diff options
| author | Rémy Coutable <remy@rymai.me> | 2016-12-16 20:38:41 +0300 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-12-16 20:38:41 +0300 |
| commit | ca6bf62ec14a37bf13f670ff7f62a4c12309fea5 (patch) | |
| tree | c70c694a1aa5541f904e6946c135d78d2c282601 /spec/services | |
| parent | 3487551966ddad57111e34284245ed9074c024c5 (diff) | |
| parent | eb434b15ebbc7d0b7ed79bb2daa45601e3c918ca (diff) | |
Merge branch '20492-access-token-scopes' into 'master'
Resolve "Add a doorkeeper scope suitable for authentication"
## What does this MR do?
- Add a single new scope (in addition to the `api` scope we've had) - `read_user`
- Allow creating OAuth applications and Personal access tokens with a scope selected
- Enforce scopes in the API
## What are the relevant issue numbers?
- Closes #20492
- EE counterpart for this MR: gitlab-org/gitlab-ee!946
See merge request !5951
Diffstat (limited to 'spec/services')
| -rw-r--r-- | spec/services/access_token_validation_service_spec.rb | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/spec/services/access_token_validation_service_spec.rb b/spec/services/access_token_validation_service_spec.rb new file mode 100644 index 00000000000..87f093ee8ce --- /dev/null +++ b/spec/services/access_token_validation_service_spec.rb @@ -0,0 +1,41 @@ +require 'spec_helper' + +describe AccessTokenValidationService, services: true do + describe ".include_any_scope?" do + it "returns true if the required scope is present in the token's scopes" do + token = double("token", scopes: [:api, :read_user]) + + expect(described_class.new(token).include_any_scope?([:api])).to be(true) + end + + it "returns true if more than one of the required scopes is present in the token's scopes" do + token = double("token", scopes: [:api, :read_user, :other_scope]) + + expect(described_class.new(token).include_any_scope?([:api, :other_scope])).to be(true) + end + + it "returns true if the list of required scopes is an exact match for the token's scopes" do + token = double("token", scopes: [:api, :read_user, :other_scope]) + + expect(described_class.new(token).include_any_scope?([:api, :read_user, :other_scope])).to be(true) + end + + it "returns true if the list of required scopes contains all of the token's scopes, in addition to others" do + token = double("token", scopes: [:api, :read_user]) + + expect(described_class.new(token).include_any_scope?([:api, :read_user, :other_scope])).to be(true) + end + + it 'returns true if the list of required scopes is blank' do + token = double("token", scopes: []) + + expect(described_class.new(token).include_any_scope?([])).to be(true) + end + + it "returns false if there are no scopes in common between the required scopes and the token scopes" do + token = double("token", scopes: [:api, :read_user]) + + expect(described_class.new(token).include_any_scope?([:other_scope])).to be(false) + end + end +end |