diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-07-24 17:46:47 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-07-24 17:46:47 +0000 |
| commit | 9ae0103d7eefdf28bd12923fbd075f9c28982d7b (patch) | |
| tree | b081fb11037dbf97bde92e0e2670fc12459a8864 /spec | |
| parent | 08d4019405bc60f8b585f39bb325bb4c2933d4dd (diff) | |
| parent | 65f7b74ef72748196fd833501f6d108f8ed89aad (diff) | |
| download | gitlab-ce-9ae0103d7eefdf28bd12923fbd075f9c28982d7b.tar.gz | |
Merge branch 'security-remove-take-trigger-ownership-feature-12-0' into '12-0-stable'
Drop feature to take ownership of a trigger token
See merge request gitlab/gitlabhq!3227
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/features/triggers_spec.rb | 23 | ||||
| -rw-r--r-- | spec/requests/api/triggers_spec.rb | 28 |
2 files changed, 0 insertions, 51 deletions
diff --git a/spec/features/triggers_spec.rb b/spec/features/triggers_spec.rb index 919859c145a..41b640bb53a 100644 --- a/spec/features/triggers_spec.rb +++ b/spec/features/triggers_spec.rb @@ -81,29 +81,6 @@ describe 'Triggers', :js do end end - describe 'trigger "Take ownership" workflow' do - before do - create(:ci_trigger, owner: user2, project: @project, description: trigger_title) - visit project_settings_ci_cd_path(@project) - end - - it 'button "Take ownership" has correct alert' do - expected_alert = 'By taking ownership you will bind this trigger to your user account. With this the trigger will have access to all your projects as if it was you. Are you sure?' - expect(page.find('a.btn-trigger-take-ownership')['data-confirm']).to eq expected_alert - end - - it 'take trigger ownership' do - # See if "Take ownership" on trigger works post trigger creation - page.accept_confirm do - first(:link, "Take ownership").send_keys(:return) - end - - expect(page.find('.flash-notice')).to have_content 'Trigger was re-assigned.' - expect(page.find('.triggers-list')).to have_content trigger_title - expect(page.find('.triggers-list .trigger-owner')).to have_content user.name - end - end - describe 'trigger "Revoke" workflow' do before do create(:ci_trigger, owner: user2, project: @project, description: trigger_title) diff --git a/spec/requests/api/triggers_spec.rb b/spec/requests/api/triggers_spec.rb index f0f01e97f1d..8ea3d16a41f 100644 --- a/spec/requests/api/triggers_spec.rb +++ b/spec/requests/api/triggers_spec.rb @@ -270,34 +270,6 @@ describe API::Triggers do end end - describe 'POST /projects/:id/triggers/:trigger_id/take_ownership' do - context 'authenticated user with valid permissions' do - it 'updates owner' do - post api("/projects/#{project.id}/triggers/#{trigger.id}/take_ownership", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to include('owner') - expect(trigger.reload.owner).to eq(user) - end - end - - context 'authenticated user with invalid permissions' do - it 'does not update owner' do - post api("/projects/#{project.id}/triggers/#{trigger.id}/take_ownership", user2) - - expect(response).to have_gitlab_http_status(403) - end - end - - context 'unauthenticated user' do - it 'does not update owner' do - post api("/projects/#{project.id}/triggers/#{trigger.id}/take_ownership") - - expect(response).to have_gitlab_http_status(401) - end - end - end - describe 'DELETE /projects/:id/triggers/:trigger_id' do context 'authenticated user with valid permissions' do it 'deletes trigger' do |