diff options
author | Douwe Maan <douwe@selenight.nl> | 2017-10-12 11:01:12 +0200 |
---|---|---|
committer | Douwe Maan <douwe@selenight.nl> | 2017-11-02 11:39:02 +0100 |
commit | 294fa6fcdcfa7d76bc97b754d2930f3686f54997 (patch) | |
tree | dd2093f86c6828fa59a5a4cbd79ffda16e883382 /spec/requests/api/helpers_spec.rb | |
parent | c03d39df8234be7fc6c846df05e08f204e6f0456 (diff) | |
download | gitlab-ce-294fa6fcdcfa7d76bc97b754d2930f3686f54997.tar.gz |
Remove authentication using user.private_token
Diffstat (limited to 'spec/requests/api/helpers_spec.rb')
-rw-r--r-- | spec/requests/api/helpers_spec.rb | 53 |
1 files changed, 4 insertions, 49 deletions
diff --git a/spec/requests/api/helpers_spec.rb b/spec/requests/api/helpers_spec.rb index 9f3b5a809d7..0ab9f94376c 100644 --- a/spec/requests/api/helpers_spec.rb +++ b/spec/requests/api/helpers_spec.rb @@ -28,17 +28,17 @@ describe API::Helpers do allow_any_instance_of(self.class).to receive(:options).and_return({}) end - def set_env(user_or_token, identifier) + def set_env(token, identifier) clear_env clear_param - env[API::APIGuard::PRIVATE_TOKEN_HEADER] = user_or_token.respond_to?(:private_token) ? user_or_token.private_token : user_or_token + env[API::APIGuard::PRIVATE_TOKEN_HEADER] = token env[API::Helpers::SUDO_HEADER] = identifier.to_s end - def set_param(user_or_token, identifier) + def set_param(token, identifier) clear_env clear_param - params[API::APIGuard::PRIVATE_TOKEN_PARAM] = user_or_token.respond_to?(:private_token) ? user_or_token.private_token : user_or_token + params[API::APIGuard::PRIVATE_TOKEN_PARAM] = token params[API::Helpers::SUDO_PARAM] = identifier.to_s end @@ -160,41 +160,6 @@ describe API::Helpers do end end - describe "when authenticating using a user's private token" do - it "returns a 401 response for an invalid token" do - env[API::APIGuard::PRIVATE_TOKEN_HEADER] = 'invalid token' - allow_any_instance_of(self.class).to receive(:doorkeeper_guard) { false } - - expect { current_user }.to raise_error /401/ - end - - it "returns a 401 response for a user without access" do - env[API::APIGuard::PRIVATE_TOKEN_HEADER] = user.private_token - allow_any_instance_of(Gitlab::UserAccess).to receive(:allowed?).and_return(false) - - expect { current_user }.to raise_error /401/ - end - - it 'returns a 401 response for a user who is blocked' do - user.block! - env[API::APIGuard::PRIVATE_TOKEN_HEADER] = user.private_token - - expect { current_user }.to raise_error /401/ - end - - it "leaves user as is when sudo not specified" do - env[API::APIGuard::PRIVATE_TOKEN_HEADER] = user.private_token - - expect(current_user).to eq(user) - - clear_env - - params[API::APIGuard::PRIVATE_TOKEN_PARAM] = user.private_token - - expect(current_user).to eq(user) - end - end - describe "when authenticating using a user's personal access tokens" do let(:personal_access_token) { create(:personal_access_token, user: user) } @@ -445,16 +410,6 @@ describe API::Helpers do expect { sudo? }.to raise_error '403 - {"message"=>"403 Forbidden - Private token must be specified in order to use sudo"}' end end - - context 'private access token is used' do - before do - set_env(admin.private_token, user.id) - end - - it 'returns true' do - expect(sudo?).to be_truthy - end - end end end |