Merge branch 'dm-remove-private-token' into 'master'

Remove Private Tokens Closes #38595 and #38447 See merge request gitlab-org/gitlab-ce!14838
author: Sean McGivern <sean@mcgivern.me.uk> 2017-11-02 18:25:42 +0300
committer: Sean McGivern <sean@mcgivern.me.uk> 2017-11-02 18:25:42 +0300
commit: 56dccc2e1089e2866d0442cac379b3f93c98a55f (patch)
tree: 7600acfcf7de21ab4a5470c3653ea3ddcd91f13c /spec/controllers
parent: 983436375690348c88fa79e4974c5267afb5b0ce (diff)
parent: d0af6047bcaa336a829d04786496db6d263ea0a4 (diff)
1 files changed, 28 insertions, 58 deletions
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 6802b839eaa..b73ca0c2346 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -50,70 +50,36 @@ describe ApplicationController do
     end
   end
 
-  describe "#authenticate_user_from_token!" do
-    describe "authenticating a user from a private token" do
-      controller(described_class) do
-        def index
-          render text: "authenticated"
-        end
-      end
-
-      context "when the 'private_token' param is populated with the private token" do
-        it "logs the user in" do
-          get :index, private_token: user.private_token
-          expect(response).to have_gitlab_http_status(200)
-          expect(response.body).to eq("authenticated")
-        end
-      end
-
-      context "when the 'PRIVATE-TOKEN' header is populated with the private token" do
-        it "logs the user in" do
-          @request.headers['PRIVATE-TOKEN'] = user.private_token
-          get :index
-          expect(response).to have_gitlab_http_status(200)
-          expect(response.body).to eq("authenticated")
-        end
-      end
-
-      it "doesn't log the user in otherwise" do
-        @request.headers['PRIVATE-TOKEN'] = "token"
-        get :index, private_token: "token", authenticity_token: "token"
-        expect(response.status).not_to eq(200)
-        expect(response.body).not_to eq("authenticated")
+  describe "#authenticate_user_from_personal_access_token!" do
+    controller(described_class) do
+      def index
+        render text: 'authenticated'
       end
     end
 
-    describe "authenticating a user from a personal access token" do
-      controller(described_class) do
-        def index
-          render text: 'authenticated'
-        end
-      end
-
-      let(:personal_access_token) { create(:personal_access_token, user: user) }
+    let(:personal_access_token) { create(:personal_access_token, user: user) }
 
-      context "when the 'personal_access_token' param is populated with the personal access token" do
-        it "logs the user in" do
-          get :index, private_token: personal_access_token.token
-          expect(response).to have_gitlab_http_status(200)
-          expect(response.body).to eq('authenticated')
-        end
+    context "when the 'personal_access_token' param is populated with the personal access token" do
+      it "logs the user in" do
+        get :index, private_token: personal_access_token.token
+        expect(response).to have_gitlab_http_status(200)
+        expect(response.body).to eq('authenticated')
       end
+    end
 
-      context "when the 'PERSONAL_ACCESS_TOKEN' header is populated with the personal access token" do
-        it "logs the user in" do
-          @request.headers["PRIVATE-TOKEN"] = personal_access_token.token
-          get :index
-          expect(response).to have_gitlab_http_status(200)
-          expect(response.body).to eq('authenticated')
-        end
+    context "when the 'PERSONAL_ACCESS_TOKEN' header is populated with the personal access token" do
+      it "logs the user in" do
+        @request.headers["PRIVATE-TOKEN"] = personal_access_token.token
+        get :index
+        expect(response).to have_gitlab_http_status(200)
+        expect(response.body).to eq('authenticated')
       end
+    end
 
-      it "doesn't log the user in otherwise" do
-        get :index, private_token: "token"
-        expect(response.status).not_to eq(200)
-        expect(response.body).not_to eq('authenticated')
-      end
+    it "doesn't log the user in otherwise" do
+      get :index, private_token: "token"
+      expect(response.status).not_to eq(200)
+      expect(response.body).not_to eq('authenticated')
     end
   end
 
@@ -152,11 +118,15 @@ describe ApplicationController do
       end
     end
 
+    before do
+      sign_in user
+    end
+
     context 'when format is handled' do
       let(:requested_format) { :json }
 
       it 'returns 200 response' do
-        get :index, private_token: user.private_token, format: requested_format
+        get :index, format: requested_format
 
         expect(response).to have_gitlab_http_status 200
       end
@@ -164,7 +134,7 @@ describe ApplicationController do
 
     context 'when format is not handled' do
       it 'returns 404 response' do
-        get :index, private_token: user.private_token
+        get :index
 
         expect(response).to have_gitlab_http_status 404
       end
author	Sean McGivern <sean@mcgivern.me.uk>	2017-11-02 18:25:42 +0300
committer	Sean McGivern <sean@mcgivern.me.uk>	2017-11-02 18:25:42 +0300
commit	56dccc2e1089e2866d0442cac379b3f93c98a55f (patch)
tree	7600acfcf7de21ab4a5470c3653ea3ddcd91f13c /spec/controllers
parent	983436375690348c88fa79e4974c5267afb5b0ce (diff)
parent	d0af6047bcaa336a829d04786496db6d263ea0a4 (diff)