diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-05-30 17:57:39 +0300 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-05-30 17:57:39 +0300 |
| commit | 7ec1fa212d23911792674e947863f3e71f91834f (patch) | |
| tree | 7b74aa0789cc12033a0d16cb7259a01aa88b95b6 /spec/services/auth | |
| parent | 2485bd7bbf9686f993d2a417943feff5c7d5b6f3 (diff) | |
Make authentication service for Container Registry to be compatible with < Docker 1.11
Diffstat (limited to 'spec/services/auth')
| -rw-r--r-- | spec/services/auth/container_registry_authentication_service_spec.rb | 46 |
1 files changed, 17 insertions, 29 deletions
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb index 98ef9d21035..2d114f59ca4 100644 --- a/spec/services/auth/container_registry_authentication_service_spec.rb +++ b/spec/services/auth/container_registry_authentication_service_spec.rb @@ -14,7 +14,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key) end - shared_examples 'an authenticated' do + shared_examples 'a valid token' do it { is_expected.to include(:token) } it { expect(payload).to include('access') } end @@ -28,10 +28,15 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do }] end - it_behaves_like 'an authenticated' + it_behaves_like 'a valid token' it { expect(payload).to include('access' => access) } end + shared_examples 'an inaccessible' do + it_behaves_like 'a valid token' + it { expect(payload).to include('access' => []) } + end + shared_examples 'a pullable' do it_behaves_like 'a accessible' do let(:actions) { ['pull'] } @@ -50,11 +55,6 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do end end - shared_examples 'an unauthorized' do - it { is_expected.to include(http_status: 401) } - it { is_expected.not_to include(:token) } - end - shared_examples 'a forbidden' do it { is_expected.to include(http_status: 403) } it { is_expected.not_to include(:token) } @@ -75,12 +75,8 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do let(:project) { create(:project) } let(:current_user) { create(:user) } - context 'allow to use offline_token' do - let(:current_params) do - { offline_token: true } - end - - it_behaves_like 'an authenticated' + context 'allow to use scope-less authentication' do + it_behaves_like 'a valid token' end context 'allow developer to push images' do @@ -120,19 +116,15 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do { scope: "repository:#{project.path_with_namespace}:pull,push" } end - it_behaves_like 'a forbidden' + it_behaves_like 'an inaccessible' end end context 'project authorization' do let(:current_project) { create(:empty_project) } - context 'allow to use offline_token' do - let(:current_params) do - { offline_token: true } - end - - it_behaves_like 'an authenticated' + context 'allow to use scope-less authentication' do + it_behaves_like 'a valid token' end context 'allow to pull and push images' do @@ -158,7 +150,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do context 'disallow for private' do let(:project) { create(:empty_project, :private) } - it_behaves_like 'a forbidden' + it_behaves_like 'an inaccessible' end end @@ -169,7 +161,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do context 'disallow for all' do let(:project) { create(:empty_project, :public) } - it_behaves_like 'a forbidden' + it_behaves_like 'an inaccessible' end end end @@ -184,18 +176,14 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do { scope: "repository:#{project.path_with_namespace}:pull" } end - it_behaves_like 'a forbidden' + it_behaves_like 'an inaccessible' end end end context 'unauthorized' do - context 'disallow to use offline_token' do - let(:current_params) do - { offline_token: true } - end - - it_behaves_like 'an unauthorized' + context 'disallow to use scope-less authentication' do + it_behaves_like 'a forbidden' end context 'for invalid scope' do |