diff options
Diffstat (limited to 'spec/requests/api/personal_access_tokens_spec.rb')
-rw-r--r-- | spec/requests/api/personal_access_tokens_spec.rb | 141 |
1 files changed, 0 insertions, 141 deletions
diff --git a/spec/requests/api/personal_access_tokens_spec.rb b/spec/requests/api/personal_access_tokens_spec.rb deleted file mode 100644 index 4037ce483ea..00000000000 --- a/spec/requests/api/personal_access_tokens_spec.rb +++ /dev/null @@ -1,141 +0,0 @@ -require 'spec_helper' - -describe API::PersonalAccessTokens, api: true do - include ApiHelpers - - let(:user) { create(:user) } - let(:not_found_token) { (PersonalAccessToken.maximum('id') || 0) + 10 } - let(:finder) { PersonalAccessTokensFinder.new(user: user, impersonation: false) } - - describe "GET /personal_access_tokens" do - let!(:active_impersonation_token) { create(:impersonation_personal_access_token, user: user) } - let!(:active_personal_access_token) { create(:personal_access_token, user: user) } - let!(:revoked_personal_access_token) { create(:revoked_personal_access_token, user: user) } - let!(:expired_personal_access_token) { create(:expired_personal_access_token, user: user) } - - it 'returns an array of personal access tokens without exposing the token' do - get api("/personal_access_tokens", user) - - expect(response).to have_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(finder.execute.count) - - json_personal_access_token = json_response.detect do |personal_access_token| - personal_access_token['id'] == active_personal_access_token.id - end - - expect(json_personal_access_token['name']).to eq(active_personal_access_token.name) - expect(json_personal_access_token['token']).not_to be_present - end - - it 'returns an array of active personal access tokens if active is set to true' do - finder.params[:state] = 'active' - - get api("/personal_access_tokens?state=active", user) - - expect(response).to have_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(finder.execute.count) - expect(json_response).to all(include('active' => true)) - end - - it 'returns an array of inactive personal access tokens if active is set to false' do - finder.params[:state] = 'inactive' - - get api("/personal_access_tokens?state=inactive", user) - - expect(response).to have_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(finder.execute.count) - expect(json_response).to all(include('active' => false)) - end - end - - describe 'POST /personal_access_tokens' do - let(:name) { 'my new pat' } - let(:expires_at) { '2016-12-28' } - let(:scopes) { %w(api read_user) } - - it 'returns validation error if personal access token miss some attributes' do - post api("/personal_access_tokens", user) - - expect(response).to have_http_status(400) - expect(json_response['error']).to eq('name is missing') - end - - it 'creates a personal access token' do - post api("/personal_access_tokens", user), - name: name, - expires_at: expires_at, - scopes: scopes - - expect(response).to have_http_status(201) - - personal_access_token_id = json_response['id'] - - expect(json_response['name']).to eq(name) - expect(json_response['scopes']).to eq(scopes) - expect(json_response['expires_at']).to eq(expires_at) - expect(json_response['id']).to be_present - expect(json_response['created_at']).to be_present - expect(json_response['active']).to eq(false) - expect(json_response['revoked']).to eq(false) - expect(json_response['token']).to be_present - expect(json_response['impersonation']).not_to be_present - expect(finder.execute(id: personal_access_token_id)).not_to be_nil - end - end - - describe 'GET /personal_access_tokens/:personal_access_token_id' do - let!(:personal_access_token) { create(:personal_access_token, user: user, revoked: false) } - let!(:personal_access_token_of_another_user) { create(:personal_access_token, revoked: false) } - - it 'returns a 404 error if personal access token not found' do - get api("/personal_access_tokens/#{not_found_token}", user) - - expect(response).to have_http_status(404) - expect(json_response['message']).to eq('404 Personal Access Token Not Found') - end - - it 'returns a 404 error if personal access token exists but it is a personal access tokens of another user' do - get api("/personal_access_tokens/#{personal_access_token_of_another_user.id}", user) - - expect(response).to have_http_status(404) - expect(json_response['message']).to eq('404 Personal Access Token Not Found') - end - - it 'returns a personal access token and does not expose token in the json response' do - get api("/personal_access_tokens/#{personal_access_token.id}", user) - - expect(response).to have_http_status(200) - expect(json_response['token']).not_to be_present - end - end - - describe 'DELETE /personal_access_tokens/:personal_access_token_id' do - let!(:personal_access_token) { create(:personal_access_token, user: user, revoked: false) } - let!(:personal_access_token_of_another_user) { create(:personal_access_token, revoked: false) } - - it 'returns a 404 error if personal access token not found' do - delete api("/personal_access_tokens/#{not_found_token}", user) - - expect(response).to have_http_status(404) - expect(json_response['message']).to eq('404 Personal Access Token Not Found') - end - - it 'returns a 404 error if personal access token exists but it is a personal access tokens of another user' do - delete api("/personal_access_tokens/#{personal_access_token_of_another_user.id}", user) - - expect(response).to have_http_status(404) - expect(json_response['message']).to eq('404 Personal Access Token Not Found') - end - - it 'revokes a personal access token and does not expose token in the json response' do - delete api("/personal_access_tokens/#{personal_access_token.id}", user) - - expect(response).to have_http_status(204) - expect(personal_access_token.revoked).to eq(false) - expect(personal_access_token.reload.revoked).to eq(true) - end - end -end |