diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-01-05 18:10:02 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-01-05 18:10:02 +0300 |
commit | 2c2b5aeac04350b0d3e13d4b52add0b520bf2ebb (patch) | |
tree | 1b006a6d334908dcbdb84d8868ab7cde79a519d7 /spec/requests/jwks_controller_spec.rb | |
parent | 797182cd82922765fe79a13bc0ed6bd5672d4283 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/requests/jwks_controller_spec.rb')
-rw-r--r-- | spec/requests/jwks_controller_spec.rb | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/spec/requests/jwks_controller_spec.rb b/spec/requests/jwks_controller_spec.rb new file mode 100644 index 00000000000..5eda1979027 --- /dev/null +++ b/spec/requests/jwks_controller_spec.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe JwksController do + describe 'GET /-/jwks' do + let(:ci_jwt_signing_key) { OpenSSL::PKey::RSA.generate(1024) } + let(:ci_jwk) { ci_jwt_signing_key.to_jwk } + let(:oidc_jwk) { OpenSSL::PKey::RSA.new(Rails.application.secrets.openid_connect_signing_key).to_jwk } + + before do + stub_application_setting(ci_jwt_signing_key: ci_jwt_signing_key.to_s) + end + + it 'returns signing keys used to sign CI_JOB_JWT' do + get jwks_url + + expect(response).to have_gitlab_http_status(:ok) + + ids = json_response['keys'].map { |jwk| jwk['kid'] } + expect(ids).to contain_exactly(ci_jwk['kid'], oidc_jwk['kid']) + end + + it 'does not leak private key data' do + get jwks_url + + aggregate_failures do + json_response['keys'].each do |jwk| + expect(jwk.keys).to contain_exactly('kty', 'kid', 'e', 'n', 'use', 'alg') + expect(jwk['use']).to eq('sig') + expect(jwk['alg']).to eq('RS256') + end + end + end + end +end |