diff options
Diffstat (limited to 'spec/requests/api/api_spec.rb')
| -rw-r--r-- | spec/requests/api/api_spec.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/spec/requests/api/api_spec.rb b/spec/requests/api/api_spec.rb index 201c0d1796c..bd0426601db 100644 --- a/spec/requests/api/api_spec.rb +++ b/spec/requests/api/api_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe API::API do +RSpec.describe API::API do include GroupAPIHelpers describe 'Record user last activity in after hook' do @@ -36,6 +36,14 @@ describe API::API do expect(response).to have_gitlab_http_status(:ok) end + it 'does not authorize user for revoked token' do + revoked = create(:personal_access_token, :revoked, user: user, scopes: [:read_api]) + + get api('/groups', personal_access_token: revoked) + + expect(response).to have_gitlab_http_status(:unauthorized) + end + it 'does not authorize user for post request' do params = attributes_for_group_api |