summaryrefslogtreecommitdiff
path: root/spec/requests/api/api_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/requests/api/api_spec.rb')
-rw-r--r--spec/requests/api/api_spec.rb25
1 files changed, 25 insertions, 0 deletions
diff --git a/spec/requests/api/api_spec.rb b/spec/requests/api/api_spec.rb
index bd0426601db..7d637757f38 100644
--- a/spec/requests/api/api_spec.rb
+++ b/spec/requests/api/api_spec.rb
@@ -67,4 +67,29 @@ RSpec.describe API::API do
end
end
end
+
+ describe 'authentication with deploy token' do
+ context 'admin mode' do
+ let_it_be(:project) { create(:project, :public) }
+ let_it_be(:package) { create(:maven_package, project: project, name: project.full_path) }
+ let_it_be(:maven_metadatum) { package.maven_metadatum }
+ let_it_be(:package_file) { package.package_files.first }
+ let_it_be(:deploy_token) { create(:deploy_token) }
+ let(:headers_with_deploy_token) do
+ {
+ Gitlab::Auth::AuthFinders::DEPLOY_TOKEN_HEADER => deploy_token.token
+ }
+ end
+
+ it 'does not bypass the session' do
+ expect(Gitlab::Auth::CurrentUserMode).not_to receive(:bypass_session!)
+
+ get(api("/packages/maven/#{maven_metadatum.path}/#{package_file.file_name}"),
+ headers: headers_with_deploy_token)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(response.media_type).to eq('application/octet-stream')
+ end
+ end
+ end
end
View Lorry Controller Status