summaryrefslogtreecommitdiff
path: root/spec/requests
diff options
context:
space:
mode:
authorLin Jen-Shin <godfat@godfat.org>2016-12-19 18:26:15 +0800
committerLin Jen-Shin <godfat@godfat.org>2016-12-19 18:26:15 +0800
commit4bf59f87b321d59de665a0100fed9114f4b747ea (patch)
tree548628a91be85631ac3b3bd8ec85c484ee70d707 /spec/requests
parente485b3f6ad3c220655e4aa909d93bca7a4ae6afc (diff)
parenta50cd9eb4b4392004e47e57b2fa37c12def5827f (diff)
downloadgitlab-ce-4bf59f87b321d59de665a0100fed9114f4b747ea.tar.gz
Merge remote-tracking branch 'upstream/master' into fix-forbidden-for-build-api-for-deleted-project
* upstream/master: (333 commits) Fix typo Always use `fixture_file_upload` helper to upload files in tests. Add CHANGELOG Move admin application spinach test to rspec Move admin deploy keys spinach test to rspec Fix rubocop failures Store mattermost_url in settings Improve Mattermost Session specs Ensure the session is destroyed Improve session tests Setup mattermost session Fix query in Projects::ProjectMembersController to fetch members Improve test for sort dropdown on members page Fix sort dropdown alignment Undo changes on members search button stylesheet Use factories to create project/group membership on specs Remove unused id from shared members sort dropdown Fix sort functionality on project/group members to return invited users Refactor MembersHelper#filter_group_project_member_path Remove unnecessary curly braces from sort dropdown partial ...
Diffstat (limited to 'spec/requests')
-rw-r--r--spec/requests/api/doorkeeper_access_spec.rb2
-rw-r--r--spec/requests/api/environments_spec.rb17
-rw-r--r--spec/requests/api/groups_spec.rb4
-rw-r--r--spec/requests/api/helpers_spec.rb55
-rw-r--r--spec/requests/api/projects_spec.rb2
-rw-r--r--spec/requests/git_http_spec.rb2
6 files changed, 60 insertions, 22 deletions
diff --git a/spec/requests/api/doorkeeper_access_spec.rb b/spec/requests/api/doorkeeper_access_spec.rb
index 5262a623761..bd9ecaf2685 100644
--- a/spec/requests/api/doorkeeper_access_spec.rb
+++ b/spec/requests/api/doorkeeper_access_spec.rb
@@ -5,7 +5,7 @@ describe API::API, api: true do
let!(:user) { create(:user) }
let!(:application) { Doorkeeper::Application.create!(name: "MyApp", redirect_uri: "https://app.com", owner: user) }
- let!(:token) { Doorkeeper::AccessToken.create! application_id: application.id, resource_owner_id: user.id }
+ let!(:token) { Doorkeeper::AccessToken.create! application_id: application.id, resource_owner_id: user.id, scopes: "api" }
describe "when unauthenticated" do
it "returns authentication success" do
diff --git a/spec/requests/api/environments_spec.rb b/spec/requests/api/environments_spec.rb
index 126496c43a5..b9d535bc314 100644
--- a/spec/requests/api/environments_spec.rb
+++ b/spec/requests/api/environments_spec.rb
@@ -46,6 +46,7 @@ describe API::Environments, api: true do
expect(response).to have_http_status(201)
expect(json_response['name']).to eq('mepmep')
+ expect(json_response['slug']).to eq('mepmep')
expect(json_response['external']).to be nil
end
@@ -60,6 +61,13 @@ describe API::Environments, api: true do
expect(response).to have_http_status(400)
end
+
+ it 'returns a 400 if slug is specified' do
+ post api("/projects/#{project.id}/environments", user), name: "foo", slug: "foo"
+
+ expect(response).to have_http_status(400)
+ expect(json_response["error"]).to eq("slug is automatically generated and cannot be changed")
+ end
end
context 'a non member' do
@@ -86,6 +94,15 @@ describe API::Environments, api: true do
expect(json_response['external_url']).to eq(url)
end
+ it "won't allow slug to be changed" do
+ slug = environment.slug
+ api_url = api("/projects/#{project.id}/environments/#{environment.id}", user)
+ put api_url, slug: slug + "-foo"
+
+ expect(response).to have_http_status(400)
+ expect(json_response["error"]).to eq("slug is automatically generated and cannot be changed")
+ end
+
it "won't update the external_url if only the name is passed" do
url = environment.external_url
put api("/projects/#{project.id}/environments/#{environment.id}", user),
diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb
index a75ba824e85..cdeb965b413 100644
--- a/spec/requests/api/groups_spec.rb
+++ b/spec/requests/api/groups_spec.rb
@@ -2,13 +2,13 @@ require 'spec_helper'
describe API::Groups, api: true do
include ApiHelpers
+ include UploadHelpers
let(:user1) { create(:user, can_create_group: false) }
let(:user2) { create(:user) }
let(:user3) { create(:user) }
let(:admin) { create(:admin) }
- let(:avatar_file_path) { File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif') }
- let!(:group1) { create(:group, avatar: File.open(avatar_file_path)) }
+ let!(:group1) { create(:group, avatar: File.open(uploaded_image_temp_path)) }
let!(:group2) { create(:group, :private) }
let!(:project1) { create(:project, namespace: group1) }
let!(:project2) { create(:project, namespace: group2) }
diff --git a/spec/requests/api/helpers_spec.rb b/spec/requests/api/helpers_spec.rb
index 4035fd97af5..c3d7ac3eef8 100644
--- a/spec/requests/api/helpers_spec.rb
+++ b/spec/requests/api/helpers_spec.rb
@@ -1,6 +1,7 @@
require 'spec_helper'
describe API::Helpers, api: true do
+ include API::APIGuard::HelperMethods
include API::Helpers
include SentryHelper
@@ -15,24 +16,24 @@ describe API::Helpers, api: true do
def set_env(user_or_token, identifier)
clear_env
clear_param
- env[API::Helpers::PRIVATE_TOKEN_HEADER] = user_or_token.respond_to?(:private_token) ? user_or_token.private_token : user_or_token
+ env[API::APIGuard::PRIVATE_TOKEN_HEADER] = user_or_token.respond_to?(:private_token) ? user_or_token.private_token : user_or_token
env[API::Helpers::SUDO_HEADER] = identifier.to_s
end
def set_param(user_or_token, identifier)
clear_env
clear_param
- params[API::Helpers::PRIVATE_TOKEN_PARAM] = user_or_token.respond_to?(:private_token) ? user_or_token.private_token : user_or_token
+ params[API::APIGuard::PRIVATE_TOKEN_PARAM] = user_or_token.respond_to?(:private_token) ? user_or_token.private_token : user_or_token
params[API::Helpers::SUDO_PARAM] = identifier.to_s
end
def clear_env
- env.delete(API::Helpers::PRIVATE_TOKEN_HEADER)
+ env.delete(API::APIGuard::PRIVATE_TOKEN_HEADER)
env.delete(API::Helpers::SUDO_HEADER)
end
def clear_param
- params.delete(API::Helpers::PRIVATE_TOKEN_PARAM)
+ params.delete(API::APIGuard::PRIVATE_TOKEN_PARAM)
params.delete(API::Helpers::SUDO_PARAM)
end
@@ -94,22 +95,28 @@ describe API::Helpers, api: true do
describe "when authenticating using a user's private token" do
it "returns nil for an invalid token" do
- env[API::Helpers::PRIVATE_TOKEN_HEADER] = 'invalid token'
+ env[API::APIGuard::PRIVATE_TOKEN_HEADER] = 'invalid token'
allow_any_instance_of(self.class).to receive(:doorkeeper_guard){ false }
+
expect(current_user).to be_nil
end
it "returns nil for a user without access" do
- env[API::Helpers::PRIVATE_TOKEN_HEADER] = user.private_token
+ env[API::APIGuard::PRIVATE_TOKEN_HEADER] = user.private_token
allow_any_instance_of(Gitlab::UserAccess).to receive(:allowed?).and_return(false)
+
expect(current_user).to be_nil
end
it "leaves user as is when sudo not specified" do
- env[API::Helpers::PRIVATE_TOKEN_HEADER] = user.private_token
+ env[API::APIGuard::PRIVATE_TOKEN_HEADER] = user.private_token
+
expect(current_user).to eq(user)
+
clear_env
- params[API::Helpers::PRIVATE_TOKEN_PARAM] = user.private_token
+
+ params[API::APIGuard::PRIVATE_TOKEN_PARAM] = user.private_token
+
expect(current_user).to eq(user)
end
end
@@ -117,37 +124,51 @@ describe API::Helpers, api: true do
describe "when authenticating using a user's personal access tokens" do
let(:personal_access_token) { create(:personal_access_token, user: user) }
+ before do
+ allow_any_instance_of(self.class).to receive(:doorkeeper_guard) { false }
+ end
+
it "returns nil for an invalid token" do
- env[API::Helpers::PRIVATE_TOKEN_HEADER] = 'invalid token'
- allow_any_instance_of(self.class).to receive(:doorkeeper_guard){ false }
+ env[API::APIGuard::PRIVATE_TOKEN_HEADER] = 'invalid token'
+
expect(current_user).to be_nil
end
it "returns nil for a user without access" do
- env[API::Helpers::PRIVATE_TOKEN_HEADER] = personal_access_token.token
+ env[API::APIGuard::PRIVATE_TOKEN_HEADER] = personal_access_token.token
allow_any_instance_of(Gitlab::UserAccess).to receive(:allowed?).and_return(false)
+
+ expect(current_user).to be_nil
+ end
+
+ it "returns nil for a token without the appropriate scope" do
+ personal_access_token = create(:personal_access_token, user: user, scopes: ['read_user'])
+ env[API::APIGuard::PRIVATE_TOKEN_HEADER] = personal_access_token.token
+ allow_access_with_scope('write_user')
+
expect(current_user).to be_nil
end
it "leaves user as is when sudo not specified" do
- env[API::Helpers::PRIVATE_TOKEN_HEADER] = personal_access_token.token
+ env[API::APIGuard::PRIVATE_TOKEN_HEADER] = personal_access_token.token
expect(current_user).to eq(user)
clear_env
- params[API::Helpers::PRIVATE_TOKEN_PARAM] = personal_access_token.token
+ params[API::APIGuard::PRIVATE_TOKEN_PARAM] = personal_access_token.token
+
expect(current_user).to eq(user)
end
it 'does not allow revoked tokens' do
personal_access_token.revoke!
- env[API::Helpers::PRIVATE_TOKEN_HEADER] = personal_access_token.token
- allow_any_instance_of(self.class).to receive(:doorkeeper_guard){ false }
+ env[API::APIGuard::PRIVATE_TOKEN_HEADER] = personal_access_token.token
+
expect(current_user).to be_nil
end
it 'does not allow expired tokens' do
personal_access_token.update_attributes!(expires_at: 1.day.ago)
- env[API::Helpers::PRIVATE_TOKEN_HEADER] = personal_access_token.token
- allow_any_instance_of(self.class).to receive(:doorkeeper_guard){ false }
+ env[API::APIGuard::PRIVATE_TOKEN_HEADER] = personal_access_token.token
+
expect(current_user).to be_nil
end
end
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index c5d67a90abc..8304c408064 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -167,7 +167,7 @@ describe API::Projects, api: true do
expect(json_response).to satisfy do |response|
response.one? do |entry|
entry.has_key?('permissions') &&
- entry['name'] == project.name &&
+ entry['name'] == project.name &&
entry['owner']['username'] == user.username
end
end
diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb
index f1728d61def..d71bb08c218 100644
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -230,7 +230,7 @@ describe 'Git HTTP requests', lib: true do
context "when an oauth token is provided" do
before do
application = Doorkeeper::Application.create!(name: "MyApp", redirect_uri: "https://app.com", owner: user)
- @token = Doorkeeper::AccessToken.create!(application_id: application.id, resource_owner_id: user.id)
+ @token = Doorkeeper::AccessToken.create!(application_id: application.id, resource_owner_id: user.id, scopes: "api")
end
it "downloads get status 200" do
View Lorry Controller Status