spec/requests/api/integrations/jira_connect/subscriptions_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe API::Integrations::JiraConnect::Subscriptions do
  describe 'POST /integrations/jira_connect/subscriptions' do
    subject(:post_subscriptions) { post api('/integrations/jira_connect/subscriptions') }

    it 'returns 401' do
      post_subscriptions

      expect(response).to have_gitlab_http_status(:unauthorized)
    end

    context 'with user token' do
      let(:group) { create(:group) }
      let(:user) { create(:user) }

      subject(:post_subscriptions) do
        post api('/integrations/jira_connect/subscriptions', user), params: { jwt: jwt, namespace_path: group.path }
      end

      context 'with feature flag disabled' do
        before do
          stub_feature_flags(jira_connect_oauth: false)
        end

        let(:jwt) { '123' }

        it 'returns 404' do
          post_subscriptions

          expect(response).to have_gitlab_http_status(:not_found)
        end
      end

      context 'with invalid JWT' do
        let(:jwt) { '123' }

        it 'returns 401' do
          post_subscriptions

          expect(response).to have_gitlab_http_status(:unauthorized)
          expect(json_response).to eq('message' => '401 Unauthorized - JWT authentication failed')
        end
      end

      context 'with valid JWT' do
        let_it_be(:installation) { create(:jira_connect_installation) }
        let_it_be(:user) { create(:user) }

        let(:claims) { { iss: installation.client_key, qsh: 'context-qsh', sub: 1234 } }
        let(:jwt) { Atlassian::Jwt.encode(claims, installation.shared_secret) }
        let(:jira_user) { { 'groups' => { 'items' => [{ 'name' => jira_group_name }] } } }
        let(:jira_group_name) { 'site-admins' }

        before do
          WebMock
            .stub_request(:get, "#{installation.base_url}/rest/api/3/user?accountId=1234&expand=groups")
            .to_return(body: jira_user.to_json, status: 200, headers: { 'Content-Type' => 'application/json' })
        end

        it 'returns 401 if the user does not have access to the group' do
          post_subscriptions

          expect(response).to have_gitlab_http_status(:unauthorized)
        end

        context 'user has access to the group' do
          before do
            group.add_maintainer(user)
          end

          it 'creates a subscription' do
            expect { post_subscriptions }.to change { installation.subscriptions.count }.from(0).to(1)
          end

          it 'returns 201' do
            post_subscriptions

            expect(response).to have_gitlab_http_status(:created)
          end
        end
      end
    end
  end
end