diff options
Diffstat (limited to 'spec/requests/api/resource_access_tokens_spec.rb')
-rw-r--r-- | spec/requests/api/resource_access_tokens_spec.rb | 101 |
1 files changed, 52 insertions, 49 deletions
diff --git a/spec/requests/api/resource_access_tokens_spec.rb b/spec/requests/api/resource_access_tokens_spec.rb index d9a12e7e148..24efac3128d 100644 --- a/spec/requests/api/resource_access_tokens_spec.rb +++ b/spec/requests/api/resource_access_tokens_spec.rb @@ -243,65 +243,33 @@ RSpec.describe API::ResourceAccessTokens do end context "when the user has valid permissions" do - context 'when user_destroy_with_limited_execution_time_worker is enabled' do - it "deletes the #{source_type} access token from the #{source_type}" do - delete_token - - expect(response).to have_gitlab_http_status(:no_content) - expect( - Users::GhostUserMigration.where(user: project_bot, - initiator_user: user) - ).to be_exists - end - - context "when using #{source_type} access token to DELETE other #{source_type} access token" do - let_it_be(:other_project_bot) { create(:user, :project_bot) } - let_it_be(:other_token) { create(:personal_access_token, user: other_project_bot) } - let_it_be(:token_id) { other_token.id } - - before do - resource.add_maintainer(other_project_bot) - end - - it "deletes the #{source_type} access token from the #{source_type}" do - delete_token + it "deletes the #{source_type} access token from the #{source_type}" do + delete_token - expect(response).to have_gitlab_http_status(:no_content) - expect( - Users::GhostUserMigration.where(user: other_project_bot, - initiator_user: user) - ).to be_exists - end - end + expect(response).to have_gitlab_http_status(:no_content) + expect( + Users::GhostUserMigration.where(user: project_bot, + initiator_user: user) + ).to be_exists end - context 'when user_destroy_with_limited_execution_time_worker is disabled' do + context "when using #{source_type} access token to DELETE other #{source_type} access token" do + let_it_be(:other_project_bot) { create(:user, :project_bot) } + let_it_be(:other_token) { create(:personal_access_token, user: other_project_bot) } + let_it_be(:token_id) { other_token.id } + before do - stub_feature_flags(user_destroy_with_limited_execution_time_worker: false) + resource.add_maintainer(other_project_bot) end it "deletes the #{source_type} access token from the #{source_type}" do delete_token expect(response).to have_gitlab_http_status(:no_content) - expect(User.exists?(project_bot.id)).to be_falsy - end - - context "when using #{source_type} access token to DELETE other #{source_type} access token" do - let_it_be(:other_project_bot) { create(:user, :project_bot) } - let_it_be(:other_token) { create(:personal_access_token, user: other_project_bot) } - let_it_be(:token_id) { other_token.id } - - before do - resource.add_maintainer(other_project_bot) - end - - it "deletes the #{source_type} access token from the #{source_type}" do - delete_token - - expect(response).to have_gitlab_http_status(:no_content) - expect(User.exists?(other_project_bot.id)).to be_falsy - end + expect( + Users::GhostUserMigration.where(user: other_project_bot, + initiator_user: user) + ).to be_exists end end @@ -416,6 +384,41 @@ RSpec.describe API::ResourceAccessTokens do expect(response.body).to include("scopes is missing") end end + + context "when using invalid 'scopes'" do + let_it_be(:params) do + { + name: "test", + scopes: ["test"], + expires_at: 5.days.from_now + } + end + + it "does not create a #{source_type} access token with invalid 'scopes'", :aggregate_failures do + create_token + + expect(response).to have_gitlab_http_status(:bad_request) + expect(response.body).to include("scopes does not have a valid value") + end + end + + context "when using invalid 'access_level'" do + let_it_be(:params) do + { + name: "test", + scopes: ["api"], + expires_at: 5.days.from_now, + access_level: Gitlab::Access::NO_ACCESS + } + end + + it "does not create a #{source_type} access token with invalid 'access_level'", :aggregate_failures do + create_token + + expect(response).to have_gitlab_http_status(:bad_request) + expect(response.body).to include("access_level does not have a valid value") + end + end end context "when trying to create a token in a different #{source_type}" do |