1 files changed, 71 insertions, 0 deletions

diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 186239d3096..ff5b3916273 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -30,4 +30,75 @@ describe ApplicationController do
       controller.send(:check_password_expiration)
     end
   end
+
+  describe "#authenticate_user_from_token!" do
+    describe "authenticating a user from a private token" do
+      controller(ApplicationController) do
+        def index
+          render text: "authenticated"
+        end
+      end
+
+      let(:user) { create(:user) }
+
+      context "when the 'private_token' param is populated with the private token" do
+        it "logs the user in" do
+          get :index, private_token: user.private_token
+          expect(response.status).to eq(200)
+          expect(response.body).to eq("authenticated")
+        end
+      end
+
+
+      context "when the 'PRIVATE-TOKEN' header is populated with the private token" do
+        it "logs the user in" do
+          @request.headers['PRIVATE-TOKEN'] = user.private_token
+          get :index
+          expect(response.status).to eq(200)
+          expect(response.body).to eq("authenticated")
+        end
+      end
+
+      it "doesn't log the user in otherwise" do
+        @request.headers['PRIVATE-TOKEN'] = "token"
+        get :index, private_token: "token", authenticity_token: "token"
+        expect(response.status).not_to eq(200)
+        expect(response.body).not_to eq("authenticated")
+      end
+    end
+
+    describe "authenticating a user from a personal access token" do
+      controller(ApplicationController) do
+        def index
+          render text: 'authenticated'
+        end
+      end
+
+      let(:user) { create(:user) }
+      let(:personal_access_token) { create(:personal_access_token, user: user) }
+
+      context "when the 'personal_access_token' param is populated with the personal access token" do
+        it "logs the user in" do
+          get :index, private_token: personal_access_token.token
+          expect(response.status).to eq(200)
+          expect(response.body).to eq('authenticated')
+        end
+      end
+
+      context "when the 'PERSONAL_ACCESS_TOKEN' header is populated with the personal access token" do
+        it "logs the user in" do
+          @request.headers["PRIVATE-TOKEN"] = personal_access_token.token
+          get :index
+          expect(response.status).to eq(200)
+          expect(response.body).to eq('authenticated')
+        end
+      end
+
+      it "doesn't log the user in otherwise" do
+        get :index, private_token: "token"
+        expect(response.status).not_to eq(200)
+        expect(response.body).not_to eq('authenticated')
+      end
+    end
+  end
 end