Make authentication service for Container Registry to be compatible with < Docker 1.11make-container-registry-authentication-service-compatible-with-older-docker

author: Kamil Trzcinski <ayufan@ayufan.eu> 2016-05-30 16:57:39 +0200
committer: Kamil Trzcinski <ayufan@ayufan.eu> 2016-05-30 16:57:39 +0200
commit: 7ec1fa212d23911792674e947863f3e71f91834f (patch)
tree: 7b74aa0789cc12033a0d16cb7259a01aa88b95b6 /spec/services/auth
parent: 2485bd7bbf9686f993d2a417943feff5c7d5b6f3 (diff)
download: gitlab-ce-7ec1fa212d23911792674e947863f3e71f91834f.tar.gz
1 files changed, 17 insertions, 29 deletions
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
index 98ef9d21035..2d114f59ca4 100644
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -14,7 +14,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
     allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key)
   end
 
-  shared_examples 'an authenticated' do
+  shared_examples 'a valid token' do
     it { is_expected.to include(:token) }
     it { expect(payload).to include('access') }
   end
@@ -28,10 +28,15 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
        }]
     end
 
-    it_behaves_like 'an authenticated'
+    it_behaves_like 'a valid token'
     it { expect(payload).to include('access' => access) }
   end
 
+  shared_examples 'an inaccessible' do
+    it_behaves_like 'a valid token'
+    it { expect(payload).to include('access' => []) }
+  end
+
   shared_examples 'a pullable' do
     it_behaves_like 'a accessible' do
       let(:actions) { ['pull'] }
@@ -50,11 +55,6 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
     end
   end
 
-  shared_examples 'an unauthorized' do
-    it { is_expected.to include(http_status: 401) }
-    it { is_expected.not_to include(:token) }
-  end
-
   shared_examples 'a forbidden' do
     it { is_expected.to include(http_status: 403) }
     it { is_expected.not_to include(:token) }
@@ -75,12 +75,8 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
     let(:project) { create(:project) }
     let(:current_user) { create(:user) }
 
-    context 'allow to use offline_token' do
-      let(:current_params) do
-        { offline_token: true }
-      end
-
-      it_behaves_like 'an authenticated'
+    context 'allow to use scope-less authentication' do
+      it_behaves_like 'a valid token'
     end
 
     context 'allow developer to push images' do
@@ -120,19 +116,15 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
         { scope: "repository:#{project.path_with_namespace}:pull,push" }
       end
 
-      it_behaves_like 'a forbidden'
+      it_behaves_like 'an inaccessible'
     end
   end
 
   context 'project authorization' do
     let(:current_project) { create(:empty_project) }
 
-    context 'allow to use offline_token' do
-      let(:current_params) do
-        { offline_token: true }
-      end
-
-      it_behaves_like 'an authenticated'
+    context 'allow to use scope-less authentication' do
+      it_behaves_like 'a valid token'
     end
 
     context 'allow to pull and push images' do
@@ -158,7 +150,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
 
         context 'disallow for private' do
           let(:project) { create(:empty_project, :private) }
-          it_behaves_like 'a forbidden'
+          it_behaves_like 'an inaccessible'
         end
       end
 
@@ -169,7 +161,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
 
         context 'disallow for all' do
           let(:project) { create(:empty_project, :public) }
-          it_behaves_like 'a forbidden'
+          it_behaves_like 'an inaccessible'
         end
       end
     end
@@ -184,18 +176,14 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
           { scope: "repository:#{project.path_with_namespace}:pull" }
         end
 
-        it_behaves_like 'a forbidden'
+        it_behaves_like 'an inaccessible'
       end
     end
   end
 
   context 'unauthorized' do
-    context 'disallow to use offline_token' do
-      let(:current_params) do
-        { offline_token: true }
-      end
-
-      it_behaves_like 'an unauthorized'
+    context 'disallow to use scope-less authentication' do
+      it_behaves_like 'a forbidden'
     end
 
     context 'for invalid scope' do
author	Kamil Trzcinski <ayufan@ayufan.eu>	2016-05-30 16:57:39 +0200
committer	Kamil Trzcinski <ayufan@ayufan.eu>	2016-05-30 16:57:39 +0200
commit	7ec1fa212d23911792674e947863f3e71f91834f (patch)
tree	7b74aa0789cc12033a0d16cb7259a01aa88b95b6 /spec/services/auth
parent	2485bd7bbf9686f993d2a417943feff5c7d5b6f3 (diff)
download	gitlab-ce-7ec1fa212d23911792674e947863f3e71f91834f.tar.gz