f5a2bbb100981116d31ce99826e (patch)
tree	2ee2af7bd104d57086db360a7e6d8c9d5d43667a /spec/requests/api/api_spec.rb
parent	18c5ab32b738c0b6ecb4d0df3994000482f34bd8 (diff)
download	gitlab-ce-a09983ae35713f5a2bbb100981116d31ce99826e.tar.gz