diff options
author | Regis Boudinot <boudinot.regis@yahoo.com> | 2017-06-08 23:06:09 +0300 |
---|---|---|
committer | Regis Boudinot <boudinot.regis@yahoo.com> | 2017-06-08 23:06:09 +0300 |
commit | b1bf6d88fceb24663bfe4be2d9cc111710d9126b (patch) | |
tree | 9275e78a1822df870183a85a2db83f18607595c0 /spec/controllers | |
parent | af16177707418ff9a4f96c0fee95b3788d153474 (diff) | |
parent | e0e5d097327c52e54a6e7433bbf0e350f15bf1f3 (diff) |
Merge branch 'master-security-update' into 'master'
Master security update
See merge request !12025
Diffstat (limited to 'spec/controllers')
-rw-r--r-- | spec/controllers/autocomplete_controller_spec.rb | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb index 2c9d1ffc9c2..4c3a5ec49ef 100644 --- a/spec/controllers/autocomplete_controller_spec.rb +++ b/spec/controllers/autocomplete_controller_spec.rb @@ -170,22 +170,32 @@ describe AutocompleteController do end context 'author of issuable included' do - before do - sign_in(user) - end - let(:body) { JSON.parse(response.body) } - it 'includes the author' do - get(:users, author_id: non_member.id) + context 'authenticated' do + before do + sign_in(user) + end + + it 'includes the author' do + get(:users, author_id: non_member.id) + + expect(body.first["username"]).to eq non_member.username + end + + it 'rejects non existent user ids' do + get(:users, author_id: 99999) - expect(body.first["username"]).to eq non_member.username + expect(body.collect { |u| u['id'] }).not_to include(99999) + end end - it 'rejects non existent user ids' do - get(:users, author_id: 99999) + context 'without authenticating' do + it 'returns empty result' do + get(:users, author_id: non_member.id) - expect(body.collect { |u| u['id'] }).not_to include(99999) + expect(body).to be_empty + end end end |