diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-12-19 14:15:58 +0100 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-31 16:51:17 +0100 |
commit | 084b7edb17d25a3d43526cca560569dd82c5c09d (patch) | |
tree | eff6234322aec4cb438d4751bb7adb1c19cfd5cc /spec/requests | |
parent | 9f67b886b2cf425329a4dc792e6c41cf571ab102 (diff) | |
download | gitlab-ce-084b7edb17d25a3d43526cca560569dd82c5c09d.tar.gz |
Do not expose trigger token when user should not see it
Diffstat (limited to 'spec/requests')
-rw-r--r-- | spec/requests/api/triggers_spec.rb | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/spec/requests/api/triggers_spec.rb b/spec/requests/api/triggers_spec.rb index 15dc901d06e..f0f01e97f1d 100644 --- a/spec/requests/api/triggers_spec.rb +++ b/spec/requests/api/triggers_spec.rb @@ -1,8 +1,9 @@ require 'spec_helper' describe API::Triggers do - let(:user) { create(:user) } - let(:user2) { create(:user) } + set(:user) { create(:user) } + set(:user2) { create(:user) } + let!(:trigger_token) { 'secure_token' } let!(:trigger_token_2) { 'secure_token_2' } let!(:project) { create(:project, :repository, creator: user) } @@ -132,14 +133,17 @@ describe API::Triggers do end describe 'GET /projects/:id/triggers' do - context 'authenticated user with valid permissions' do - it 'returns list of triggers' do + context 'authenticated user who can access triggers' do + it 'returns a list of triggers with tokens exposed correctly' do get api("/projects/#{project.id}/triggers", user) expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers + expect(json_response).to be_a(Array) - expect(json_response[0]).to have_key('token') + expect(json_response.size).to eq 2 + expect(json_response.dig(0, 'token')).to eq trigger_token + expect(json_response.dig(1, 'token')).to eq trigger_token_2[0..3] end end |