Add config to disable impersonation

Adds gitlab.impersonation_enabled config option defaulting to true to keep the current default behaviour. Only the act of impersonation is modified, impersonation token management is not affected.
author: Imre Farkas <ifarkas@gitlab.com> 2018-11-24 15:39:16 +0300
committer: Imre Farkas <ifarkas@gitlab.com> 2018-11-29 11:37:16 +0300
commit: bd3a4840329160a64c0cac25ed6c1d3b22f5bdb4 (patch)
tree: 66749539b5aa0544c156374de84671f54dcaa080 /spec/requests
parent: c07183f0d3ce24e8cfcb93e71ae950d7067a8ce1 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/spec/requests/api/helpers_spec.rb b/spec/requests/api/helpers_spec.rb
index cca449e9e56..2c40e266f5f 100644
--- a/spec/requests/api/helpers_spec.rb
+++ b/spec/requests/api/helpers_spec.rb
@@ -206,6 +206,19 @@ describe API::Helpers do
 
         expect { current_user }.to raise_error Gitlab::Auth::ExpiredError
       end
+
+      context 'when impersonation is disabled' do
+        let(:personal_access_token) { create(:personal_access_token, :impersonation, user: user) }
+
+        before do
+          stub_config_setting(impersonation_enabled: false)
+          env[Gitlab::Auth::UserAuthFinders::PRIVATE_TOKEN_HEADER] = personal_access_token.token
+        end
+
+        it 'does not allow impersonation tokens' do
+          expect { current_user }.to raise_error Gitlab::Auth::ImpersonationDisabled
+        end
+      end
     end
   end
author	Imre Farkas <ifarkas@gitlab.com>	2018-11-24 15:39:16 +0300
committer	Imre Farkas <ifarkas@gitlab.com>	2018-11-29 11:37:16 +0300
commit	bd3a4840329160a64c0cac25ed6c1d3b22f5bdb4 (patch)
tree	66749539b5aa0544c156374de84671f54dcaa080 /spec/requests
parent	c07183f0d3ce24e8cfcb93e71ae950d7067a8ce1 (diff)