diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-07-26 13:41:02 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-07-26 13:41:02 +0000 |
| commit | 890c1421a4b28cdc65427235cd5a397c5d1be9c4 (patch) | |
| tree | 8cbe6c6850d90fe563ca44168adb01f958c04c4b /spec | |
| parent | 3a178b26107d99377347664ce4cb7e5bcb0dc854 (diff) | |
| parent | a7821dd910fd385a66cfe6c840c37c7b11263410 (diff) | |
| download | gitlab-ce-890c1421a4b28cdc65427235cd5a397c5d1be9c4.tar.gz | |
Merge branch 'security-remove-take-trigger-ownership-feature' into 'master'
Drop feature to take ownership of a trigger token
Closes #2868
See merge request gitlab/gitlabhq!3198
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/features/triggers_spec.rb | 23 | ||||
| -rw-r--r-- | spec/requests/api/triggers_spec.rb | 28 |
2 files changed, 0 insertions, 51 deletions
diff --git a/spec/features/triggers_spec.rb b/spec/features/triggers_spec.rb index 7c44680e9f7..f76cecbbc40 100644 --- a/spec/features/triggers_spec.rb +++ b/spec/features/triggers_spec.rb @@ -81,29 +81,6 @@ describe 'Triggers', :js do end end - describe 'trigger "Take ownership" workflow' do - before do - create(:ci_trigger, owner: user2, project: @project, description: trigger_title) - visit project_settings_ci_cd_path(@project) - end - - it 'button "Take ownership" has correct alert' do - expected_alert = 'By taking ownership you will bind this trigger to your user account. With this the trigger will have access to all your projects as if it was you. Are you sure?' - expect(page.find('a.btn-trigger-take-ownership')['data-confirm']).to eq expected_alert - end - - it 'take trigger ownership' do - # See if "Take ownership" on trigger works post trigger creation - page.accept_confirm do - first(:link, "Take ownership").send_keys(:return) - end - - expect(page.find('.flash-notice')).to have_content 'Trigger was re-assigned.' - expect(page.find('.triggers-list')).to have_content trigger_title - expect(page.find('.triggers-list .trigger-owner')).to have_content user.name - end - end - describe 'trigger "Revoke" workflow' do before do create(:ci_trigger, owner: user2, project: @project, description: trigger_title) diff --git a/spec/requests/api/triggers_spec.rb b/spec/requests/api/triggers_spec.rb index f0f01e97f1d..8ea3d16a41f 100644 --- a/spec/requests/api/triggers_spec.rb +++ b/spec/requests/api/triggers_spec.rb @@ -270,34 +270,6 @@ describe API::Triggers do end end - describe 'POST /projects/:id/triggers/:trigger_id/take_ownership' do - context 'authenticated user with valid permissions' do - it 'updates owner' do - post api("/projects/#{project.id}/triggers/#{trigger.id}/take_ownership", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to include('owner') - expect(trigger.reload.owner).to eq(user) - end - end - - context 'authenticated user with invalid permissions' do - it 'does not update owner' do - post api("/projects/#{project.id}/triggers/#{trigger.id}/take_ownership", user2) - - expect(response).to have_gitlab_http_status(403) - end - end - - context 'unauthenticated user' do - it 'does not update owner' do - post api("/projects/#{project.id}/triggers/#{trigger.id}/take_ownership") - - expect(response).to have_gitlab_http_status(401) - end - end - end - describe 'DELETE /projects/:id/triggers/:trigger_id' do context 'authenticated user with valid permissions' do it 'deletes trigger' do |