JwtController avoids activating session checks

This used without a session and issues a sessionless token, so we should avoid causing access checks based on the session.
author: James Edwards-Jones <jedwardsjones@gitlab.com> 2019-07-20 16:30:26 +0300
committer: James Edwards-Jones <jedwardsjones@gitlab.com> 2019-08-22 18:44:09 +0300
commit: e00b07b978a9fb4f368f69aab99cfd105ab5b6b3 (patch)
tree: 53dedcdf2ae4bf1783c387aa1f34d29a01cebd79 /spec/requests/jwt_controller_spec.rb
parent: 9f6ff5dca286b99a960e923efa5a24030de462ec (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb
index bba473f1c20..8b2c698fee1 100644
--- a/spec/requests/jwt_controller_spec.rb
+++ b/spec/requests/jwt_controller_spec.rb
@@ -108,6 +108,14 @@ describe JwtController do
           end
         end
       end
+
+      it 'does not cause session based checks to be activated' do
+        expect(Gitlab::Session).not_to receive(:with_session)
+
+        get '/jwt/auth', params: parameters, headers: headers
+
+        expect(response).to have_gitlab_http_status(200)
+      end
     end
 
     context 'using invalid login' do
author	James Edwards-Jones <jedwardsjones@gitlab.com>	2019-07-20 16:30:26 +0300
committer	James Edwards-Jones <jedwardsjones@gitlab.com>	2019-08-22 18:44:09 +0300
commit	e00b07b978a9fb4f368f69aab99cfd105ab5b6b3 (patch)
tree	53dedcdf2ae4bf1783c387aa1f34d29a01cebd79 /spec/requests/jwt_controller_spec.rb
parent	9f6ff5dca286b99a960e923efa5a24030de462ec (diff)