adds impersonator variable and makes sudo usage overall more clear24537-reenable-private-token-with-sudo

author: tiagonbotelho <tiagonbotelho@hotmail.com> 2016-11-21 12:59:37 +0000
committer: tiagonbotelho <tiagonbotelho@hotmail.com> 2016-12-07 14:42:51 +0000
commit: 3ed96afc47c481db4f8c0a6581602abaee920808 (patch)
tree: 9f840b076417839018586c99d0555fefd4b714cd /spec/requests
parent: 8b379465a5be48c8062379a3dea8e58110c52d87 (diff)
download: gitlab-ce-3ed96afc47c481db4f8c0a6581602abaee920808.tar.gz
2 files changed, 196 insertions, 82 deletions
diff --git a/spec/requests/api/api_helpers_spec.rb b/spec/requests/api/api_helpers_spec.rb
index 36517ad0f8c..3f34309f419 100644
--- a/spec/requests/api/api_helpers_spec.rb
+++ b/spec/requests/api/api_helpers_spec.rb
@@ -153,85 +153,144 @@ describe API::Helpers, api: true do
       end
     end
 
-    it "changes current user to sudo when admin" do
-      set_env(admin, user.id)
-      expect(current_user).to eq(user)
-      set_param(admin, user.id)
-      expect(current_user).to eq(user)
-      set_env(admin, user.username)
-      expect(current_user).to eq(user)
-      set_param(admin, user.username)
-      expect(current_user).to eq(user)
-    end
+    context 'sudo usage' do
+      context 'with admin' do
+        context 'with header' do
+          context 'with id' do
+            it 'changes current_user to sudo' do
+              set_env(admin, user.id)
 
-    it "throws an error when the current user is not an admin and attempting to sudo" do
-      set_env(user, admin.id)
-      expect { current_user }.to raise_error(Exception)
-      set_param(user, admin.id)
-      expect { current_user }.to raise_error(Exception)
-      set_env(user, admin.username)
-      expect { current_user }.to raise_error(Exception)
-      set_param(user, admin.username)
-      expect { current_user }.to raise_error(Exception)
-    end
+              expect(current_user).to eq(user)
+            end
 
-    it "throws an error when the user cannot be found for a given id" do
-      id = user.id + admin.id
-      expect(user.id).not_to eq(id)
-      expect(admin.id).not_to eq(id)
-      set_env(admin, id)
-      expect { current_user }.to raise_error(Exception)
+            it 'handles sudo to oneself' do
+              set_env(admin, admin.id)
 
-      set_param(admin, id)
-      expect { current_user }.to raise_error(Exception)
-    end
+              expect(current_user).to eq(admin)
+            end
 
-    it "throws an error when the user cannot be found for a given username" do
-      username = "#{user.username}#{admin.username}"
-      expect(user.username).not_to eq(username)
-      expect(admin.username).not_to eq(username)
-      set_env(admin, username)
-      expect { current_user }.to raise_error(Exception)
+            it 'throws an error when user cannot be found' do
+              id = user.id + admin.id
+              expect(user.id).not_to eq(id)
+              expect(admin.id).not_to eq(id)
 
-      set_param(admin, username)
-      expect { current_user }.to raise_error(Exception)
-    end
+              set_env(admin, id)
 
-    it "handles sudo's to oneself" do
-      set_env(admin, admin.id)
-      expect(current_user).to eq(admin)
-      set_param(admin, admin.id)
-      expect(current_user).to eq(admin)
-      set_env(admin, admin.username)
-      expect(current_user).to eq(admin)
-      set_param(admin, admin.username)
-      expect(current_user).to eq(admin)
-    end
+              expect { current_user }.to raise_error(Exception)
+            end
+          end
 
-    it "handles multiple sudo's to oneself" do
-      set_env(admin, user.id)
-      expect(current_user).to eq(user)
-      expect(current_user).to eq(user)
-      set_env(admin, user.username)
-      expect(current_user).to eq(user)
-      expect(current_user).to eq(user)
-
-      set_param(admin, user.id)
-      expect(current_user).to eq(user)
-      expect(current_user).to eq(user)
-      set_param(admin, user.username)
-      expect(current_user).to eq(user)
-      expect(current_user).to eq(user)
-    end
+          context 'with username' do
+            it 'changes current_user to sudo' do
+              set_env(admin, user.username)
+
+              expect(current_user).to eq(user)
+            end
+
+            it 'handles sudo to oneself' do
+              set_env(admin, admin.username)
+
+              expect(current_user).to eq(admin)
+            end
+
+            it "throws an error when the user cannot be found for a given username" do
+              username = "#{user.username}#{admin.username}"
+              expect(user.username).not_to eq(username)
+              expect(admin.username).not_to eq(username)
+
+              set_env(admin, username)
+
+              expect { current_user }.to raise_error(Exception)
+            end
+          end
+        end
+
+        context 'with param' do
+          context 'with id' do
+            it 'changes current_user to sudo' do
+              set_param(admin, user.id)
+
+              expect(current_user).to eq(user)
+            end
+
+            it 'handles sudo to oneself' do
+              set_param(admin, admin.id)
+
+              expect(current_user).to eq(admin)
+            end
+
+            it 'handles sudo to oneself using string' do
+              set_env(admin, user.id.to_s)
+
+              expect(current_user).to eq(user)
+            end
+
+            it 'throws an error when user cannot be found' do
+              id = user.id + admin.id
+              expect(user.id).not_to eq(id)
+              expect(admin.id).not_to eq(id)
 
-    it "handles multiple sudo's to oneself using string ids" do
-      set_env(admin, user.id.to_s)
-      expect(current_user).to eq(user)
-      expect(current_user).to eq(user)
+              set_param(admin, id)
 
-      set_param(admin, user.id.to_s)
-      expect(current_user).to eq(user)
-      expect(current_user).to eq(user)
+              expect { current_user }.to raise_error(Exception)
+            end
+          end
+
+          context 'with username' do
+            it 'changes current_user to sudo' do
+              set_param(admin, user.username)
+
+              expect(current_user).to eq(user)
+            end
+
+            it 'handles sudo to oneself' do
+              set_param(admin, admin.username)
+
+              expect(current_user).to eq(admin)
+            end
+
+            it "throws an error when the user cannot be found for a given username" do
+              username = "#{user.username}#{admin.username}"
+              expect(user.username).not_to eq(username)
+              expect(admin.username).not_to eq(username)
+
+              set_param(admin, username)
+
+              expect { current_user }.to raise_error(Exception)
+            end
+          end
+        end
+      end
+
+      context 'with regular user' do
+        context 'with env' do
+          it 'changes current_user to sudo when admin and user id' do
+            set_env(user, admin.id)
+
+            expect { current_user }.to raise_error(Exception)
+          end
+
+          it 'changes current_user to sudo when admin and user username' do
+            set_env(user, admin.username)
+
+            expect { current_user }.to raise_error(Exception)
+          end
+        end
+
+        context 'with params' do
+          it 'changes current_user to sudo when admin and user id' do
+            set_param(user, admin.id)
+
+            expect { current_user }.to raise_error(Exception)
+          end
+
+          it 'changes current_user to sudo when admin and user username' do
+            set_param(user, admin.username)
+
+            expect { current_user }.to raise_error(Exception)
+          end
+        end
+      end
     end
   end
 
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index f82f52e7399..c37dbfa0a33 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -651,20 +651,75 @@ describe API::Users, api: true  do
   end
 
   describe "GET /user" do
-    it "returns current user" do
-      get api("/user", user)
-      expect(response).to have_http_status(200)
-      expect(json_response['email']).to eq(user.email)
-      expect(json_response['is_admin']).to eq(user.is_admin?)
-      expect(json_response['can_create_project']).to eq(user.can_create_project?)
-      expect(json_response['can_create_group']).to eq(user.can_create_group?)
-      expect(json_response['projects_limit']).to eq(user.projects_limit)
-      expect(json_response['private_token']).to be_blank
+    let(:personal_access_token) { create(:personal_access_token, user: user) }
+    let(:private_token) { user.private_token }
+
+    context 'with regular user' do
+      context 'with personal access token' do
+        it 'returns 403 without private token when sudo is defined' do
+          get api("/user?private_token=#{personal_access_token.token}&sudo=#{user.id}")
+
+          expect(response).to have_http_status(403)
+        end
+      end
+
+      context 'with private token' do
+        it 'returns 403 without private token when sudo defined' do
+          get api("/user?private_token=#{private_token}&sudo=#{user.id}")
+
+          expect(response).to have_http_status(403)
+        end
+      end
+
+      it 'returns current user without private token when sudo not defined' do
+        get api("/user", user)
+
+        expect(response).to have_http_status(200)
+        expect(response).to match_response_schema('user/public')
+      end
     end
 
-    it "returns 401 error if user is unauthenticated" do
-      get api("/user")
-      expect(response).to have_http_status(401)
+    context 'with admin' do
+      let(:user) { create(:admin) }
+
+      context 'with personal access token' do
+        it 'returns 403 without private token when sudo defined' do
+          get api("/user?private_token=#{personal_access_token.token}&sudo=#{user.id}")
+
+          expect(response).to have_http_status(403)
+        end
+
+        it 'returns current user without private token when sudo not defined' do
+          get api("/user?private_token=#{personal_access_token.token}")
+
+          expect(response).to have_http_status(200)
+          expect(response).to match_response_schema('user/public')
+        end
+      end
+
+      context 'with private token' do
+        it 'returns current user with private token when sudo defined' do
+          get api("/user?private_token=#{private_token}&sudo=#{user.id}")
+
+          expect(response).to have_http_status(200)
+          expect(response).to match_response_schema('user/login')
+        end
+
+        it 'returns current user without private token when sudo not defined' do
+          get api("/user?private_token=#{private_token}")
+
+          expect(response).to have_http_status(200)
+          expect(response).to match_response_schema('user/public')
+        end
+      end
+    end
+
+    context 'with unauthenticated user' do
+      it "returns 401 error if user is unauthenticated" do
+        get api("/user")
+
+        expect(response).to have_http_status(401)
+      end
     end
   end
author	tiagonbotelho <tiagonbotelho@hotmail.com>	2016-11-21 12:59:37 +0000
committer	tiagonbotelho <tiagonbotelho@hotmail.com>	2016-12-07 14:42:51 +0000
commit	3ed96afc47c481db4f8c0a6581602abaee920808 (patch)
tree	9f840b076417839018586c99d0555fefd4b714cd /spec/requests
parent	8b379465a5be48c8062379a3dea8e58110c52d87 (diff)
download	gitlab-ce-3ed96afc47c481db4f8c0a6581602abaee920808.tar.gz