From db18993f652425b72c4b854e18a002e0ec44b196 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Mon, 19 Mar 2018 10:11:12 -0600 Subject: Create barebones for Deploytoken Includes: - Model, factories, create service and controller actions - As usual, includes specs for everything - Builds UI (copy from PAT) - Add revoke action Closes #31591 --- spec/models/deploy_token_spec.rb | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 spec/models/deploy_token_spec.rb (limited to 'spec/models/deploy_token_spec.rb') diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb new file mode 100644 index 00000000000..bd27da63dfe --- /dev/null +++ b/spec/models/deploy_token_spec.rb @@ -0,0 +1,38 @@ +require 'spec_helper' + +describe DeployToken do + it { is_expected.to belong_to :project } + + describe 'validations' do + let(:project_deploy_token) { build(:deploy_token) } + + context 'with no scopes defined' do + it 'should not be valid' do + project_deploy_token.scopes = [] + + expect(project_deploy_token).not_to be_valid + expect(project_deploy_token.errors[:scopes].first).to eq("can't be blank") + end + end + end + + describe '#ensure_token' do + let(:project_deploy_token) { build(:deploy_token) } + + it 'should ensure a token' do + project_deploy_token.token = nil + project_deploy_token.save + + expect(project_deploy_token.token).not_to be_empty + end + end + + describe '#revoke!' do + subject { create(:deploy_token) } + + it 'should update revoke attribute' do + subject.revoke! + expect(subject.revoked?).to be_truthy + end + end +end -- cgit v1.2.1 From 370fc05da7f95bf6621867a71d51493cf3899e25 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Thu, 29 Mar 2018 16:56:35 -0600 Subject: Implement 'read_repo' for DeployTokens This will allow to download a repo using the token from the DeployToken --- spec/models/deploy_token_spec.rb | 46 ++++++++++++++++++++++++++++------------ 1 file changed, 32 insertions(+), 14 deletions(-) (limited to 'spec/models/deploy_token_spec.rb') diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb index bd27da63dfe..26d846ac6c8 100644 --- a/spec/models/deploy_token_spec.rb +++ b/spec/models/deploy_token_spec.rb @@ -1,38 +1,56 @@ require 'spec_helper' describe DeployToken do + let(:deploy_token) { create(:deploy_token) } + it { is_expected.to belong_to :project } describe 'validations' do - let(:project_deploy_token) { build(:deploy_token) } - context 'with no scopes defined' do it 'should not be valid' do - project_deploy_token.scopes = [] + deploy_token.scopes = [] - expect(project_deploy_token).not_to be_valid - expect(project_deploy_token.errors[:scopes].first).to eq("can't be blank") + expect(deploy_token).not_to be_valid + expect(deploy_token.errors[:scopes].first).to eq("can't be blank") end end end describe '#ensure_token' do - let(:project_deploy_token) { build(:deploy_token) } - it 'should ensure a token' do - project_deploy_token.token = nil - project_deploy_token.save + deploy_token.token = nil + deploy_token.save - expect(project_deploy_token.token).not_to be_empty + expect(deploy_token.token).not_to be_empty end end describe '#revoke!' do - subject { create(:deploy_token) } - it 'should update revoke attribute' do - subject.revoke! - expect(subject.revoked?).to be_truthy + deploy_token.revoke! + expect(deploy_token.revoked?).to be_truthy + end + end + + describe "#active?" do + context "when it has been revoked" do + it 'should return false' do + deploy_token.revoke! + expect(deploy_token.active?).to be_falsy + end + end + + context "when it hasn't been revoked" do + it 'should return true' do + expect(deploy_token.active?).to be_truthy + end + end + end + + describe '#username' do + it 'returns Ghost username' do + ghost = User.ghost + expect(deploy_token.username).to eq(ghost.username) end end end -- cgit v1.2.1 From 171b2625b128e5954ce0a150a4fc923a22164e4e Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Wed, 4 Apr 2018 18:43:41 -0500 Subject: Addreses backend review suggestions - Remove extra method for authorize_admin_project - Ensure project presence - Rename 'read_repo' to 'read_repository' to be more verbose --- spec/models/deploy_token_spec.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'spec/models/deploy_token_spec.rb') diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb index 26d846ac6c8..50f6f441a58 100644 --- a/spec/models/deploy_token_spec.rb +++ b/spec/models/deploy_token_spec.rb @@ -4,6 +4,7 @@ describe DeployToken do let(:deploy_token) { create(:deploy_token) } it { is_expected.to belong_to :project } + it { is_expected.to validate_presence_of :project } describe 'validations' do context 'with no scopes defined' do -- cgit v1.2.1 From 8315861c9a50675b4f4f4ca536f0da90f27994f3 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Thu, 5 Apr 2018 12:22:34 -0500 Subject: Include ProjectDeployTokens Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs --- spec/models/deploy_token_spec.rb | 50 ++++++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 15 deletions(-) (limited to 'spec/models/deploy_token_spec.rb') diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb index 50f6f441a58..395c97f13a5 100644 --- a/spec/models/deploy_token_spec.rb +++ b/spec/models/deploy_token_spec.rb @@ -1,28 +1,49 @@ require 'spec_helper' describe DeployToken do - let(:deploy_token) { create(:deploy_token) } + subject(:deploy_token) { create(:deploy_token) } - it { is_expected.to belong_to :project } - it { is_expected.to validate_presence_of :project } + it { is_expected.to have_many :project_deploy_tokens } + it { is_expected.to have_many(:projects).through(:project_deploy_tokens) } - describe 'validations' do - context 'with no scopes defined' do - it 'should not be valid' do - deploy_token.scopes = [] + describe '#ensure_token' do + it 'should ensure a token' do + deploy_token.token = nil + deploy_token.save + + expect(deploy_token.token).not_to be_empty + end + end + + describe '#ensure_at_least_one_scope' do + context 'with at least one scope' do + it 'should be valid' do + is_expected.to be_valid + end + end + + context 'with no scopes' do + it 'should be invalid' do + deploy_token = build(:deploy_token, read_repository: false, read_registry: false) expect(deploy_token).not_to be_valid - expect(deploy_token.errors[:scopes].first).to eq("can't be blank") + expect(deploy_token.errors[:base].first).to eq("Scopes can't be blank") end end end - describe '#ensure_token' do - it 'should ensure a token' do - deploy_token.token = nil - deploy_token.save + describe '#scopes' do + context 'with all the scopes' do + it 'should return scopes assigned to DeployToken' do + expect(deploy_token.scopes).to eq([:read_repository, :read_registry]) + end + end - expect(deploy_token.token).not_to be_empty + context 'with only one scope' do + it 'should return scopes assigned to DeployToken' do + deploy_token = create(:deploy_token, read_registry: false) + expect(deploy_token.scopes).to eq([:read_repository]) + end end end @@ -50,8 +71,7 @@ describe DeployToken do describe '#username' do it 'returns Ghost username' do - ghost = User.ghost - expect(deploy_token.username).to eq(ghost.username) + expect(deploy_token.username).to eq("gitlab+deploy-token-#{deploy_token.id}") end end end -- cgit v1.2.1 From c4f56a88029c1fe73bf6efb062b5f77a65282fed Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Thu, 5 Apr 2018 22:02:13 -0500 Subject: Increase test suite around deploy tokens behavior Also, fixes broken specs --- spec/models/deploy_token_spec.rb | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'spec/models/deploy_token_spec.rb') diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb index 395c97f13a5..1adc049ca58 100644 --- a/spec/models/deploy_token_spec.rb +++ b/spec/models/deploy_token_spec.rb @@ -70,8 +70,27 @@ describe DeployToken do end describe '#username' do - it 'returns Ghost username' do + it 'returns a harcoded username' do expect(deploy_token.username).to eq("gitlab+deploy-token-#{deploy_token.id}") end end + + describe '#has_access_to?' do + let(:project) { create(:project) } + + subject(:deploy_token) { create(:deploy_token, projects: [project]) } + + context 'when the deploy token has access to the project' do + it 'should return true' do + expect(deploy_token.has_access_to?(project)).to be_truthy + end + end + + context 'when the deploy token does not have access to the project' do + it 'should return false' do + another_project = create(:project) + expect(deploy_token.has_access_to?(another_project)).to be_falsy + end + end + end end -- cgit v1.2.1 From 5bc58bac2678aed9c8b2318f9f4d4825baa2b110 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Fri, 6 Apr 2018 14:48:17 -0500 Subject: Handle limit for datetime attributes on MySQL The TIMESTAMP data type is used for values that contain both date and time parts. TIMESTAMP has a range of '1970-01-01 00:00:01' UTC to '2038-01-19 03:14:07' UTC. A Forever lib class was included to handle future dates for PostgreSQL and MySQL, also changes were made to DeployToken to enforce Forever.date Also removes extra conditional from JwtController --- spec/models/deploy_token_spec.rb | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'spec/models/deploy_token_spec.rb') diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb index 1adc049ca58..5a15c23def4 100644 --- a/spec/models/deploy_token_spec.rb +++ b/spec/models/deploy_token_spec.rb @@ -93,4 +93,42 @@ describe DeployToken do end end end + + describe '#expires_at' do + context 'when using Forever.date' do + let(:deploy_token) { create(:deploy_token, expires_at: nil) } + + it 'should return nil' do + expect(deploy_token.expires_at).to be_nil + end + end + + context 'when using a personalized date' do + let(:expires_at) { Date.today + 5.months } + let(:deploy_token) { create(:deploy_token, expires_at: expires_at) } + + it 'should return the personalized date' do + expect(deploy_token.expires_at).to eq(expires_at) + end + end + end + + describe '#expires_at=' do + context 'when passing nil' do + let(:deploy_token) { create(:deploy_token, expires_at: nil) } + + it 'should assign Forever.date' do + expect(deploy_token.read_attribute(:expires_at)).to eq(Forever.date) + end + end + + context 'when passign a value' do + let(:expires_at) { Date.today + 5.months } + let(:deploy_token) { create(:deploy_token, expires_at: expires_at) } + + it 'should respect the value' do + expect(deploy_token.read_attribute(:expires_at)).to eq(expires_at) + end + end + end end -- cgit v1.2.1 From 3e35f65394fad201a9277667772f3ad9c6940d07 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Tue, 10 Apr 2018 07:31:30 +0000 Subject: Verify that deploy token has valid access when pulling container registry image --- spec/models/deploy_token_spec.rb | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) (limited to 'spec/models/deploy_token_spec.rb') diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb index 5a15c23def4..780b200e837 100644 --- a/spec/models/deploy_token_spec.rb +++ b/spec/models/deploy_token_spec.rb @@ -78,19 +78,30 @@ describe DeployToken do describe '#has_access_to?' do let(:project) { create(:project) } - subject(:deploy_token) { create(:deploy_token, projects: [project]) } + subject { deploy_token.has_access_to?(project) } - context 'when the deploy token has access to the project' do - it 'should return true' do - expect(deploy_token.has_access_to?(project)).to be_truthy - end + context 'when deploy token is active and related to project' do + let(:deploy_token) { create(:deploy_token, projects: [project]) } + + it { is_expected.to be_truthy } end - context 'when the deploy token does not have access to the project' do - it 'should return false' do - another_project = create(:project) - expect(deploy_token.has_access_to?(another_project)).to be_falsy - end + context 'when deploy token is active but not related to project' do + let(:deploy_token) { create(:deploy_token) } + + it { is_expected.to be_falsy } + end + + context 'when deploy token is revoked and related to project' do + let(:deploy_token) { create(:deploy_token, :revoked, projects: [project]) } + + it { is_expected.to be_falsy } + end + + context 'when deploy token is revoked and not related to the project' do + let(:deploy_token) { create(:deploy_token, :revoked) } + + it { is_expected.to be_falsy } end end -- cgit v1.2.1