diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-12-19 14:01:45 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-12-19 14:01:45 +0300 |
commit | 9297025d0b7ddf095eb618dfaaab2ff8f2018d8b (patch) | |
tree | 865198c01d1824a9b098127baa3ab980c9cd2c06 /spec/features/user_settings/personal_access_tokens_spec.rb | |
parent | 6372471f43ee03c05a7c1f8b0c6ac6b8a7431dbe (diff) |
Add latest changes from gitlab-org/gitlab@16-7-stable-eev16.7.0-rc42
Diffstat (limited to 'spec/features/user_settings/personal_access_tokens_spec.rb')
-rw-r--r-- | spec/features/user_settings/personal_access_tokens_spec.rb | 161 |
1 files changed, 161 insertions, 0 deletions
diff --git a/spec/features/user_settings/personal_access_tokens_spec.rb b/spec/features/user_settings/personal_access_tokens_spec.rb new file mode 100644 index 00000000000..55f1edfd26a --- /dev/null +++ b/spec/features/user_settings/personal_access_tokens_spec.rb @@ -0,0 +1,161 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'User Settings > Personal Access Tokens', :js, feature_category: :system_access do + include Spec::Support::Helpers::ModalHelpers + include Features::AccessTokenHelpers + + let(:user) { create(:user) } + let(:pat_create_service) do + instance_double('PersonalAccessTokens::CreateService', + execute: ServiceResponse.error(message: 'error', payload: { personal_access_token: PersonalAccessToken.new })) + end + + before do + sign_in(user) + end + + describe "token creation" do + it "allows creation of a personal access token" do + name = 'My PAT' + + visit user_settings_personal_access_tokens_path + + click_button 'Add new token' + fill_in "Token name", with: name + + # Set date to 1st of next month + find_field("Expiration date").click + find(".pika-next").click + click_on "1" + + # Scopes + check "read_api" + check "read_user" + + click_on "Create personal access token" + wait_for_all_requests + + expect(active_access_tokens).to have_text(name) + expect(active_access_tokens).to have_text('in') + expect(active_access_tokens).to have_text('read_api') + expect(active_access_tokens).to have_text('read_user') + expect(created_access_token).to match(/[\w-]{20}/) + end + + context "when creation fails" do + it "displays an error message" do + number_tokens_before = PersonalAccessToken.count + visit user_settings_personal_access_tokens_path + + click_button 'Add new token' + fill_in "Token name", with: 'My PAT' + + click_on "Create personal access token" + wait_for_all_requests + + expect(number_tokens_before).to equal(PersonalAccessToken.count) + expect(page).to have_content(_("Scopes can't be blank")) + expect(page).not_to have_selector("[data-testid='new-access-tokens']") + end + end + end + + describe 'active tokens' do + let!(:impersonation_token) { create(:personal_access_token, :impersonation, user: user) } + let!(:personal_access_token) { create(:personal_access_token, user: user) } + + it 'only shows personal access tokens' do + visit user_settings_personal_access_tokens_path + + expect(active_access_tokens).to have_text(personal_access_token.name) + expect(active_access_tokens).not_to have_text(impersonation_token.name) + end + + context 'when User#time_display_relative is false' do + before do + user.update!(time_display_relative: false) + end + + it 'shows absolute times for expires_at' do + visit user_settings_personal_access_tokens_path + + expect(active_access_tokens).to have_text(PersonalAccessToken.last.expires_at.strftime('%b %-d')) + end + end + end + + describe "inactive tokens" do + let!(:personal_access_token) { create(:personal_access_token, user: user) } + + it "allows revocation of an active token" do + visit user_settings_personal_access_tokens_path + accept_gl_confirm(button_text: 'Revoke') { click_on "Revoke" } + + expect(active_access_tokens).to have_text("This user has no active personal access tokens.") + end + + it "removes expired tokens from 'active' section" do + personal_access_token.update!(expires_at: 5.days.ago) + visit user_settings_personal_access_tokens_path + + expect(active_access_tokens).to have_text("This user has no active personal access tokens.") + end + + context "when revocation fails" do + it "displays an error message" do + allow_next_instance_of(PersonalAccessTokens::RevokeService) do |instance| + allow(instance).to receive(:revocation_permitted?).and_return(false) + end + visit user_settings_personal_access_tokens_path + + accept_gl_confirm(button_text: "Revoke") { click_on "Revoke" } + expect(active_access_tokens).to have_text(personal_access_token.name) + end + end + end + + describe "feed token" do + def feed_token_description + "Your feed token authenticates you when your RSS reader loads a personalized RSS feed or when your calendar\ + application loads a personalized calendar. It is visible in those feed URLs." + end + + context "when enabled" do + it "displays feed token" do + allow(Gitlab::CurrentSettings).to receive(:disable_feed_token).and_return(false) + visit user_settings_personal_access_tokens_path + + within_testid('feed-token-container') do + click_button('Click to reveal') + + expect(page).to have_field('Feed token', with: user.feed_token) + expect(page).to have_content(feed_token_description) + end + end + end + + context "when disabled" do + it "does not display feed token" do + allow(Gitlab::CurrentSettings).to receive(:disable_feed_token).and_return(true) + visit user_settings_personal_access_tokens_path + + expect(page).not_to have_content(feed_token_description) + expect(page).not_to have_field('Feed token') + end + end + end + + it "prefills token details" do + name = 'My PAT' + scopes = 'api,read_user' + + visit user_settings_personal_access_tokens_path({ name: name, scopes: scopes }) + + click_button 'Add new token' + expect(page).to have_field("Token name", with: name) + expect(find("#personal_access_token_scopes_api")).to be_checked + expect(find("#personal_access_token_scopes_read_user")).to be_checked + end +end |