1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Profiles::PersonalAccessTokensController do
let(:user) { create(:user) }
let(:token_attributes) { attributes_for(:personal_access_token) }
before do
sign_in(user)
end
describe '#create' do
def created_token
PersonalAccessToken.order(:created_at).last
end
it "allows creation of a token with scopes" do
name = 'My PAT'
scopes = %w[api read_user]
post :create, params: { personal_access_token: token_attributes.merge(scopes: scopes, name: name) }
expect(created_token).not_to be_nil
expect(created_token.name).to eq(name)
expect(created_token.scopes).to eq(scopes)
expect(PersonalAccessToken.active).to include(created_token)
end
it "allows creation of a token with an expiry date" do
expires_at = 5.days.from_now.to_date
post :create, params: { personal_access_token: token_attributes.merge(expires_at: expires_at) }
expect(created_token).not_to be_nil
expect(created_token.expires_at).to eq(expires_at)
end
end
describe '#index' do
let!(:active_personal_access_token) { create(:personal_access_token, user: user) }
before do
# Impersonation and inactive personal tokens are ignored
create(:personal_access_token, :impersonation, user: user)
create(:personal_access_token, :revoked, user: user)
get :index
end
it "only includes details of the active personal access token" do
active_personal_access_tokens_detail = ::API::Entities::PersonalAccessTokenWithDetails
.represent([active_personal_access_token])
expect(assigns(:active_personal_access_tokens).to_json).to eq(active_personal_access_tokens_detail.to_json)
end
it "sets PAT name and scopes" do
name = 'My PAT'
scopes = 'api,read_user'
get :index, params: { name: name, scopes: scopes }
expect(assigns(:personal_access_token)).to have_attributes(
name: eq(name),
scopes: contain_exactly(:api, :read_user)
)
end
context "access_token_pagination feature flag is enabled" do
before do
stub_feature_flags(access_token_pagination: true)
allow(Kaminari.config).to receive(:default_per_page).and_return(1)
create(:personal_access_token, user: user)
end
it "returns paginated response" do
get :index, params: { page: 1 }
expect(assigns(:active_personal_access_tokens).count).to eq(1)
end
it 'adds appropriate headers' do
get :index, params: { page: 1 }
expect_header('X-Per-Page', '1')
expect_header('X-Page', '1')
expect_header('X-Next-Page', '2')
expect_header('X-Total', '2')
end
end
context "tokens returned are ordered" do
let(:expires_1_day_from_now) { 1.day.from_now.to_date }
let(:expires_2_day_from_now) { 2.days.from_now.to_date }
before do
create(:personal_access_token, user: user, name: "Token1", expires_at: expires_1_day_from_now)
create(:personal_access_token, user: user, name: "Token2", expires_at: expires_2_day_from_now)
end
it "orders token list ascending on expires_at" do
get :index
first_token = assigns(:active_personal_access_tokens).first.as_json
expect(first_token[:name]).to eq("Token1")
expect(first_token[:expires_at]).to eq(expires_1_day_from_now.strftime("%Y-%m-%d"))
end
it "orders tokens on id in case token has same expires_at" do
create(:personal_access_token, user: user, name: "Token3", expires_at: expires_1_day_from_now)
get :index
first_token = assigns(:active_personal_access_tokens).first.as_json
expect(first_token[:name]).to eq("Token3")
expect(first_token[:expires_at]).to eq(expires_1_day_from_now.strftime("%Y-%m-%d"))
second_token = assigns(:active_personal_access_tokens).second.as_json
expect(second_token[:name]).to eq("Token1")
expect(second_token[:expires_at]).to eq(expires_1_day_from_now.strftime("%Y-%m-%d"))
end
end
context "access_token_pagination feature flag is disabled" do
before do
stub_feature_flags(access_token_pagination: false)
create(:personal_access_token, user: user)
end
it "returns all tokens in system" do
get :index, params: { page: 1 }
expect(assigns(:active_personal_access_tokens).count).to eq(2)
end
end
end
def expect_header(header_name, header_val)
expect(response.headers[header_name]).to eq(header_val)
end
end
|