diff options
Diffstat (limited to 'spec/lib/gitlab/auth_spec.rb')
-rw-r--r-- | spec/lib/gitlab/auth_spec.rb | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb index 54a853c9ce3..3164d2ebf04 100644 --- a/spec/lib/gitlab/auth_spec.rb +++ b/spec/lib/gitlab/auth_spec.rb @@ -133,6 +133,25 @@ describe Gitlab::Auth do gl_auth.find_for_git_client(user.username, token, project: nil, ip: 'ip') end + + it 'grants deploy key write permissions' do + project = create(:project) + key = create(:deploy_key, can_push: true) + create(:deploy_keys_project, deploy_key: key, project: project) + token = Gitlab::LfsToken.new(key).token + + expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: "lfs+deploy-key-#{key.id}") + expect(gl_auth.find_for_git_client("lfs+deploy-key-#{key.id}", token, project: project, ip: 'ip')).to eq(Gitlab::Auth::Result.new(key, nil, :lfs_deploy_token, read_write_authentication_abilities)) + end + + it 'does not grant deploy key write permissions' do + project = create(:project) + key = create(:deploy_key, can_push: true) + token = Gitlab::LfsToken.new(key).token + + expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: "lfs+deploy-key-#{key.id}") + expect(gl_auth.find_for_git_client("lfs+deploy-key-#{key.id}", token, project: project, ip: 'ip')).to eq(Gitlab::Auth::Result.new(key, nil, :lfs_deploy_token, read_authentication_abilities)) + end end context 'while using OAuth tokens as passwords' do @@ -326,10 +345,15 @@ describe Gitlab::Auth do ] end - def full_authentication_abilities + def read_write_authentication_abilities read_authentication_abilities + [ :push_code, - :create_container_image, + :create_container_image + ] + end + + def full_authentication_abilities + read_write_authentication_abilities + [ :admin_container_image ] end |