spec/support/shared_examples/controllers/external_authorization_service_shared_examples.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

# frozen_string_literal: true

require 'spec_helper'

shared_examples 'disabled when using an external authorization service' do
  include ExternalAuthorizationServiceHelpers

  it 'works when the feature is not enabled' do
    subject

    expect(response).to be_successful
  end

  it 'renders a 404 with a message when the feature is enabled' do
    enable_external_authorization_service_check

    subject

    expect(response).to have_gitlab_http_status(403)
  end
end

shared_examples 'unauthorized when external service denies access' do
  include ExternalAuthorizationServiceHelpers

  it 'allows access when the authorization service allows it' do
    external_service_allow_access(user, project)

    subject

    # Account for redirects after updates
    expect(response.status).to be_between(200, 302)
  end

  it 'allows access when the authorization service denies it' do
    external_service_deny_access(user, project)

    subject

    expect(response).to have_gitlab_http_status(403)
  end
end