diff options
Diffstat (limited to 'spec/lib/gitlab/auth/auth_finders_spec.rb')
-rw-r--r-- | spec/lib/gitlab/auth/auth_finders_spec.rb | 75 |
1 files changed, 74 insertions, 1 deletions
diff --git a/spec/lib/gitlab/auth/auth_finders_spec.rb b/spec/lib/gitlab/auth/auth_finders_spec.rb index 2aef206c7fd..d0f5d0a9b35 100644 --- a/spec/lib/gitlab/auth/auth_finders_spec.rb +++ b/spec/lib/gitlab/auth/auth_finders_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::AuthFinders do +RSpec.describe Gitlab::Auth::AuthFinders do include described_class include HttpBasicAuthHelpers @@ -26,6 +26,63 @@ describe Gitlab::Auth::AuthFinders do env.merge!(basic_auth_header(username, password)) end + shared_examples 'find user from job token' do + context 'when route is allowed to be authenticated' do + let(:route_authentication_setting) { { job_token_allowed: true } } + + it "returns an Unauthorized exception for an invalid token" do + set_token('invalid token') + + expect { subject }.to raise_error(Gitlab::Auth::UnauthorizedError) + end + + it "return user if token is valid" do + set_token(job.token) + + expect(subject).to eq(user) + expect(@current_authenticated_job).to eq job + end + end + end + + describe '#find_user_from_bearer_token' do + let(:job) { create(:ci_build, user: user) } + + subject { find_user_from_bearer_token } + + context 'when the token is passed as an oauth token' do + def set_token(token) + env['HTTP_AUTHORIZATION'] = "Bearer #{token}" + end + + context 'with a job token' do + it_behaves_like 'find user from job token' + end + + context 'with oauth token' do + let(:application) { Doorkeeper::Application.create!(name: 'MyApp', redirect_uri: 'https://app.com', owner: user) } + let(:token) { Doorkeeper::AccessToken.create!(application_id: application.id, resource_owner_id: user.id, scopes: 'api').token } + + before do + set_token(token) + end + + it { is_expected.to eq user } + end + end + + context 'with a personal access token' do + let(:pat) { create(:personal_access_token, user: user) } + let(:token) { pat.token } + + before do + env[described_class::PRIVATE_TOKEN_HEADER] = pat.token + end + + it { is_expected.to eq user } + end + end + describe '#find_user_from_warden' do context 'with CSRF token' do before do @@ -522,8 +579,24 @@ describe Gitlab::Auth::AuthFinders do end describe '#validate_access_token!' do + subject { validate_access_token! } + let(:personal_access_token) { create(:personal_access_token, user: user) } + context 'with a job token' do + let(:route_authentication_setting) { { job_token_allowed: true } } + let(:job) { create(:ci_build, user: user) } + + before do + env['HTTP_AUTHORIZATION'] = "Bearer #{job.token}" + find_user_from_bearer_token + end + + it 'does not raise an error' do + expect { subject }.not_to raise_error + end + end + it 'returns nil if no access_token present' do expect(validate_access_token!).to be_nil end |