diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 14:34:42 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 14:34:42 +0000 |
| commit | 9f46488805e86b1bc341ea1620b866016c2ce5ed (patch) | |
| tree | f9748c7e287041e37d6da49e0a29c9511dc34768 /spec/requests/jwt_controller_spec.rb | |
| parent | dfc92d081ea0332d69c8aca2f0e745cb48ae5e6d (diff) | |
| download | gitlab-ce-9f46488805e86b1bc341ea1620b866016c2ce5ed.tar.gz | |
Add latest changes from gitlab-org/gitlab@13-0-stable-ee
Diffstat (limited to 'spec/requests/jwt_controller_spec.rb')
| -rw-r--r-- | spec/requests/jwt_controller_spec.rb | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb index 73dc9d8c63e..d860179f0a7 100644 --- a/spec/requests/jwt_controller_spec.rb +++ b/spec/requests/jwt_controller_spec.rb @@ -7,11 +7,26 @@ describe JwtController do let(:service_class) { double(new: service) } let(:service_name) { 'test' } let(:parameters) { { service: service_name } } + let(:log_output) { StringIO.new } + let(:logger) do + Logger.new(log_output).tap { |logger| logger.formatter = ->(_, _, _, msg) { msg } } + end + let(:log_data) { Gitlab::Json.parse(log_output.string) } before do + Lograge.logger = logger + stub_const('JwtController::SERVICES', service_name => service_class) end + shared_examples 'user logging' do + it 'logs username and ID' do + expect(log_data['username']).to eq(user.username) + expect(log_data['user_id']).to eq(user.id) + expect(log_data['meta.user']).to eq(user.username) + end + end + context 'existing service' do subject! { get '/jwt/auth', params: parameters } @@ -37,14 +52,17 @@ describe JwtController do end context 'using CI token' do - let(:build) { create(:ci_build, :running) } + let(:user) { create(:user) } + let(:build) { create(:ci_build, :running, user: user) } let(:project) { build.project } let(:headers) { { authorization: credentials('gitlab-ci-token', build.token) } } context 'project with enabled CI' do subject! { get '/jwt/auth', params: parameters, headers: headers } - it { expect(service_class).to have_received(:new).with(project, nil, ActionController::Parameters.new(parameters).permit!) } + it { expect(service_class).to have_received(:new).with(project, user, ActionController::Parameters.new(parameters).permit!) } + + it_behaves_like 'user logging' end context 'project with disabled CI' do @@ -57,8 +75,23 @@ describe JwtController do it { expect(response).to have_gitlab_http_status(:unauthorized) } end + context 'using deploy tokens' do + let(:deploy_token) { create(:deploy_token, read_registry: true, projects: [project]) } + let(:headers) { { authorization: credentials(deploy_token.username, deploy_token.token) } } + + subject! { get '/jwt/auth', params: parameters, headers: headers } + + it 'authenticates correctly' do + expect(response).to have_gitlab_http_status(:ok) + expect(service_class).to have_received(:new).with(nil, deploy_token, ActionController::Parameters.new(parameters).permit!) + end + + it 'does not log a user' do + expect(log_data.keys).not_to include(%w(username user_id)) + end + end + context 'using personal access tokens' do - let(:user) { create(:user) } let(:pat) { create(:personal_access_token, user: user, scopes: ['read_registry']) } let(:headers) { { authorization: credentials('personal_access_token', pat.token) } } @@ -74,6 +107,7 @@ describe JwtController do end it_behaves_like 'rejecting a blocked user' + it_behaves_like 'user logging' end end @@ -104,6 +138,8 @@ describe JwtController do end it { expect(service_class).to have_received(:new).with(nil, user, service_parameters) } + + it_behaves_like 'user logging' end context 'when user has 2FA enabled' do |