diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-05-01 15:24:39 +0300 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-05-01 15:24:39 +0300 |
commit | b337a086d5118e80518945abfc2e88008d9fc1ec (patch) | |
tree | fc6dafd174170773190eb9ed6f7b098a68611695 /spec/lib | |
parent | 3c5cac7655985583ddd2ed64a84bbae2f3d5d703 (diff) | |
parent | 3fcb9c115d776feba3f71fb58359a3935edfda9b (diff) |
Merge branch 'master' into backstage/gb/migrate-pipeline-stages-index
* master: (106 commits)
Diffstat (limited to 'spec/lib')
-rw-r--r-- | spec/lib/gitlab/bare_repository_import/importer_spec.rb | 21 | ||||
-rw-r--r-- | spec/lib/gitlab/bare_repository_import/repository_spec.rb | 2 | ||||
-rw-r--r-- | spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb | 9 | ||||
-rw-r--r-- | spec/lib/gitlab/git/repository_spec.rb | 89 | ||||
-rw-r--r-- | spec/lib/gitlab/import_export/wiki_restorer_spec.rb | 4 | ||||
-rw-r--r-- | spec/lib/gitlab/pages_client_spec.rb | 172 | ||||
-rw-r--r-- | spec/lib/gitlab/shell_spec.rb | 52 | ||||
-rw-r--r-- | spec/lib/omni_auth/strategies/jwt_spec.rb | 87 |
8 files changed, 354 insertions, 82 deletions
diff --git a/spec/lib/gitlab/bare_repository_import/importer_spec.rb b/spec/lib/gitlab/bare_repository_import/importer_spec.rb index eb4b9d8b12f..5c8a19a53bc 100644 --- a/spec/lib/gitlab/bare_repository_import/importer_spec.rb +++ b/spec/lib/gitlab/bare_repository_import/importer_spec.rb @@ -4,6 +4,7 @@ describe Gitlab::BareRepositoryImport::Importer, repository: true do let!(:admin) { create(:admin) } let!(:base_dir) { Dir.mktmpdir + '/' } let(:bare_repository) { Gitlab::BareRepositoryImport::Repository.new(base_dir, File.join(base_dir, "#{project_path}.git")) } + let(:gitlab_shell) { Gitlab::Shell.new } subject(:importer) { described_class.new(admin, bare_repository) } @@ -84,12 +85,14 @@ describe Gitlab::BareRepositoryImport::Importer, repository: true do importer.create_project_if_needed project = Project.find_by_full_path(project_path) - repo_path = File.join(project.repository_storage_path, project.disk_path + '.git') + repo_path = "#{project.disk_path}.git" hook_path = File.join(repo_path, 'hooks') - expect(File).to exist(repo_path) - expect(File.symlink?(hook_path)).to be true - expect(File.readlink(hook_path)).to eq(Gitlab.config.gitlab_shell.hooks_path) + expect(gitlab_shell.exists?(project.repository_storage, repo_path)).to be(true) + expect(gitlab_shell.exists?(project.repository_storage, hook_path)).to be(true) + + full_hook_path = File.join(project.repository.path_to_repo, 'hooks') + expect(File.readlink(full_hook_path)).to eq(Gitlab.config.gitlab_shell.hooks_path) end context 'hashed storage enabled' do @@ -144,8 +147,8 @@ describe Gitlab::BareRepositoryImport::Importer, repository: true do project = Project.find_by_full_path("#{admin.full_path}/#{project_path}") - expect(File).to exist(File.join(project.repository_storage_path, project.disk_path + '.git')) - expect(File).to exist(File.join(project.repository_storage_path, project.disk_path + '.wiki.git')) + expect(gitlab_shell.exists?(project.repository_storage, project.disk_path + '.git')).to be(true) + expect(gitlab_shell.exists?(project.repository_storage, project.disk_path + '.wiki.git')).to be(true) end it 'moves an existing project to the correct path' do @@ -155,7 +158,9 @@ describe Gitlab::BareRepositoryImport::Importer, repository: true do project = build(:project, :legacy_storage, :repository) original_commit_count = project.repository.commit_count - bare_repo = Gitlab::BareRepositoryImport::Repository.new(project.repository_storage_path, project.repository.path) + legacy_path = Gitlab.config.repositories.storages[project.repository_storage].legacy_disk_path + + bare_repo = Gitlab::BareRepositoryImport::Repository.new(legacy_path, project.repository.path) gitlab_importer = described_class.new(admin, bare_repo) expect(gitlab_importer).to receive(:create_project).and_call_original @@ -183,7 +188,7 @@ describe Gitlab::BareRepositoryImport::Importer, repository: true do project = Project.find_by_full_path(project_path) - expect(File).to exist(File.join(project.repository_storage_path, project.disk_path + '.wiki.git')) + expect(gitlab_shell.exists?(project.repository_storage, project.disk_path + '.wiki.git')).to be(true) end end diff --git a/spec/lib/gitlab/bare_repository_import/repository_spec.rb b/spec/lib/gitlab/bare_repository_import/repository_spec.rb index 0dc3705825d..1504826c7a5 100644 --- a/spec/lib/gitlab/bare_repository_import/repository_spec.rb +++ b/spec/lib/gitlab/bare_repository_import/repository_spec.rb @@ -67,7 +67,7 @@ describe ::Gitlab::BareRepositoryImport::Repository do end after do - gitlab_shell.remove_repository(root_path, hashed_path) + gitlab_shell.remove_repository(repository_storage, hashed_path) end subject { described_class.new(root_path, repo_path) } diff --git a/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb b/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb index 8312fa47cfa..4d7d6951a51 100644 --- a/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb +++ b/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb @@ -35,11 +35,6 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do it 'populates pipeline with stages' do expect(pipeline.stages).to be_one expect(pipeline.stages.first).not_to be_persisted - end - - it 'populates pipeline with builds' do - expect(pipeline.builds).to be_one - expect(pipeline.builds.first).not_to be_persisted expect(pipeline.stages.first.builds).to be_one expect(pipeline.stages.first.builds.first).not_to be_persisted end @@ -151,8 +146,8 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do step.perform! expect(pipeline.stages.size).to eq 1 - expect(pipeline.builds.size).to eq 1 - expect(pipeline.builds.first.name).to eq 'rspec' + expect(pipeline.stages.first.builds.size).to eq 1 + expect(pipeline.stages.first.builds.first.name).to eq 'rspec' end end end diff --git a/spec/lib/gitlab/git/repository_spec.rb b/spec/lib/gitlab/git/repository_spec.rb index 5acf40ea5ce..9924641f829 100644 --- a/spec/lib/gitlab/git/repository_spec.rb +++ b/spec/lib/gitlab/git/repository_spec.rb @@ -234,59 +234,72 @@ describe Gitlab::Git::Repository, seed_helper: true do it_behaves_like 'wrapping gRPC errors', Gitlab::GitalyClient::RefService, :tag_names end - shared_examples 'archive check' do |extenstion| - it { expect(metadata['ArchivePath']).to match(%r{tmp/gitlab-git-test.git/gitlab-git-test-master-#{SeedRepo::LastCommit::ID}}) } - it { expect(metadata['ArchivePath']).to end_with extenstion } - end + describe '#archive_metadata' do + let(:storage_path) { '/tmp' } + let(:cache_key) { File.join(repository.gl_repository, SeedRepo::LastCommit::ID) } - describe '#archive_prefix' do - let(:project_name) { 'project-name'} + let(:append_sha) { true } + let(:ref) { 'master' } + let(:format) { nil } - before do - expect(repository).to receive(:name).once.and_return(project_name) - end + let(:expected_extension) { 'tar.gz' } + let(:expected_filename) { "#{expected_prefix}.#{expected_extension}" } + let(:expected_path) { File.join(storage_path, cache_key, expected_filename) } + let(:expected_prefix) { "gitlab-git-test-#{ref}-#{SeedRepo::LastCommit::ID}" } - it 'returns parameterised string for a ref containing slashes' do - prefix = repository.archive_prefix('test/branch', 'SHA', append_sha: nil) + subject(:metadata) { repository.archive_metadata(ref, storage_path, format, append_sha: append_sha) } - expect(prefix).to eq("#{project_name}-test-branch-SHA") + it 'sets RepoPath to the repository path' do + expect(metadata['RepoPath']).to eq(repository.path) end - it 'returns correct string for a ref containing dots' do - prefix = repository.archive_prefix('test.branch', 'SHA', append_sha: nil) - - expect(prefix).to eq("#{project_name}-test.branch-SHA") + it 'sets CommitId to the commit SHA' do + expect(metadata['CommitId']).to eq(SeedRepo::LastCommit::ID) end - it 'returns string with sha when append_sha is false' do - prefix = repository.archive_prefix('test.branch', 'SHA', append_sha: false) - - expect(prefix).to eq("#{project_name}-test.branch") + it 'sets ArchivePrefix to the expected prefix' do + expect(metadata['ArchivePrefix']).to eq(expected_prefix) end - end - describe '#archive' do - let(:metadata) { repository.archive_metadata('master', '/tmp', append_sha: true) } + it 'sets ArchivePath to the expected globally-unique path' do + # This is really important from a security perspective. Think carefully + # before changing it: https://gitlab.com/gitlab-org/gitlab-ce/issues/45689 + expect(expected_path).to include(File.join(repository.gl_repository, SeedRepo::LastCommit::ID)) - it_should_behave_like 'archive check', '.tar.gz' - end - - describe '#archive_zip' do - let(:metadata) { repository.archive_metadata('master', '/tmp', 'zip', append_sha: true) } + expect(metadata['ArchivePath']).to eq(expected_path) + end - it_should_behave_like 'archive check', '.zip' - end + context 'append_sha varies archive path and filename' do + where(:append_sha, :ref, :expected_prefix) do + sha = SeedRepo::LastCommit::ID - describe '#archive_bz2' do - let(:metadata) { repository.archive_metadata('master', '/tmp', 'tbz2', append_sha: true) } + true | 'master' | "gitlab-git-test-master-#{sha}" + true | sha | "gitlab-git-test-#{sha}-#{sha}" + false | 'master' | "gitlab-git-test-master" + false | sha | "gitlab-git-test-#{sha}" + nil | 'master' | "gitlab-git-test-master-#{sha}" + nil | sha | "gitlab-git-test-#{sha}" + end - it_should_behave_like 'archive check', '.tar.bz2' - end + with_them do + it { expect(metadata['ArchivePrefix']).to eq(expected_prefix) } + it { expect(metadata['ArchivePath']).to eq(expected_path) } + end + end - describe '#archive_fallback' do - let(:metadata) { repository.archive_metadata('master', '/tmp', 'madeup', append_sha: true) } + context 'format varies archive path and filename' do + where(:format, :expected_extension) do + nil | 'tar.gz' + 'madeup' | 'tar.gz' + 'tbz2' | 'tar.bz2' + 'zip' | 'zip' + end - it_should_behave_like 'archive check', '.tar.gz' + with_them do + it { expect(metadata['ArchivePrefix']).to eq(expected_prefix) } + it { expect(metadata['ArchivePath']).to eq(expected_path) } + end + end end describe '#size' do @@ -689,7 +702,7 @@ describe Gitlab::Git::Repository, seed_helper: true do end after do - Gitlab::Shell.new.remove_repository(storage_path, 'my_project') + Gitlab::Shell.new.remove_repository('default', 'my_project') end shared_examples 'repository mirror fecthing' do diff --git a/spec/lib/gitlab/import_export/wiki_restorer_spec.rb b/spec/lib/gitlab/import_export/wiki_restorer_spec.rb index 5c01ee0ebb8..f99f198da33 100644 --- a/spec/lib/gitlab/import_export/wiki_restorer_spec.rb +++ b/spec/lib/gitlab/import_export/wiki_restorer_spec.rb @@ -24,8 +24,8 @@ describe Gitlab::ImportExport::WikiRestorer do after do FileUtils.rm_rf(export_path) - Gitlab::Shell.new.remove_repository(project_with_wiki.wiki.repository_storage_path, project_with_wiki.wiki.disk_path) - Gitlab::Shell.new.remove_repository(project.wiki.repository_storage_path, project.wiki.disk_path) + Gitlab::Shell.new.remove_repository(project_with_wiki.wiki.repository_storage, project_with_wiki.wiki.disk_path) + Gitlab::Shell.new.remove_repository(project.wiki.repository_storage, project.wiki.disk_path) end it 'restores the wiki repo successfully' do diff --git a/spec/lib/gitlab/pages_client_spec.rb b/spec/lib/gitlab/pages_client_spec.rb new file mode 100644 index 00000000000..da6d26f4aee --- /dev/null +++ b/spec/lib/gitlab/pages_client_spec.rb @@ -0,0 +1,172 @@ +require 'spec_helper' + +describe Gitlab::PagesClient do + subject { described_class } + + describe '.token' do + it 'returns the token as it is on disk' do + pending 'add omnibus support for generating the secret file https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/2466' + expect(subject.token).to eq(File.read('.gitlab_pages_secret')) + end + end + + describe '.read_or_create_token' do + subject { described_class.read_or_create_token } + let(:token_path) { 'tmp/tests/gitlab-pages-secret' } + before do + allow(described_class).to receive(:token_path).and_return(token_path) + FileUtils.rm_f(token_path) + end + + it 'uses the existing token file if it exists' do + secret = 'existing secret' + File.write(token_path, secret) + + subject + expect(described_class.token).to eq(secret) + end + + it 'creates one if none exists' do + pending 'add omnibus support for generating the secret file https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/2466' + + old_token = described_class.token + # sanity check + expect(File.exist?(token_path)).to eq(false) + + subject + expect(described_class.token.bytesize).to eq(64) + expect(described_class.token).not_to eq(old_token) + end + end + + describe '.write_token' do + let(:token_path) { 'tmp/tests/gitlab-pages-secret' } + before do + allow(described_class).to receive(:token_path).and_return(token_path) + FileUtils.rm_f(token_path) + end + + it 'writes the secret' do + new_secret = 'hello new secret' + expect(File.exist?(token_path)).to eq(false) + + described_class.send(:write_token, new_secret) + + expect(File.read(token_path)).to eq(new_secret) + end + + it 'does nothing if the file already exists' do + existing_secret = 'hello secret' + File.write(token_path, existing_secret) + + described_class.send(:write_token, 'new secret') + + expect(File.read(token_path)).to eq(existing_secret) + end + end + + describe '.load_certificate' do + subject { described_class.load_certificate } + before do + allow(described_class).to receive(:config).and_return(config) + end + + context 'with no certificate in the config' do + let(:config) { double(:config, certificate: '') } + + it 'does not set @certificate' do + subject + + expect(described_class.certificate).to be_nil + end + end + + context 'with a certificate path in the config' do + let(:certificate_path) { 'tmp/tests/fake-certificate' } + let(:config) { double(:config, certificate: certificate_path) } + + it 'sets @certificate' do + certificate_data = "--- BEGIN CERTIFICATE ---\nbla\n--- END CERTIFICATE ---\n" + File.write(certificate_path, certificate_data) + subject + + expect(described_class.certificate).to eq(certificate_data) + end + end + end + + describe '.request_kwargs' do + let(:token) { 'secret token' } + let(:auth_header) { 'Bearer c2VjcmV0IHRva2Vu' } + before do + allow(described_class).to receive(:token).and_return(token) + end + + context 'without timeout' do + it { expect(subject.send(:request_kwargs, nil)[:metadata]['authorization']).to eq(auth_header) } + end + + context 'with timeout' do + let(:timeout) { 1.second } + + it 'still sets the authorization header' do + expect(subject.send(:request_kwargs, timeout)[:metadata]['authorization']).to eq(auth_header) + end + + it 'sets a deadline value' do + now = Time.now + deadline = subject.send(:request_kwargs, timeout)[:deadline] + + expect(deadline).to be_between(now, now + 2 * timeout) + end + end + end + + describe '.stub' do + before do + allow(described_class).to receive(:address).and_return('unix:/foo/bar') + end + + it { expect(subject.send(:stub, :health_check)).to be_a(Grpc::Health::V1::Health::Stub) } + end + + describe '.address' do + subject { described_class.send(:address) } + + before do + allow(described_class).to receive(:config).and_return(config) + end + + context 'with a unix: address' do + let(:config) { double(:config, address: 'unix:/foo/bar') } + + it { expect(subject).to eq('unix:/foo/bar') } + end + + context 'with a tcp:// address' do + let(:config) { double(:config, address: 'tcp://localhost:1234') } + + it { expect(subject).to eq('localhost:1234') } + end + end + + describe '.grpc_creds' do + subject { described_class.send(:grpc_creds) } + + before do + allow(described_class).to receive(:config).and_return(config) + end + + context 'with a unix: address' do + let(:config) { double(:config, address: 'unix:/foo/bar') } + + it { expect(subject).to eq(:this_channel_is_insecure) } + end + + context 'with a tcp:// address' do + let(:config) { double(:config, address: 'tcp://localhost:1234') } + + it { expect(subject).to be_a(GRPC::Core::ChannelCredentials) } + end + end +end diff --git a/spec/lib/gitlab/shell_spec.rb b/spec/lib/gitlab/shell_spec.rb index 7f579df1c36..bf6ee4b0b59 100644 --- a/spec/lib/gitlab/shell_spec.rb +++ b/spec/lib/gitlab/shell_spec.rb @@ -447,18 +447,18 @@ describe Gitlab::Shell do let(:disk_path) { "#{project.disk_path}.git" } it 'returns true when the command succeeds' do - expect(gitlab_shell.exists?(project.repository_storage_path, disk_path)).to be(true) + expect(gitlab_shell.exists?(project.repository_storage, disk_path)).to be(true) - expect(gitlab_shell.remove_repository(project.repository_storage_path, project.disk_path)).to be(true) + expect(gitlab_shell.remove_repository(project.repository_storage, project.disk_path)).to be(true) - expect(gitlab_shell.exists?(project.repository_storage_path, disk_path)).to be(false) + expect(gitlab_shell.exists?(project.repository_storage, disk_path)).to be(false) end it 'keeps the namespace directory' do - gitlab_shell.remove_repository(project.repository_storage_path, project.disk_path) + gitlab_shell.remove_repository(project.repository_storage, project.disk_path) - expect(gitlab_shell.exists?(project.repository_storage_path, disk_path)).to be(false) - expect(gitlab_shell.exists?(project.repository_storage_path, project.disk_path.gsub(project.name, ''))).to be(true) + expect(gitlab_shell.exists?(project.repository_storage, disk_path)).to be(false) + expect(gitlab_shell.exists?(project.repository_storage, project.disk_path.gsub(project.name, ''))).to be(true) end end @@ -469,18 +469,18 @@ describe Gitlab::Shell do old_path = project2.disk_path new_path = "project/new_path" - expect(gitlab_shell.exists?(project2.repository_storage_path, "#{old_path}.git")).to be(true) - expect(gitlab_shell.exists?(project2.repository_storage_path, "#{new_path}.git")).to be(false) + expect(gitlab_shell.exists?(project2.repository_storage, "#{old_path}.git")).to be(true) + expect(gitlab_shell.exists?(project2.repository_storage, "#{new_path}.git")).to be(false) - expect(gitlab_shell.mv_repository(project2.repository_storage_path, old_path, new_path)).to be_truthy + expect(gitlab_shell.mv_repository(project2.repository_storage, old_path, new_path)).to be_truthy - expect(gitlab_shell.exists?(project2.repository_storage_path, "#{old_path}.git")).to be(false) - expect(gitlab_shell.exists?(project2.repository_storage_path, "#{new_path}.git")).to be(true) + expect(gitlab_shell.exists?(project2.repository_storage, "#{old_path}.git")).to be(false) + expect(gitlab_shell.exists?(project2.repository_storage, "#{new_path}.git")).to be(true) end it 'returns false when the command fails' do - expect(gitlab_shell.mv_repository(project2.repository_storage_path, project2.disk_path, '')).to be_falsy - expect(gitlab_shell.exists?(project2.repository_storage_path, "#{project2.disk_path}.git")).to be(true) + expect(gitlab_shell.mv_repository(project2.repository_storage, project2.disk_path, '')).to be_falsy + expect(gitlab_shell.exists?(project2.repository_storage, "#{project2.disk_path}.git")).to be(true) end end @@ -679,48 +679,48 @@ describe Gitlab::Shell do describe 'namespace actions' do subject { described_class.new } - let(:storage_path) { Gitlab.config.repositories.storages.default.legacy_disk_path } + let(:storage) { Gitlab.config.repositories.storages.keys.first } describe '#add_namespace' do it 'creates a namespace' do - subject.add_namespace(storage_path, "mepmep") + subject.add_namespace(storage, "mepmep") - expect(subject.exists?(storage_path, "mepmep")).to be(true) + expect(subject.exists?(storage, "mepmep")).to be(true) end end describe '#exists?' do context 'when the namespace does not exist' do it 'returns false' do - expect(subject.exists?(storage_path, "non-existing")).to be(false) + expect(subject.exists?(storage, "non-existing")).to be(false) end end context 'when the namespace exists' do it 'returns true' do - subject.add_namespace(storage_path, "mepmep") + subject.add_namespace(storage, "mepmep") - expect(subject.exists?(storage_path, "mepmep")).to be(true) + expect(subject.exists?(storage, "mepmep")).to be(true) end end end describe '#remove' do it 'removes the namespace' do - subject.add_namespace(storage_path, "mepmep") - subject.rm_namespace(storage_path, "mepmep") + subject.add_namespace(storage, "mepmep") + subject.rm_namespace(storage, "mepmep") - expect(subject.exists?(storage_path, "mepmep")).to be(false) + expect(subject.exists?(storage, "mepmep")).to be(false) end end describe '#mv_namespace' do it 'renames the namespace' do - subject.add_namespace(storage_path, "mepmep") - subject.mv_namespace(storage_path, "mepmep", "2mep") + subject.add_namespace(storage, "mepmep") + subject.mv_namespace(storage, "mepmep", "2mep") - expect(subject.exists?(storage_path, "mepmep")).to be(false) - expect(subject.exists?(storage_path, "2mep")).to be(true) + expect(subject.exists?(storage, "mepmep")).to be(false) + expect(subject.exists?(storage, "2mep")).to be(true) end end end diff --git a/spec/lib/omni_auth/strategies/jwt_spec.rb b/spec/lib/omni_auth/strategies/jwt_spec.rb new file mode 100644 index 00000000000..23485fbcb18 --- /dev/null +++ b/spec/lib/omni_auth/strategies/jwt_spec.rb @@ -0,0 +1,87 @@ +require 'spec_helper' + +describe OmniAuth::Strategies::Jwt do + include Rack::Test::Methods + include DeviseHelpers + + context '.decoded' do + let(:strategy) { described_class.new({}) } + let(:timestamp) { Time.now.to_i } + let(:jwt_config) { Devise.omniauth_configs[:jwt] } + let(:key) { JWT.encode(claims, jwt_config.strategy.secret) } + + let(:claims) do + { + id: 123, + name: "user_example", + email: "user@example.com", + iat: timestamp + } + end + + before do + allow_any_instance_of(OmniAuth::Strategy).to receive(:options).and_return(jwt_config.strategy) + allow_any_instance_of(Rack::Request).to receive(:params).and_return({ 'jwt' => key }) + end + + it 'decodes the user information' do + result = strategy.decoded + + expect(result["id"]).to eq(123) + expect(result["name"]).to eq("user_example") + expect(result["email"]).to eq("user@example.com") + expect(result["iat"]).to eq(timestamp) + end + + context 'required claims is missing' do + let(:claims) do + { + id: 123, + email: "user@example.com", + iat: timestamp + } + end + + it 'raises error' do + expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::JWT::ClaimInvalid) + end + end + + context 'when valid_within is specified but iat attribute is missing in response' do + let(:claims) do + { + id: 123, + name: "user_example", + email: "user@example.com" + } + end + + before do + jwt_config.strategy.valid_within = Time.now.to_i + end + + it 'raises error' do + expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::JWT::ClaimInvalid) + end + end + + context 'when timestamp claim is too skewed from present' do + let(:claims) do + { + id: 123, + name: "user_example", + email: "user@example.com", + iat: timestamp - 10.minutes.to_i + } + end + + before do + jwt_config.strategy.valid_within = 2.seconds + end + + it 'raises error' do + expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::JWT::ClaimInvalid) + end + end + end +end |