diff options
| author | Felipe Artur <felipefac@gmail.com> | 2016-06-17 12:38:49 -0300 |
|---|---|---|
| committer | Felipe Artur <felipefac@gmail.com> | 2016-06-17 14:29:11 -0300 |
| commit | e5aa902860fcc2380fd25a6a4f0736dae159eba3 (patch) | |
| tree | ba3c678a476bc7153490da412ebd64223c155c1c /spec/requests/api | |
| parent | ab236c76247d83c190b148acbffa48f244414553 (diff) | |
| parent | ae4491b42181f7195199fd6ac9273891d6e48263 (diff) | |
| download | gitlab-ce-e5aa902860fcc2380fd25a6a4f0736dae159eba3.tar.gz | |
Merge master into issue_12758issue_12758
Diffstat (limited to 'spec/requests/api')
| -rw-r--r-- | spec/requests/api/api_helpers_spec.rb | 76 | ||||
| -rw-r--r-- | spec/requests/api/projects_spec.rb | 16 |
2 files changed, 59 insertions, 33 deletions
diff --git a/spec/requests/api/api_helpers_spec.rb b/spec/requests/api/api_helpers_spec.rb index 0c19094ec54..f22db61e744 100644 --- a/spec/requests/api/api_helpers_spec.rb +++ b/spec/requests/api/api_helpers_spec.rb @@ -1,8 +1,10 @@ require 'spec_helper' -describe API, api: true do +describe API::Helpers, api: true do + include API::Helpers include ApiHelpers + let(:user) { create(:user) } let(:admin) { create(:admin) } let(:key) { create(:key, user: user) } @@ -39,24 +41,64 @@ describe API, api: true do end describe ".current_user" do - it "should return nil for an invalid token" do - env[API::Helpers::PRIVATE_TOKEN_HEADER] = 'invalid token' - allow_any_instance_of(self.class).to receive(:doorkeeper_guard){ false } - expect(current_user).to be_nil - end - - it "should return nil for a user without access" do - env[API::Helpers::PRIVATE_TOKEN_HEADER] = user.private_token - allow(Gitlab::UserAccess).to receive(:allowed?).and_return(false) - expect(current_user).to be_nil + describe "when authenticating using a user's private token" do + it "should return nil for an invalid token" do + env[API::Helpers::PRIVATE_TOKEN_HEADER] = 'invalid token' + allow_any_instance_of(self.class).to receive(:doorkeeper_guard){ false } + expect(current_user).to be_nil + end + + it "should return nil for a user without access" do + env[API::Helpers::PRIVATE_TOKEN_HEADER] = user.private_token + allow(Gitlab::UserAccess).to receive(:allowed?).and_return(false) + expect(current_user).to be_nil + end + + it "should leave user as is when sudo not specified" do + env[API::Helpers::PRIVATE_TOKEN_HEADER] = user.private_token + expect(current_user).to eq(user) + clear_env + params[API::Helpers::PRIVATE_TOKEN_PARAM] = user.private_token + expect(current_user).to eq(user) + end end - it "should leave user as is when sudo not specified" do - env[API::Helpers::PRIVATE_TOKEN_HEADER] = user.private_token - expect(current_user).to eq(user) - clear_env - params[API::Helpers::PRIVATE_TOKEN_PARAM] = user.private_token - expect(current_user).to eq(user) + describe "when authenticating using a user's personal access tokens" do + let(:personal_access_token) { create(:personal_access_token, user: user) } + + it "should return nil for an invalid token" do + env[API::Helpers::PRIVATE_TOKEN_HEADER] = 'invalid token' + allow_any_instance_of(self.class).to receive(:doorkeeper_guard){ false } + expect(current_user).to be_nil + end + + it "should return nil for a user without access" do + env[API::Helpers::PRIVATE_TOKEN_HEADER] = personal_access_token.token + allow(Gitlab::UserAccess).to receive(:allowed?).and_return(false) + expect(current_user).to be_nil + end + + it "should leave user as is when sudo not specified" do + env[API::Helpers::PRIVATE_TOKEN_HEADER] = personal_access_token.token + expect(current_user).to eq(user) + clear_env + params[API::Helpers::PRIVATE_TOKEN_PARAM] = personal_access_token.token + expect(current_user).to eq(user) + end + + it 'does not allow revoked tokens' do + personal_access_token.revoke! + env[API::Helpers::PRIVATE_TOKEN_HEADER] = personal_access_token.token + allow_any_instance_of(self.class).to receive(:doorkeeper_guard){ false } + expect(current_user).to be_nil + end + + it 'does not allow expired tokens' do + personal_access_token.update_attributes!(expires_at: 1.day.ago) + env[API::Helpers::PRIVATE_TOKEN_HEADER] = personal_access_token.token + allow_any_instance_of(self.class).to receive(:doorkeeper_guard){ false } + expect(current_user).to be_nil + end end it "should change current user to sudo when admin" do diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index 2a2ac8710ee..01eb4b44b83 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -438,14 +438,6 @@ describe API::API, api: true do to eq(Gitlab::Access::MASTER) expect(json_response.first['permissions']['group_access']).to be_nil end - - it 'contains notification level information' do - get api("/projects", user) - - expect(response.status).to eq(200) - expect(json_response.first['permissions']['project_access']['notification_level']['level']).to eq(NotificationSetting.levels[:global]) - expect(json_response.first['permissions']['project_access']['notification_level'].keys).to include('events') - end end context 'personal project' do @@ -473,14 +465,6 @@ describe API::API, api: true do expect(json_response['permissions']['group_access']['access_level']). to eq(Gitlab::Access::OWNER) end - - it 'shows notification level information' do - get api("/projects/#{project2.id}", user) - - expect(response.status).to eq(200) - expect(json_response['permissions']['group_access']['notification_level']['level']).to eq(NotificationSetting.levels[:global]) - expect(json_response['permissions']['group_access']['notification_level'].keys).to include('events') - end end end end |