1 files changed, 86 insertions, 0 deletions

diff --git a/spec/requests/api/integrations/jira_connect/subscriptions_spec.rb b/spec/requests/api/integrations/jira_connect/subscriptions_spec.rb
new file mode 100644
index 00000000000..86f8992a624
--- /dev/null
+++ b/spec/requests/api/integrations/jira_connect/subscriptions_spec.rb
@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe API::Integrations::JiraConnect::Subscriptions do
+  describe 'POST /integrations/jira_connect/subscriptions' do
+    subject(:post_subscriptions) { post api('/integrations/jira_connect/subscriptions') }
+
+    it 'returns 401' do
+      post_subscriptions
+
+      expect(response).to have_gitlab_http_status(:unauthorized)
+    end
+
+    context 'with user token' do
+      let(:group) { create(:group) }
+      let(:user) { create(:user) }
+
+      subject(:post_subscriptions) do
+        post api('/integrations/jira_connect/subscriptions', user), params: { jwt: jwt, namespace_path: group.path }
+      end
+
+      context 'with feature flag disabled' do
+        before do
+          stub_feature_flags(jira_connect_oauth: false)
+        end
+
+        let(:jwt) { '123' }
+
+        it 'returns 404' do
+          post_subscriptions
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+
+      context 'with invalid JWT' do
+        let(:jwt) { '123' }
+
+        it 'returns 401' do
+          post_subscriptions
+
+          expect(response).to have_gitlab_http_status(:unauthorized)
+        end
+      end
+
+      context 'with valid JWT' do
+        let_it_be(:installation) { create(:jira_connect_installation) }
+        let_it_be(:user) { create(:user) }
+
+        let(:claims) { { iss: installation.client_key, qsh: 'context-qsh', sub: 1234 } }
+        let(:jwt) { Atlassian::Jwt.encode(claims, installation.shared_secret) }
+        let(:jira_user) { { 'groups' => { 'items' => [{ 'name' => jira_group_name }] } } }
+        let(:jira_group_name) { 'site-admins' }
+
+        before do
+          WebMock
+            .stub_request(:get, "#{installation.base_url}/rest/api/3/user?accountId=1234&expand=groups")
+            .to_return(body: jira_user.to_json, status: 200, headers: { 'Content-Type' => 'application/json' })
+        end
+
+        it 'returns 401 if the user does not have access to the group' do
+          post_subscriptions
+
+          expect(response).to have_gitlab_http_status(:unauthorized)
+        end
+
+        context 'user has access to the group' do
+          before do
+            group.add_maintainer(user)
+          end
+
+          it 'creates a subscription' do
+            expect { post_subscriptions }.to change { installation.subscriptions.count }.from(0).to(1)
+          end
+
+          it 'returns 201' do
+            post_subscriptions
+
+            expect(response).to have_gitlab_http_status(:created)
+          end
+        end
+      end
+    end
+  end
+end