summaryrefslogtreecommitdiff
path: root/spec/requests/api/helpers_spec.rb
diff options
context:
space:
mode:
authorRémy Coutable <remy@rymai.me>2017-04-27 12:32:47 +0000
committerRémy Coutable <remy@rymai.me>2017-04-27 12:32:47 +0000
commit86038fa5d5ceea2d7236b99ed0351e7a33922d0b (patch)
tree782d1dcb40b5fb16eddb5e4a54846d0a952ed5ab /spec/requests/api/helpers_spec.rb
parent025b04f3e7976ac8829e24fcb587d86574b0037d (diff)
parent4dfdef2ddfc3cdeb6f6231e397543d120083a4c2 (diff)
downloadgitlab-ce-86038fa5d5ceea2d7236b99ed0351e7a33922d0b.tar.gz
Merge branch '29505-allow-admins-sudo-to-blocked-users' into 'master'
Allow admins to sudo to blocked users See merge request !10842
Diffstat (limited to 'spec/requests/api/helpers_spec.rb')
-rw-r--r--spec/requests/api/helpers_spec.rb28
1 files changed, 27 insertions, 1 deletions
diff --git a/spec/requests/api/helpers_spec.rb b/spec/requests/api/helpers_spec.rb
index 4845ab1ae1f..06c8eb1d0b7 100644
--- a/spec/requests/api/helpers_spec.rb
+++ b/spec/requests/api/helpers_spec.rb
@@ -427,6 +427,7 @@ describe API::Helpers do
context 'current_user is nil' do
before do
expect_any_instance_of(self.class).to receive(:current_user).and_return(nil)
+ allow_any_instance_of(self.class).to receive(:initial_current_user).and_return(nil)
end
it 'returns a 401 response' do
@@ -435,13 +436,38 @@ describe API::Helpers do
end
context 'current_user is present' do
+ let(:user) { build(:user) }
+
before do
- expect_any_instance_of(self.class).to receive(:current_user).at_least(:once).and_return(User.new)
+ expect_any_instance_of(self.class).to receive(:current_user).at_least(:once).and_return(user)
+ expect_any_instance_of(self.class).to receive(:initial_current_user).and_return(user)
end
it 'does not raise an error' do
expect { authenticate! }.not_to raise_error
end
end
+
+ context 'current_user is blocked' do
+ let(:user) { build(:user, :blocked) }
+
+ before do
+ expect_any_instance_of(self.class).to receive(:current_user).at_least(:once).and_return(user)
+ end
+
+ it 'raises an error' do
+ expect_any_instance_of(self.class).to receive(:initial_current_user).and_return(user)
+
+ expect { authenticate! }.to raise_error '401 - {"message"=>"401 Unauthorized"}'
+ end
+
+ it "doesn't raise an error if an admin user is impersonating a blocked user (via sudo)" do
+ admin_user = build(:user, :admin)
+
+ expect_any_instance_of(self.class).to receive(:initial_current_user).and_return(admin_user)
+
+ expect { authenticate! }.not_to raise_error
+ end
+ end
end
end