diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-20 21:38:24 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-20 21:38:24 +0300 |
commit | 983a0bba5d2a042c4a3bbb22432ec192c7501d82 (patch) | |
tree | b153cd387c14ba23bd5a07514c7c01fddf6a78a0 /spec/services/resources/create_access_token_service_spec.rb | |
parent | a2bddee2cdb38673df0e004d5b32d9f77797de64 (diff) |
Add latest changes from gitlab-org/gitlab@12-10-stable-ee
Diffstat (limited to 'spec/services/resources/create_access_token_service_spec.rb')
-rw-r--r-- | spec/services/resources/create_access_token_service_spec.rb | 163 |
1 files changed, 163 insertions, 0 deletions
diff --git a/spec/services/resources/create_access_token_service_spec.rb b/spec/services/resources/create_access_token_service_spec.rb new file mode 100644 index 00000000000..8c108d9937a --- /dev/null +++ b/spec/services/resources/create_access_token_service_spec.rb @@ -0,0 +1,163 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Resources::CreateAccessTokenService do + subject { described_class.new(resource_type, resource, user, params).execute } + + let_it_be(:user) { create(:user) } + let_it_be(:project) { create(:project, :private) } + let_it_be(:params) { {} } + + describe '#execute' do + # Created shared_examples as it will easy to include specs for group bots in https://gitlab.com/gitlab-org/gitlab/-/issues/214046 + shared_examples 'fails when user does not have the permission to create a Resource Bot' do + before do + resource.add_developer(user) + end + + it 'returns error' do + response = subject + + expect(response.error?).to be true + expect(response.message).to eq("User does not have permission to create #{resource_type} Access Token") + end + end + + shared_examples 'fails when flag is disabled' do + before do + stub_feature_flags(resource_access_token: false) + end + + it 'returns nil' do + expect(subject).to be nil + end + end + + shared_examples 'allows creation of bot with valid params' do + it { expect { subject }.to change { User.count }.by(1) } + + it 'creates resource bot user' do + response = subject + + access_token = response.payload[:access_token] + + expect(access_token.user.reload.user_type).to eq("#{resource_type}_bot") + end + + context 'bot name' do + context 'when no value is passed' do + it 'uses default value' do + response = subject + access_token = response.payload[:access_token] + + expect(access_token.user.name).to eq("#{resource.name.to_s.humanize} bot") + end + end + + context 'when user provides value' do + let(:params) { { name: 'Random bot' } } + + it 'overrides the default value' do + response = subject + access_token = response.payload[:access_token] + + expect(access_token.user.name).to eq(params[:name]) + end + end + end + + it 'adds the bot user as a maintainer in the resource' do + response = subject + access_token = response.payload[:access_token] + bot_user = access_token.user + + expect(resource.members.maintainers.map(&:user_id)).to include(bot_user.id) + end + + context 'personal access token' do + it { expect { subject }.to change { PersonalAccessToken.count }.by(1) } + + context 'when user does not provide scope' do + it 'has default scopes' do + response = subject + access_token = response.payload[:access_token] + + expect(access_token.scopes).to eq(Gitlab::Auth::API_SCOPES + Gitlab::Auth::REPOSITORY_SCOPES + Gitlab::Auth.registry_scopes - [:read_user]) + end + end + + context 'when user provides scope explicitly' do + let(:params) { { scopes: Gitlab::Auth::REPOSITORY_SCOPES } } + + it 'overrides the default value' do + response = subject + access_token = response.payload[:access_token] + + expect(access_token.scopes).to eq(Gitlab::Auth::REPOSITORY_SCOPES) + end + end + + context 'expires_at' do + context 'when no value is passed' do + it 'uses default value' do + response = subject + access_token = response.payload[:access_token] + + expect(access_token.expires_at).to eq(nil) + end + end + + context 'when user provides value' do + let(:params) { { expires_at: Date.today + 1.month } } + + it 'overrides the default value' do + response = subject + access_token = response.payload[:access_token] + + expect(access_token.expires_at).to eq(params[:expires_at]) + end + end + + context 'when invalid scope is passed' do + let(:params) { { scopes: [:invalid_scope] } } + + it 'returns error' do + response = subject + + expect(response.error?).to be true + end + end + end + end + + context 'when access provisioning fails' do + before do + allow(resource).to receive(:add_maintainer).and_return(nil) + end + + it 'returns error' do + response = subject + + expect(response.error?).to be true + end + end + end + + context 'when resource is a project' do + let(:resource_type) { 'project' } + let(:resource) { project } + + it_behaves_like 'fails when user does not have the permission to create a Resource Bot' + it_behaves_like 'fails when flag is disabled' + + context 'user with valid permission' do + before do + resource.add_maintainer(user) + end + + it_behaves_like 'allows creation of bot with valid params' + end + end + end +end |