diff options
| author | Patricio Cano <suprnova32@gmail.com> | 2016-08-12 16:16:12 -0500 |
|---|---|---|
| committer | Patricio Cano <suprnova32@gmail.com> | 2016-08-18 16:47:26 -0500 |
| commit | e2f9c87600e34a415d43c981e0182094b123771f (patch) | |
| tree | fbda99f75e02c61e018e68ad3557e0c0d59f086f /spec/requests/api | |
| parent | 717366d28da11acc6dbe60301bf7e2394400b3c1 (diff) | |
| download | gitlab-ce-e2f9c87600e34a415d43c981e0182094b123771f.tar.gz | |
Added checks for 2FA to the API `/sessions` endpoint and the Resource Owner Password Credentials flow.
Diffstat (limited to 'spec/requests/api')
| -rw-r--r-- | spec/requests/api/oauth_tokens_spec.rb | 31 | ||||
| -rw-r--r-- | spec/requests/api/session_spec.rb | 10 |
2 files changed, 41 insertions, 0 deletions
diff --git a/spec/requests/api/oauth_tokens_spec.rb b/spec/requests/api/oauth_tokens_spec.rb new file mode 100644 index 00000000000..4730e9aa13c --- /dev/null +++ b/spec/requests/api/oauth_tokens_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' + +describe API::API, api: true do + include ApiHelpers + + context 'Resource Owner Password Credentials' do + def request_oauth_token(user) + post '/oauth/token', username: user.username, password: user.password, grant_type: 'password' + end + + context 'when user has 2FA enabled' do + it 'does not create an access token' do + user = create(:user, :two_factor) + request_oauth_token(user) + + expect(response).to have_http_status(401) + expect(json_response['error']).to eq('invalid_grant') + end + end + + context 'when user does not have 2FA enabled' do + it 'creates an access token' do + user = create(:user) + request_oauth_token(user) + + expect(response).to have_http_status(200) + expect(json_response['access_token']).not_to be_nil + end + end + end +end
\ No newline at end of file diff --git a/spec/requests/api/session_spec.rb b/spec/requests/api/session_spec.rb index 519e7ce12ad..09f9192e7a8 100644 --- a/spec/requests/api/session_spec.rb +++ b/spec/requests/api/session_spec.rb @@ -17,6 +17,16 @@ describe API::API, api: true do expect(json_response['can_create_project']).to eq(user.can_create_project?) expect(json_response['can_create_group']).to eq(user.can_create_group?) end + + context 'with 2FA enabled' do + it 'rejects sign in attempts' do + user = create(:user, :two_factor) + + post api('/session'), email: user.email, password: user.password + + expect(response).to have_http_status(401) + end + end end context 'when email has case-typo and password is valid' do |