OAuth2 support for GitLab personal access tokens

PATs are accepted using the OAuth2 compliant header "Authorization: Bearer {token}" in order to allow for OAuth requests while 2FA is enabled.
author: Steve Abrams <sabrams@gitlab.com> 2019-07-22 11:50:25 +0300
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2019-07-22 11:50:25 +0300
commit: aba93fe2d5661cf3c086f65838db2965c746fdbf (patch)
tree: be934a757b6b0a64391de1d572f54e16f6ffc82e /spec/lib/gitlab/auth
parent: 30a0d4600e46af1b01f90332679f64c432219d5a (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/spec/lib/gitlab/auth/user_auth_finders_spec.rb b/spec/lib/gitlab/auth/user_auth_finders_spec.rb
index 1e2aebdc84b..4751f880cee 100644
--- a/spec/lib/gitlab/auth/user_auth_finders_spec.rb
+++ b/spec/lib/gitlab/auth/user_auth_finders_spec.rb
@@ -138,6 +138,20 @@ describe Gitlab::Auth::UserAuthFinders do
         expect { find_user_from_access_token }.to raise_error(Gitlab::Auth::UnauthorizedError)
       end
     end
+
+    context 'with OAuth headers' do
+      it 'returns user' do
+        env['HTTP_AUTHORIZATION'] = "Bearer #{personal_access_token.token}"
+
+        expect(find_user_from_access_token).to eq user
+      end
+
+      it 'returns exception if invalid personal_access_token' do
+        env['HTTP_AUTHORIZATION'] = 'Bearer invalid_20byte_token'
+
+        expect { find_personal_access_token }.to raise_error(Gitlab::Auth::UnauthorizedError)
+      end
+    end
   end
 
   describe '#find_user_from_web_access_token' do
author	Steve Abrams <sabrams@gitlab.com>	2019-07-22 11:50:25 +0300
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2019-07-22 11:50:25 +0300
commit	aba93fe2d5661cf3c086f65838db2965c746fdbf (patch)
tree	be934a757b6b0a64391de1d572f54e16f6ffc82e /spec/lib/gitlab/auth
parent	30a0d4600e46af1b01f90332679f64c432219d5a (diff)