diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-20 15:26:25 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-20 15:26:25 +0300 |
| commit | a09983ae35713f5a2bbb100981116d31ce99826e (patch) | |
| tree | 2ee2af7bd104d57086db360a7e6d8c9d5d43667a /spec/lib/gitlab/auth | |
| parent | 18c5ab32b738c0b6ecb4d0df3994000482f34bd8 (diff) | |
Add latest changes from gitlab-org/gitlab@13-2-stable-ee
Diffstat (limited to 'spec/lib/gitlab/auth')
25 files changed, 98 insertions, 25 deletions
diff --git a/spec/lib/gitlab/auth/activity_spec.rb b/spec/lib/gitlab/auth/activity_spec.rb index e03fafe3826..cbc42c46470 100644 --- a/spec/lib/gitlab/auth/activity_spec.rb +++ b/spec/lib/gitlab/auth/activity_spec.rb @@ -2,7 +2,7 @@ require 'fast_spec_helper' -describe Gitlab::Auth::Activity do +RSpec.describe Gitlab::Auth::Activity do describe '.each_counter' do it 'has all static counters defined' do described_class.each_counter do |counter| diff --git a/spec/lib/gitlab/auth/auth_finders_spec.rb b/spec/lib/gitlab/auth/auth_finders_spec.rb index 2aef206c7fd..d0f5d0a9b35 100644 --- a/spec/lib/gitlab/auth/auth_finders_spec.rb +++ b/spec/lib/gitlab/auth/auth_finders_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::AuthFinders do +RSpec.describe Gitlab::Auth::AuthFinders do include described_class include HttpBasicAuthHelpers @@ -26,6 +26,63 @@ describe Gitlab::Auth::AuthFinders do env.merge!(basic_auth_header(username, password)) end + shared_examples 'find user from job token' do + context 'when route is allowed to be authenticated' do + let(:route_authentication_setting) { { job_token_allowed: true } } + + it "returns an Unauthorized exception for an invalid token" do + set_token('invalid token') + + expect { subject }.to raise_error(Gitlab::Auth::UnauthorizedError) + end + + it "return user if token is valid" do + set_token(job.token) + + expect(subject).to eq(user) + expect(@current_authenticated_job).to eq job + end + end + end + + describe '#find_user_from_bearer_token' do + let(:job) { create(:ci_build, user: user) } + + subject { find_user_from_bearer_token } + + context 'when the token is passed as an oauth token' do + def set_token(token) + env['HTTP_AUTHORIZATION'] = "Bearer #{token}" + end + + context 'with a job token' do + it_behaves_like 'find user from job token' + end + + context 'with oauth token' do + let(:application) { Doorkeeper::Application.create!(name: 'MyApp', redirect_uri: 'https://app.com', owner: user) } + let(:token) { Doorkeeper::AccessToken.create!(application_id: application.id, resource_owner_id: user.id, scopes: 'api').token } + + before do + set_token(token) + end + + it { is_expected.to eq user } + end + end + + context 'with a personal access token' do + let(:pat) { create(:personal_access_token, user: user) } + let(:token) { pat.token } + + before do + env[described_class::PRIVATE_TOKEN_HEADER] = pat.token + end + + it { is_expected.to eq user } + end + end + describe '#find_user_from_warden' do context 'with CSRF token' do before do @@ -522,8 +579,24 @@ describe Gitlab::Auth::AuthFinders do end describe '#validate_access_token!' do + subject { validate_access_token! } + let(:personal_access_token) { create(:personal_access_token, user: user) } + context 'with a job token' do + let(:route_authentication_setting) { { job_token_allowed: true } } + let(:job) { create(:ci_build, user: user) } + + before do + env['HTTP_AUTHORIZATION'] = "Bearer #{job.token}" + find_user_from_bearer_token + end + + it 'does not raise an error' do + expect { subject }.not_to raise_error + end + end + it 'returns nil if no access_token present' do expect(validate_access_token!).to be_nil end diff --git a/spec/lib/gitlab/auth/blocked_user_tracker_spec.rb b/spec/lib/gitlab/auth/blocked_user_tracker_spec.rb index 52849f8c172..76775db3a4a 100644 --- a/spec/lib/gitlab/auth/blocked_user_tracker_spec.rb +++ b/spec/lib/gitlab/auth/blocked_user_tracker_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::BlockedUserTracker do +RSpec.describe Gitlab::Auth::BlockedUserTracker do describe '#log_blocked_user_activity!' do context 'when user is not blocked' do it 'does not log blocked user activity' do diff --git a/spec/lib/gitlab/auth/current_user_mode_spec.rb b/spec/lib/gitlab/auth/current_user_mode_spec.rb index 26e44fa7cc8..60b403780c0 100644 --- a/spec/lib/gitlab/auth/current_user_mode_spec.rb +++ b/spec/lib/gitlab/auth/current_user_mode_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::CurrentUserMode, :do_not_mock_admin_mode, :request_store do +RSpec.describe Gitlab::Auth::CurrentUserMode, :do_not_mock_admin_mode, :request_store do let(:user) { build_stubbed(:user) } subject { described_class.new(user) } diff --git a/spec/lib/gitlab/auth/ip_rate_limiter_spec.rb b/spec/lib/gitlab/auth/ip_rate_limiter_spec.rb index aea1b2921b6..3d782272d7e 100644 --- a/spec/lib/gitlab/auth/ip_rate_limiter_spec.rb +++ b/spec/lib/gitlab/auth/ip_rate_limiter_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::IpRateLimiter, :use_clean_rails_memory_store_caching do +RSpec.describe Gitlab::Auth::IpRateLimiter, :use_clean_rails_memory_store_caching do let(:ip) { '10.2.2.3' } let(:whitelist) { ['127.0.0.1'] } let(:options) do diff --git a/spec/lib/gitlab/auth/key_status_checker_spec.rb b/spec/lib/gitlab/auth/key_status_checker_spec.rb index b1a540eae81..e8ac0d7c394 100644 --- a/spec/lib/gitlab/auth/key_status_checker_spec.rb +++ b/spec/lib/gitlab/auth/key_status_checker_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::KeyStatusChecker do +RSpec.describe Gitlab::Auth::KeyStatusChecker do let_it_be(:never_expires_key) { build(:personal_key, expires_at: nil) } let_it_be(:expired_key) { build(:personal_key, expires_at: 3.days.ago) } let_it_be(:expiring_soon_key) { build(:personal_key, expires_at: 3.days.from_now) } diff --git a/spec/lib/gitlab/auth/ldap/access_spec.rb b/spec/lib/gitlab/auth/ldap/access_spec.rb index 2f691429541..9e269f84b7e 100644 --- a/spec/lib/gitlab/auth/ldap/access_spec.rb +++ b/spec/lib/gitlab/auth/ldap/access_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::Ldap::Access do +RSpec.describe Gitlab::Auth::Ldap::Access do include LdapHelpers let(:user) { create(:omniauth_user) } diff --git a/spec/lib/gitlab/auth/ldap/adapter_spec.rb b/spec/lib/gitlab/auth/ldap/adapter_spec.rb index 34853acdd0f..78970378b7f 100644 --- a/spec/lib/gitlab/auth/ldap/adapter_spec.rb +++ b/spec/lib/gitlab/auth/ldap/adapter_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::Ldap::Adapter do +RSpec.describe Gitlab::Auth::Ldap::Adapter do include LdapHelpers let(:ldap) { double(:ldap) } diff --git a/spec/lib/gitlab/auth/ldap/auth_hash_spec.rb b/spec/lib/gitlab/auth/ldap/auth_hash_spec.rb index 7bc92d0abea..9dff7f7b3dc 100644 --- a/spec/lib/gitlab/auth/ldap/auth_hash_spec.rb +++ b/spec/lib/gitlab/auth/ldap/auth_hash_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::Ldap::AuthHash do +RSpec.describe Gitlab::Auth::Ldap::AuthHash do include LdapHelpers let(:auth_hash) do diff --git a/spec/lib/gitlab/auth/ldap/authentication_spec.rb b/spec/lib/gitlab/auth/ldap/authentication_spec.rb index 1f8b1474539..42a893417d8 100644 --- a/spec/lib/gitlab/auth/ldap/authentication_spec.rb +++ b/spec/lib/gitlab/auth/ldap/authentication_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::Ldap::Authentication do +RSpec.describe Gitlab::Auth::Ldap::Authentication do let(:dn) { 'uid=John Smith, ou=People, dc=example, dc=com' } let(:user) { create(:omniauth_user, extern_uid: Gitlab::Auth::Ldap::Person.normalize_dn(dn)) } let(:login) { 'john' } diff --git a/spec/lib/gitlab/auth/ldap/config_spec.rb b/spec/lib/gitlab/auth/ldap/config_spec.rb index 124f072ebe6..4287596af8f 100644 --- a/spec/lib/gitlab/auth/ldap/config_spec.rb +++ b/spec/lib/gitlab/auth/ldap/config_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::Ldap::Config do +RSpec.describe Gitlab::Auth::Ldap::Config do include LdapHelpers let(:config) { described_class.new('ldapmain') } diff --git a/spec/lib/gitlab/auth/ldap/dn_spec.rb b/spec/lib/gitlab/auth/ldap/dn_spec.rb index 7aaffa52ae4..e89f764b040 100644 --- a/spec/lib/gitlab/auth/ldap/dn_spec.rb +++ b/spec/lib/gitlab/auth/ldap/dn_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::Ldap::DN do +RSpec.describe Gitlab::Auth::Ldap::DN do using RSpec::Parameterized::TableSyntax describe '#normalize_value' do diff --git a/spec/lib/gitlab/auth/ldap/person_spec.rb b/spec/lib/gitlab/auth/ldap/person_spec.rb index 403a48d40ef..6857b561370 100644 --- a/spec/lib/gitlab/auth/ldap/person_spec.rb +++ b/spec/lib/gitlab/auth/ldap/person_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::Ldap::Person do +RSpec.describe Gitlab::Auth::Ldap::Person do include LdapHelpers let(:entry) { ldap_user_entry('john.doe') } diff --git a/spec/lib/gitlab/auth/ldap/user_spec.rb b/spec/lib/gitlab/auth/ldap/user_spec.rb index 867633e54df..7ca2878e583 100644 --- a/spec/lib/gitlab/auth/ldap/user_spec.rb +++ b/spec/lib/gitlab/auth/ldap/user_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::Ldap::User do +RSpec.describe Gitlab::Auth::Ldap::User do include LdapHelpers let(:ldap_user) { described_class.new(auth_hash) } diff --git a/spec/lib/gitlab/auth/o_auth/auth_hash_spec.rb b/spec/lib/gitlab/auth/o_auth/auth_hash_spec.rb index a2d9e27ea5b..7a60acca95b 100644 --- a/spec/lib/gitlab/auth/o_auth/auth_hash_spec.rb +++ b/spec/lib/gitlab/auth/o_auth/auth_hash_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::OAuth::AuthHash do +RSpec.describe Gitlab::Auth::OAuth::AuthHash do let(:provider) { 'ldap'.freeze } let(:auth_hash) do described_class.new( diff --git a/spec/lib/gitlab/auth/o_auth/identity_linker_spec.rb b/spec/lib/gitlab/auth/o_auth/identity_linker_spec.rb index 45c1baa4089..8014fbe1687 100644 --- a/spec/lib/gitlab/auth/o_auth/identity_linker_spec.rb +++ b/spec/lib/gitlab/auth/o_auth/identity_linker_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::OAuth::IdentityLinker do +RSpec.describe Gitlab::Auth::OAuth::IdentityLinker do let(:user) { create(:user) } let(:provider) { 'twitter' } let(:uid) { user.email } diff --git a/spec/lib/gitlab/auth/o_auth/provider_spec.rb b/spec/lib/gitlab/auth/o_auth/provider_spec.rb index 8b0d4d786cd..658a9976cc2 100644 --- a/spec/lib/gitlab/auth/o_auth/provider_spec.rb +++ b/spec/lib/gitlab/auth/o_auth/provider_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::OAuth::Provider do +RSpec.describe Gitlab::Auth::OAuth::Provider do describe '.enabled?' do before do allow(described_class).to receive(:providers).and_return([:ldapmain, :google_oauth2]) diff --git a/spec/lib/gitlab/auth/o_auth/user_spec.rb b/spec/lib/gitlab/auth/o_auth/user_spec.rb index 62b83ff8b88..ad04fddc675 100644 --- a/spec/lib/gitlab/auth/o_auth/user_spec.rb +++ b/spec/lib/gitlab/auth/o_auth/user_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::OAuth::User do +RSpec.describe Gitlab::Auth::OAuth::User do include LdapHelpers let(:oauth_user) { described_class.new(auth_hash) } diff --git a/spec/lib/gitlab/auth/request_authenticator_spec.rb b/spec/lib/gitlab/auth/request_authenticator_spec.rb index 87c96803c3a..32d64519e2c 100644 --- a/spec/lib/gitlab/auth/request_authenticator_spec.rb +++ b/spec/lib/gitlab/auth/request_authenticator_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::RequestAuthenticator do +RSpec.describe Gitlab::Auth::RequestAuthenticator do let(:env) do { 'rack.input' => '', diff --git a/spec/lib/gitlab/auth/saml/auth_hash_spec.rb b/spec/lib/gitlab/auth/saml/auth_hash_spec.rb index 8b88c16f317..f1fad946f35 100644 --- a/spec/lib/gitlab/auth/saml/auth_hash_spec.rb +++ b/spec/lib/gitlab/auth/saml/auth_hash_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::Saml::AuthHash do +RSpec.describe Gitlab::Auth::Saml::AuthHash do include LoginHelpers let(:raw_info_attr) { { 'groups' => %w(Developers Freelancers) } } diff --git a/spec/lib/gitlab/auth/saml/identity_linker_spec.rb b/spec/lib/gitlab/auth/saml/identity_linker_spec.rb index 7912c8fb4b1..743163ad315 100644 --- a/spec/lib/gitlab/auth/saml/identity_linker_spec.rb +++ b/spec/lib/gitlab/auth/saml/identity_linker_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::Saml::IdentityLinker do +RSpec.describe Gitlab::Auth::Saml::IdentityLinker do let(:user) { create(:user) } let(:provider) { 'saml' } let(:uid) { user.email } diff --git a/spec/lib/gitlab/auth/saml/origin_validator_spec.rb b/spec/lib/gitlab/auth/saml/origin_validator_spec.rb index ae120b328ab..f13140cdcba 100644 --- a/spec/lib/gitlab/auth/saml/origin_validator_spec.rb +++ b/spec/lib/gitlab/auth/saml/origin_validator_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::Saml::OriginValidator do +RSpec.describe Gitlab::Auth::Saml::OriginValidator do let(:session) { instance_double(ActionDispatch::Request::Session) } subject { described_class.new(session) } diff --git a/spec/lib/gitlab/auth/saml/user_spec.rb b/spec/lib/gitlab/auth/saml/user_spec.rb index 55d2f22b923..7f8346f0486 100644 --- a/spec/lib/gitlab/auth/saml/user_spec.rb +++ b/spec/lib/gitlab/auth/saml/user_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::Saml::User do +RSpec.describe Gitlab::Auth::Saml::User do include LdapHelpers include LoginHelpers diff --git a/spec/lib/gitlab/auth/unique_ips_limiter_spec.rb b/spec/lib/gitlab/auth/unique_ips_limiter_spec.rb index ebf7de9c701..a08055ab852 100644 --- a/spec/lib/gitlab/auth/unique_ips_limiter_spec.rb +++ b/spec/lib/gitlab/auth/unique_ips_limiter_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::UniqueIpsLimiter, :clean_gitlab_redis_shared_state do +RSpec.describe Gitlab::Auth::UniqueIpsLimiter, :clean_gitlab_redis_shared_state do include_context 'unique ips sign in limit' let(:user) { create(:user) } diff --git a/spec/lib/gitlab/auth/user_access_denied_reason_spec.rb b/spec/lib/gitlab/auth/user_access_denied_reason_spec.rb index 7045105a2c7..a2a0eb5428a 100644 --- a/spec/lib/gitlab/auth/user_access_denied_reason_spec.rb +++ b/spec/lib/gitlab/auth/user_access_denied_reason_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Auth::UserAccessDeniedReason do +RSpec.describe Gitlab::Auth::UserAccessDeniedReason do include TermsHelper let(:user) { build(:user) } |