diff options
author | Markus Koller <markus-koller@gmx.ch> | 2017-01-31 13:21:29 +0300 |
---|---|---|
committer | Alexis Reigel <mail@koffeinfrei.org> | 2017-03-07 17:00:29 +0300 |
commit | eefbc837301acc49a33617063faafa97adee307e (patch) | |
tree | b46f35df1792744897dfe1d31d9a519d19f09669 /spec/models/personal_access_token_spec.rb | |
parent | 93daeee16428707fc348f8c45215854aed6e117a (diff) |
Only use API scopes for personal access tokens
Diffstat (limited to 'spec/models/personal_access_token_spec.rb')
-rw-r--r-- | spec/models/personal_access_token_spec.rb | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/spec/models/personal_access_token_spec.rb b/spec/models/personal_access_token_spec.rb index 46eb71cef14..4cc9cf02e6d 100644 --- a/spec/models/personal_access_token_spec.rb +++ b/spec/models/personal_access_token_spec.rb @@ -12,4 +12,20 @@ describe PersonalAccessToken, models: true do expect(personal_access_token).not_to be_persisted end end + + describe 'validate_scopes' do + it "allows creating a token with API scopes" do + personal_access_token = build(:personal_access_token) + personal_access_token.scopes = [:api, :read_user] + + expect(personal_access_token).to be_valid + end + + it "rejects creating a token with non-API scopes" do + personal_access_token = build(:personal_access_token) + personal_access_token.scopes = [:openid, :api] + + expect(personal_access_token).not_to be_valid + end + end end |