1 files changed, 53 insertions, 2 deletions

diff --git a/spec/lib/gitlab/auth/auth_finders_spec.rb b/spec/lib/gitlab/auth/auth_finders_spec.rb
index d0f5d0a9b35..a73ac0b34af 100644
--- a/spec/lib/gitlab/auth/auth_finders_spec.rb
+++ b/spec/lib/gitlab/auth/auth_finders_spec.rb
@@ -12,6 +12,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do
       'rack.input' => ''
     }
   end
+
   let(:request) { ActionDispatch::Request.new(env) }
 
   def set_param(key, value)
@@ -554,7 +555,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do
     end
 
     context 'with CI username' do
-      let(:username) { ::Ci::Build::CI_REGISTRY_USER }
+      let(:username) { ::Gitlab::Auth::CI_JOB_USER }
       let(:user) { create(:user) }
       let(:build) { create(:ci_build, user: user) }
 
@@ -727,7 +728,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do
 
     context 'when the job token is provided via basic auth' do
       let(:route_authentication_setting) { { job_token_allowed: :basic_auth } }
-      let(:username) { Ci::Build::CI_REGISTRY_USER }
+      let(:username) { ::Gitlab::Auth::CI_JOB_USER }
       let(:token) { job.token }
 
       before do
@@ -744,6 +745,56 @@ RSpec.describe Gitlab::Auth::AuthFinders do
     end
   end
 
+  describe '#cluster_agent_token_from_authorization_token' do
+    let_it_be(:agent_token) { create(:cluster_agent_token) }
+
+    context 'when route_setting is empty' do
+      it 'returns nil' do
+        expect(cluster_agent_token_from_authorization_token).to be_nil
+      end
+    end
+
+    context 'when route_setting allows cluster agent token' do
+      let(:route_authentication_setting) { { cluster_agent_token_allowed: true } }
+
+      context 'Authorization header is empty' do
+        it 'returns nil' do
+          expect(cluster_agent_token_from_authorization_token).to be_nil
+        end
+      end
+
+      context 'Authorization header is incorrect' do
+        before do
+          request.headers['Authorization'] = 'Bearer ABCD'
+        end
+
+        it 'returns nil' do
+          expect(cluster_agent_token_from_authorization_token).to be_nil
+        end
+      end
+
+      context 'Authorization header is malformed' do
+        before do
+          request.headers['Authorization'] = 'Bearer'
+        end
+
+        it 'returns nil' do
+          expect(cluster_agent_token_from_authorization_token).to be_nil
+        end
+      end
+
+      context 'Authorization header matches agent token' do
+        before do
+          request.headers['Authorization'] = "Bearer #{agent_token.token}"
+        end
+
+        it 'returns the agent token' do
+          expect(cluster_agent_token_from_authorization_token).to eq(agent_token)
+        end
+      end
+    end
+  end
+
   describe '#find_runner_from_token' do
     let(:runner) { create(:ci_runner) }