Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-10 15:09:14 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-10 15:09:14 +0300
commit: 152b3268d701b54cac9b615a0e29e0e5726bfd99 (patch)
tree: deb2e10bd5aa7c5fd54988fb8bc2ca9ec819c0b2 /spec/requests/api
parent: 921173681c207356914a35ea3dca1afffeac8b05 (diff)
2 files changed, 51 insertions, 3 deletions
diff --git a/spec/requests/api/composer_packages_spec.rb b/spec/requests/api/composer_packages_spec.rb
index 06d4a2c6017..30a831d24fd 100644
--- a/spec/requests/api/composer_packages_spec.rb
+++ b/spec/requests/api/composer_packages_spec.rb
@@ -222,6 +222,52 @@ RSpec.describe API::ComposerPackages do
     it_behaves_like 'rejects Composer access with unknown group id'
   end
 
+  describe 'GET /api/v4/group/:id/-/packages/composer/p2/*package_name.json' do
+    let(:package_name) { 'foobar' }
+    let(:url) { "/group/#{group.id}/-/packages/composer/p2/#{package_name}.json" }
+
+    subject { get api(url), headers: headers }
+
+    context 'with no packages' do
+      include_context 'Composer user type', :developer, true do
+        it_behaves_like 'returning response status', :not_found
+      end
+    end
+
+    context 'with valid project' do
+      let!(:package) { create(:composer_package, :with_metadatum, name: package_name, project: project) }
+
+      where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do
+        'PUBLIC'  | :developer  | true  | true  | 'Composer package api request' | :success
+        'PUBLIC'  | :developer  | true  | false | 'process Composer api request' | :unauthorized
+        'PUBLIC'  | :developer  | false | true  | 'Composer package api request' | :success
+        'PUBLIC'  | :developer  | false | false | 'process Composer api request' | :unauthorized
+        'PUBLIC'  | :guest      | true  | true  | 'Composer package api request' | :success
+        'PUBLIC'  | :guest      | true  | false | 'process Composer api request' | :unauthorized
+        'PUBLIC'  | :guest      | false | true  | 'Composer package api request' | :success
+        'PUBLIC'  | :guest      | false | false | 'process Composer api request' | :unauthorized
+        'PUBLIC'  | :anonymous  | false | true  | 'Composer package api request' | :success
+        'PRIVATE' | :developer  | true  | true  | 'Composer package api request' | :success
+        'PRIVATE' | :developer  | true  | false | 'process Composer api request' | :unauthorized
+        'PRIVATE' | :developer  | false | true  | 'process Composer api request' | :not_found
+        'PRIVATE' | :developer  | false | false | 'process Composer api request' | :unauthorized
+        'PRIVATE' | :guest      | true  | true  | 'process Composer api request' | :not_found
+        'PRIVATE' | :guest      | true  | false | 'process Composer api request' | :unauthorized
+        'PRIVATE' | :guest      | false | true  | 'process Composer api request' | :not_found
+        'PRIVATE' | :guest      | false | false | 'process Composer api request' | :unauthorized
+        'PRIVATE' | :anonymous  | false | true  | 'process Composer api request' | :not_found
+      end
+
+      with_them do
+        include_context 'Composer api group access', params[:project_visibility_level], params[:user_role], params[:user_token] do
+          it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member]
+        end
+      end
+    end
+
+    it_behaves_like 'rejects Composer access with unknown group id'
+  end
+
   describe 'POST /api/v4/projects/:id/packages/composer' do
     let(:url) { "/projects/#{project.id}/packages/composer" }
     let(:params) { {} }
diff --git a/spec/requests/api/oauth_tokens_spec.rb b/spec/requests/api/oauth_tokens_spec.rb
index 52c7408545f..edadfbc3d0c 100644
--- a/spec/requests/api/oauth_tokens_spec.rb
+++ b/spec/requests/api/oauth_tokens_spec.rb
@@ -27,13 +27,13 @@ RSpec.describe 'OAuth tokens' do
 
     context 'when user does not have 2FA enabled' do
       context 'when no client credentials provided' do
-        it 'does not create an access token' do
+        it 'creates an access token' do
           user = create(:user)
 
           request_oauth_token(user)
 
-          expect(response).to have_gitlab_http_status(:unauthorized)
-          expect(json_response['access_token']).to be_nil
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response['access_token']).to be_present
         end
       end
 
@@ -51,6 +51,8 @@ RSpec.describe 'OAuth tokens' do
 
         context 'with invalid credentials' do
           it 'does not create an access token' do
+            pending 'Enable this example after https://github.com/doorkeeper-gem/doorkeeper/pull/1488 is merged and released'
+
             user = create(:user)
 
             request_oauth_token(user, basic_auth_header(client.uid, 'invalid secret'))
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-10 15:09:14 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-10 15:09:14 +0300
commit	152b3268d701b54cac9b615a0e29e0e5726bfd99 (patch)
tree	deb2e10bd5aa7c5fd54988fb8bc2ca9ec819c0b2 /spec/requests/api
parent	921173681c207356914a35ea3dca1afffeac8b05 (diff)