1 files changed, 49 insertions, 8 deletions

diff --git a/spec/controllers/groups/dependency_proxy_auth_controller_spec.rb b/spec/controllers/groups/dependency_proxy_auth_controller_spec.rb
index f67b2022219..50e19d5b482 100644
--- a/spec/controllers/groups/dependency_proxy_auth_controller_spec.rb
+++ b/spec/controllers/groups/dependency_proxy_auth_controller_spec.rb
@@ -30,16 +30,31 @@ RSpec.describe Groups::DependencyProxyAuthController do
     end
 
     context 'with valid JWT' do
-      let_it_be(:user) { create(:user) }
+      context 'user' do
+        let_it_be(:user) { create(:user) }
 
-      let(:jwt) { build_jwt(user) }
-      let(:token_header) { "Bearer #{jwt.encoded}" }
+        let(:jwt) { build_jwt(user) }
+        let(:token_header) { "Bearer #{jwt.encoded}" }
 
-      before do
-        request.headers['HTTP_AUTHORIZATION'] = token_header
+        before do
+          request.headers['HTTP_AUTHORIZATION'] = token_header
+        end
+
+        it { is_expected.to have_gitlab_http_status(:success) }
       end
 
-      it { is_expected.to have_gitlab_http_status(:success) }
+      context 'deploy token' do
+        let_it_be(:user) { create(:deploy_token) }
+
+        let(:jwt) { build_jwt(user) }
+        let(:token_header) { "Bearer #{jwt.encoded}" }
+
+        before do
+          request.headers['HTTP_AUTHORIZATION'] = token_header
+        end
+
+        it { is_expected.to have_gitlab_http_status(:success) }
+      end
     end
 
     context 'with invalid JWT' do
@@ -51,7 +66,7 @@ RSpec.describe Groups::DependencyProxyAuthController do
           request.headers['HTTP_AUTHORIZATION'] = token_header
         end
 
-        it { is_expected.to have_gitlab_http_status(:not_found) }
+        it { is_expected.to have_gitlab_http_status(:unauthorized) }
       end
 
       context 'token with no user id' do
@@ -61,7 +76,7 @@ RSpec.describe Groups::DependencyProxyAuthController do
           request.headers['HTTP_AUTHORIZATION'] = token_header
         end
 
-        it { is_expected.to have_gitlab_http_status(:not_found) }
+        it { is_expected.to have_gitlab_http_status(:unauthorized) }
       end
 
       context 'expired token' do
@@ -76,6 +91,32 @@ RSpec.describe Groups::DependencyProxyAuthController do
 
         it { is_expected.to have_gitlab_http_status(:unauthorized) }
       end
+
+      context 'expired deploy token' do
+        let_it_be(:user) { create(:deploy_token, :expired) }
+
+        let(:jwt) { build_jwt(user) }
+        let(:token_header) { "Bearer #{jwt.encoded}" }
+
+        before do
+          request.headers['HTTP_AUTHORIZATION'] = token_header
+        end
+
+        it { is_expected.to have_gitlab_http_status(:unauthorized) }
+      end
+
+      context 'revoked deploy token' do
+        let_it_be(:user) { create(:deploy_token, :revoked) }
+
+        let(:jwt) { build_jwt(user) }
+        let(:token_header) { "Bearer #{jwt.encoded}" }
+
+        before do
+          request.headers['HTTP_AUTHORIZATION'] = token_header
+        end
+
+        it { is_expected.to have_gitlab_http_status(:unauthorized) }
+      end
     end
   end
 end