diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-21 07:08:36 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-21 07:08:36 +0000 |
commit | 48aff82709769b098321c738f3444b9bdaa694c6 (patch) | |
tree | e00c7c43e2d9b603a5a6af576b1685e400410dee /spec/requests/api/helpers_spec.rb | |
parent | 879f5329ee916a948223f8f43d77fba4da6cd028 (diff) | |
download | gitlab-ce-48aff82709769b098321c738f3444b9bdaa694c6.tar.gz |
Add latest changes from gitlab-org/gitlab@13-5-stable-eev13.5.0-rc42
Diffstat (limited to 'spec/requests/api/helpers_spec.rb')
-rw-r--r-- | spec/requests/api/helpers_spec.rb | 63 |
1 files changed, 62 insertions, 1 deletions
diff --git a/spec/requests/api/helpers_spec.rb b/spec/requests/api/helpers_spec.rb index 9c0ea14e3e3..91d10791541 100644 --- a/spec/requests/api/helpers_spec.rb +++ b/spec/requests/api/helpers_spec.rb @@ -9,7 +9,7 @@ RSpec.describe API::Helpers do include described_class include TermsHelper - let(:user) { create(:user) } + let_it_be(:user, reload: true) { create(:user) } let(:admin) { create(:admin) } let(:key) { create(:key, user: user) } @@ -243,6 +243,67 @@ RSpec.describe API::Helpers do end end end + + describe "when authenticating using a job token" do + let_it_be(:job, reload: true) do + create(:ci_build, user: user, status: :running) + end + + let(:route_authentication_setting) { {} } + + before do + allow_any_instance_of(self.class).to receive(:route_authentication_setting) + .and_return(route_authentication_setting) + end + + context 'when route is allowed to be authenticated' do + let(:route_authentication_setting) { { job_token_allowed: true } } + + it "returns a 401 response for an invalid token" do + env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = 'invalid token' + + expect { current_user }.to raise_error /401/ + end + + it "returns a 401 response for a job that's not running" do + job.update!(status: :success) + env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token + + expect { current_user }.to raise_error /401/ + end + + it "returns a 403 response for a user without access" do + env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token + allow_any_instance_of(Gitlab::UserAccess).to receive(:allowed?).and_return(false) + + expect { current_user }.to raise_error /403/ + end + + it 'returns a 403 response for a user who is blocked' do + user.block! + env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token + + expect { current_user }.to raise_error /403/ + end + + it "sets current_user" do + env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token + + expect(current_user).to eq(user) + end + end + + context 'when route is not allowed to be authenticated' do + let(:route_authentication_setting) { { job_token_allowed: false } } + + it "sets current_user to nil" do + env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token + allow_any_instance_of(Gitlab::UserAccess).to receive(:allowed?).and_return(true) + + expect(current_user).to be_nil + end + end + end end describe '.handle_api_exception' do |