diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-03 15:00:08 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-03 15:00:08 +0300 |
commit | b1bbcf85684cee176ed5bb7eb43dd487a75f18fa (patch) | |
tree | bda68adaad2e197482bf02f476e94b5908da1518 /spec/lib | |
parent | c7c74818948dbc63a284bb617b2af1937f999cc8 (diff) |
Add latest changes from gitlab-org/security/gitlab@14-1-stable-ee
Diffstat (limited to 'spec/lib')
-rw-r--r-- | spec/lib/gitlab/auth_spec.rb | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb index d529d4a96e1..1d708b17076 100644 --- a/spec/lib/gitlab/auth_spec.rb +++ b/spec/lib/gitlab/auth_spec.rb @@ -336,6 +336,15 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do expect_results_with_abilities(impersonation_token, described_class.full_authentication_abilities) end + it 'fails if it is an impersonation token but impersonation is blocked' do + stub_config_setting(impersonation_enabled: false) + + impersonation_token = create(:personal_access_token, :impersonation, scopes: ['api']) + + expect(gl_auth.find_for_git_client('', impersonation_token.token, project: nil, ip: 'ip')) + .to eq(Gitlab::Auth::Result.new(nil, nil, nil, nil)) + end + it 'limits abilities based on scope' do personal_access_token = create(:personal_access_token, scopes: %w[read_user sudo]) |