diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-11 18:09:37 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-11 18:09:37 +0300 |
| commit | 6217d19741a8ea4351813b13c6fb39cc6a746602 (patch) | |
| tree | 148b37b12e23835691de2a6dad4a425e678bc33d /spec/requests | |
| parent | e3190840bc2e05ed04a49869978a54b7b518edf1 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/requests')
| -rw-r--r-- | spec/requests/jwt_controller_spec.rb | 41 |
1 files changed, 38 insertions, 3 deletions
diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb index 73dc9d8c63e..5637a56b2a4 100644 --- a/spec/requests/jwt_controller_spec.rb +++ b/spec/requests/jwt_controller_spec.rb @@ -7,11 +7,25 @@ describe JwtController do let(:service_class) { double(new: service) } let(:service_name) { 'test' } let(:parameters) { { service: service_name } } + let(:log_output) { StringIO.new } + let(:logger) do + Logger.new(log_output).tap { |logger| logger.formatter = ->(_, _, _, msg) { msg } } + end + let(:log_data) { Gitlab::Json.parse(log_output.string) } before do + Lograge.logger = logger + stub_const('JwtController::SERVICES', service_name => service_class) end + shared_examples 'user logging' do + it 'logs username and ID' do + expect(log_data['username']).to eq(user.username) + expect(log_data['user_id']).to eq(user.id) + end + end + context 'existing service' do subject! { get '/jwt/auth', params: parameters } @@ -37,14 +51,17 @@ describe JwtController do end context 'using CI token' do - let(:build) { create(:ci_build, :running) } + let(:user) { create(:user) } + let(:build) { create(:ci_build, :running, user: user) } let(:project) { build.project } let(:headers) { { authorization: credentials('gitlab-ci-token', build.token) } } context 'project with enabled CI' do subject! { get '/jwt/auth', params: parameters, headers: headers } - it { expect(service_class).to have_received(:new).with(project, nil, ActionController::Parameters.new(parameters).permit!) } + it { expect(service_class).to have_received(:new).with(project, user, ActionController::Parameters.new(parameters).permit!) } + + it_behaves_like 'user logging' end context 'project with disabled CI' do @@ -57,8 +74,23 @@ describe JwtController do it { expect(response).to have_gitlab_http_status(:unauthorized) } end + context 'using deploy tokens' do + let(:deploy_token) { create(:deploy_token, read_registry: true, projects: [project]) } + let(:headers) { { authorization: credentials(deploy_token.username, deploy_token.token) } } + + subject! { get '/jwt/auth', params: parameters, headers: headers } + + it 'authenticates correctly' do + expect(response).to have_gitlab_http_status(:ok) + expect(service_class).to have_received(:new).with(nil, deploy_token, ActionController::Parameters.new(parameters).permit!) + end + + it 'does not log a user' do + expect(log_data.keys).not_to include(%w(username user_id)) + end + end + context 'using personal access tokens' do - let(:user) { create(:user) } let(:pat) { create(:personal_access_token, user: user, scopes: ['read_registry']) } let(:headers) { { authorization: credentials('personal_access_token', pat.token) } } @@ -74,6 +106,7 @@ describe JwtController do end it_behaves_like 'rejecting a blocked user' + it_behaves_like 'user logging' end end @@ -104,6 +137,8 @@ describe JwtController do end it { expect(service_class).to have_received(:new).with(nil, user, service_parameters) } + + it_behaves_like 'user logging' end context 'when user has 2FA enabled' do |