Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-06 00:09:42 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-06 00:09:42 +0300
commit: 53288eeb6300a5c162f146b13d1710c71f0ee197 (patch)
tree: 790faa45cf2a56bb0022ef02f989ddbd8ab0c0d9 /spec/services
parent: 38ceebb9b3a541f8530b379d5b5ab5e13ffc58ed (diff)
2 files changed, 122 insertions, 11 deletions
diff --git a/spec/services/resources/create_access_token_service_spec.rb b/spec/services/resource_access_tokens/create_service_spec.rb
index 8c108d9937a..57e7e4e66de 100644
--- a/spec/services/resources/create_access_token_service_spec.rb
+++ b/spec/services/resource_access_tokens/create_service_spec.rb
@@ -2,8 +2,8 @@
 
 require 'spec_helper'
 
-describe Resources::CreateAccessTokenService do
-  subject { described_class.new(resource_type, resource, user, params).execute }
+describe ResourceAccessTokens::CreateService do
+  subject { described_class.new(user, resource, params).execute }
 
   let_it_be(:user) { create(:user) }
   let_it_be(:project) { create(:project, :private) }
@@ -12,7 +12,7 @@ describe Resources::CreateAccessTokenService do
   describe '#execute' do
     # Created shared_examples as it will easy to include specs for group bots in https://gitlab.com/gitlab-org/gitlab/-/issues/214046
     shared_examples 'fails when user does not have the permission to create a Resource Bot' do
-      before do
+      before_all do
         resource.add_developer(user)
       end
 
@@ -56,7 +56,7 @@ describe Resources::CreateAccessTokenService do
         end
 
         context 'when user provides value' do
-          let(:params) { { name: 'Random bot' } }
+          let_it_be(:params) { { name: 'Random bot' } }
 
           it 'overrides the default value' do
             response = subject
@@ -83,12 +83,12 @@ describe Resources::CreateAccessTokenService do
             response = subject
             access_token = response.payload[:access_token]
 
-            expect(access_token.scopes).to eq(Gitlab::Auth::API_SCOPES + Gitlab::Auth::REPOSITORY_SCOPES + Gitlab::Auth.registry_scopes - [:read_user])
+            expect(access_token.scopes).to eq(Gitlab::Auth.resource_bot_scopes)
           end
         end
 
         context 'when user provides scope explicitly' do
-          let(:params) { { scopes: Gitlab::Auth::REPOSITORY_SCOPES } }
+          let_it_be(:params) { { scopes: Gitlab::Auth::REPOSITORY_SCOPES } }
 
           it 'overrides the default value' do
             response = subject
@@ -109,7 +109,7 @@ describe Resources::CreateAccessTokenService do
           end
 
           context 'when user provides value' do
-            let(:params) { { expires_at: Date.today + 1.month } }
+            let_it_be(:params) { { expires_at: Date.today + 1.month } }
 
             it 'overrides the default value' do
               response = subject
@@ -120,7 +120,7 @@ describe Resources::CreateAccessTokenService do
           end
 
           context 'when invalid scope is passed' do
-            let(:params) { { scopes: [:invalid_scope] } }
+            let_it_be(:params) { { scopes: [:invalid_scope] } }
 
             it 'returns error' do
               response = subject
@@ -145,14 +145,14 @@ describe Resources::CreateAccessTokenService do
     end
 
     context 'when resource is a project' do
-      let(:resource_type) { 'project' }
-      let(:resource) { project }
+      let_it_be(:resource_type) { 'project' }
+      let_it_be(:resource) { project }
 
       it_behaves_like 'fails when user does not have the permission to create a Resource Bot'
       it_behaves_like 'fails when flag is disabled'
 
       context 'user with valid permission' do
-        before do
+        before_all do
           resource.add_maintainer(user)
         end
 
diff --git a/spec/services/resource_access_tokens/revoke_service_spec.rb b/spec/services/resource_access_tokens/revoke_service_spec.rb
new file mode 100644
index 00000000000..3ce82745b9e
--- /dev/null
+++ b/spec/services/resource_access_tokens/revoke_service_spec.rb
@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe ResourceAccessTokens::RevokeService do
+  subject { described_class.new(user, resource, access_token).execute }
+
+  let_it_be(:user) { create(:user) }
+  let(:access_token) { create(:personal_access_token, user: resource_bot) }
+
+  describe '#execute' do
+    # Created shared_examples as it will easy to include specs for group bots in https://gitlab.com/gitlab-org/gitlab/-/issues/214046
+    shared_examples 'revokes access token' do
+      it { expect(subject.success?).to be true }
+
+      it { expect(subject.message).to eq("Revoked access token: #{access_token.name}") }
+
+      it 'revokes token access' do
+        subject
+
+        expect(access_token.reload.revoked?).to be true
+      end
+
+      it 'removes membership of bot user' do
+        subject
+
+        expect(resource.reload.users).not_to include(resource_bot)
+      end
+
+      it 'transfer issuables of bot user to ghost user' do
+        issue = create(:issue, author: resource_bot)
+
+        subject
+
+        expect(issue.reload.author.ghost?).to be true
+      end
+    end
+
+    shared_examples 'rollback revoke steps' do
+      it 'does not revoke the access token' do
+        subject
+
+        expect(access_token.reload.revoked?).to be false
+      end
+
+      it 'does not remove bot from member list' do
+        subject
+
+        expect(resource.reload.users).to include(resource_bot)
+      end
+
+      it 'does not transfer issuables of bot user to ghost user' do
+        issue = create(:issue, author: resource_bot)
+
+        subject
+
+        expect(issue.reload.author.ghost?).to be false
+      end
+    end
+
+    context 'when resource is a project' do
+      let_it_be(:resource) { create(:project, :private) }
+      let_it_be(:resource_bot) { create(:user, :project_bot) }
+
+      before_all do
+        resource.add_maintainer(user)
+        resource.add_maintainer(resource_bot)
+      end
+
+      it_behaves_like 'revokes access token'
+
+      context 'when revoke fails' do
+        context 'invalid resource type' do
+          subject { described_class.new(user, resource, access_token).execute }
+
+          let_it_be(:resource) { double }
+          let_it_be(:resource_bot) { create(:user, :project_bot) }
+
+          it 'returns error response' do
+            response = subject
+
+            expect(response.success?).to be false
+            expect(response.message).to eq("Failed to find bot user")
+          end
+
+          it { expect { subject }.not_to change(access_token.reload, :revoked) }
+        end
+
+        context 'when migration to ghost user fails' do
+          before do
+            allow_next_instance_of(::Members::DestroyService) do |service|
+              allow(service).to receive(:execute).and_return(false)
+            end
+          end
+
+          it_behaves_like 'rollback revoke steps'
+        end
+
+        context 'when migration to ghost user fails' do
+          before do
+            allow_next_instance_of(::Users::MigrateToGhostUserService) do |service|
+              allow(service).to receive(:execute).and_return(false)
+            end
+          end
+
+          it_behaves_like 'rollback revoke steps'
+        end
+      end
+    end
+  end
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-06 00:09:42 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-06 00:09:42 +0300
commit	53288eeb6300a5c162f146b13d1710c71f0ee197 (patch)
tree	790faa45cf2a56bb0022ef02f989ddbd8ab0c0d9 /spec/services
parent	38ceebb9b3a541f8530b379d5b5ab5e13ffc58ed (diff)