diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-03 12:00:08 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-03 12:00:08 +0000 |
| commit | b1bbcf85684cee176ed5bb7eb43dd487a75f18fa (patch) | |
| tree | bda68adaad2e197482bf02f476e94b5908da1518 /spec/requests/git_http_spec.rb | |
| parent | c7c74818948dbc63a284bb617b2af1937f999cc8 (diff) | |
| download | gitlab-ce-b1bbcf85684cee176ed5bb7eb43dd487a75f18fa.tar.gz | |
Add latest changes from gitlab-org/security/gitlab@14-1-stable-ee
Diffstat (limited to 'spec/requests/git_http_spec.rb')
| -rw-r--r-- | spec/requests/git_http_spec.rb | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb index 3fb683ea0fa..34f8a479719 100644 --- a/spec/requests/git_http_spec.rb +++ b/spec/requests/git_http_spec.rb @@ -706,6 +706,32 @@ RSpec.describe 'Git HTTP requests' do end end end + + context 'when token is impersonated' do + context 'when impersonation is off' do + before do + stub_config_setting(impersonation_enabled: false) + end + + it 'responds to uploads with status 401 unauthorized' do + write_access_token = create(:personal_access_token, :impersonation, user: user, scopes: [:write_repository]) + + upload(path, user: user.username, password: write_access_token.token) do |response| + expect(response).to have_gitlab_http_status(:unauthorized) + end + end + end + + context 'when impersonation is on' do + it 'responds to uploads with status 200' do + write_access_token = create(:personal_access_token, :impersonation, user: user, scopes: [:write_repository]) + + upload(path, user: user.username, password: write_access_token.token) do |response| + expect(response).to have_gitlab_http_status(:ok) + end + end + end + end end end |