diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-06 00:09:42 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-06 00:09:42 +0300 |
commit | 53288eeb6300a5c162f146b13d1710c71f0ee197 (patch) | |
tree | 790faa45cf2a56bb0022ef02f989ddbd8ab0c0d9 /spec/services | |
parent | 38ceebb9b3a541f8530b379d5b5ab5e13ffc58ed (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/services')
-rw-r--r-- | spec/services/resource_access_tokens/create_service_spec.rb (renamed from spec/services/resources/create_access_token_service_spec.rb) | 22 | ||||
-rw-r--r-- | spec/services/resource_access_tokens/revoke_service_spec.rb | 111 |
2 files changed, 122 insertions, 11 deletions
diff --git a/spec/services/resources/create_access_token_service_spec.rb b/spec/services/resource_access_tokens/create_service_spec.rb index 8c108d9937a..57e7e4e66de 100644 --- a/spec/services/resources/create_access_token_service_spec.rb +++ b/spec/services/resource_access_tokens/create_service_spec.rb @@ -2,8 +2,8 @@ require 'spec_helper' -describe Resources::CreateAccessTokenService do - subject { described_class.new(resource_type, resource, user, params).execute } +describe ResourceAccessTokens::CreateService do + subject { described_class.new(user, resource, params).execute } let_it_be(:user) { create(:user) } let_it_be(:project) { create(:project, :private) } @@ -12,7 +12,7 @@ describe Resources::CreateAccessTokenService do describe '#execute' do # Created shared_examples as it will easy to include specs for group bots in https://gitlab.com/gitlab-org/gitlab/-/issues/214046 shared_examples 'fails when user does not have the permission to create a Resource Bot' do - before do + before_all do resource.add_developer(user) end @@ -56,7 +56,7 @@ describe Resources::CreateAccessTokenService do end context 'when user provides value' do - let(:params) { { name: 'Random bot' } } + let_it_be(:params) { { name: 'Random bot' } } it 'overrides the default value' do response = subject @@ -83,12 +83,12 @@ describe Resources::CreateAccessTokenService do response = subject access_token = response.payload[:access_token] - expect(access_token.scopes).to eq(Gitlab::Auth::API_SCOPES + Gitlab::Auth::REPOSITORY_SCOPES + Gitlab::Auth.registry_scopes - [:read_user]) + expect(access_token.scopes).to eq(Gitlab::Auth.resource_bot_scopes) end end context 'when user provides scope explicitly' do - let(:params) { { scopes: Gitlab::Auth::REPOSITORY_SCOPES } } + let_it_be(:params) { { scopes: Gitlab::Auth::REPOSITORY_SCOPES } } it 'overrides the default value' do response = subject @@ -109,7 +109,7 @@ describe Resources::CreateAccessTokenService do end context 'when user provides value' do - let(:params) { { expires_at: Date.today + 1.month } } + let_it_be(:params) { { expires_at: Date.today + 1.month } } it 'overrides the default value' do response = subject @@ -120,7 +120,7 @@ describe Resources::CreateAccessTokenService do end context 'when invalid scope is passed' do - let(:params) { { scopes: [:invalid_scope] } } + let_it_be(:params) { { scopes: [:invalid_scope] } } it 'returns error' do response = subject @@ -145,14 +145,14 @@ describe Resources::CreateAccessTokenService do end context 'when resource is a project' do - let(:resource_type) { 'project' } - let(:resource) { project } + let_it_be(:resource_type) { 'project' } + let_it_be(:resource) { project } it_behaves_like 'fails when user does not have the permission to create a Resource Bot' it_behaves_like 'fails when flag is disabled' context 'user with valid permission' do - before do + before_all do resource.add_maintainer(user) end diff --git a/spec/services/resource_access_tokens/revoke_service_spec.rb b/spec/services/resource_access_tokens/revoke_service_spec.rb new file mode 100644 index 00000000000..3ce82745b9e --- /dev/null +++ b/spec/services/resource_access_tokens/revoke_service_spec.rb @@ -0,0 +1,111 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe ResourceAccessTokens::RevokeService do + subject { described_class.new(user, resource, access_token).execute } + + let_it_be(:user) { create(:user) } + let(:access_token) { create(:personal_access_token, user: resource_bot) } + + describe '#execute' do + # Created shared_examples as it will easy to include specs for group bots in https://gitlab.com/gitlab-org/gitlab/-/issues/214046 + shared_examples 'revokes access token' do + it { expect(subject.success?).to be true } + + it { expect(subject.message).to eq("Revoked access token: #{access_token.name}") } + + it 'revokes token access' do + subject + + expect(access_token.reload.revoked?).to be true + end + + it 'removes membership of bot user' do + subject + + expect(resource.reload.users).not_to include(resource_bot) + end + + it 'transfer issuables of bot user to ghost user' do + issue = create(:issue, author: resource_bot) + + subject + + expect(issue.reload.author.ghost?).to be true + end + end + + shared_examples 'rollback revoke steps' do + it 'does not revoke the access token' do + subject + + expect(access_token.reload.revoked?).to be false + end + + it 'does not remove bot from member list' do + subject + + expect(resource.reload.users).to include(resource_bot) + end + + it 'does not transfer issuables of bot user to ghost user' do + issue = create(:issue, author: resource_bot) + + subject + + expect(issue.reload.author.ghost?).to be false + end + end + + context 'when resource is a project' do + let_it_be(:resource) { create(:project, :private) } + let_it_be(:resource_bot) { create(:user, :project_bot) } + + before_all do + resource.add_maintainer(user) + resource.add_maintainer(resource_bot) + end + + it_behaves_like 'revokes access token' + + context 'when revoke fails' do + context 'invalid resource type' do + subject { described_class.new(user, resource, access_token).execute } + + let_it_be(:resource) { double } + let_it_be(:resource_bot) { create(:user, :project_bot) } + + it 'returns error response' do + response = subject + + expect(response.success?).to be false + expect(response.message).to eq("Failed to find bot user") + end + + it { expect { subject }.not_to change(access_token.reload, :revoked) } + end + + context 'when migration to ghost user fails' do + before do + allow_next_instance_of(::Members::DestroyService) do |service| + allow(service).to receive(:execute).and_return(false) + end + end + + it_behaves_like 'rollback revoke steps' + end + + context 'when migration to ghost user fails' do + before do + allow_next_instance_of(::Users::MigrateToGhostUserService) do |service| + allow(service).to receive(:execute).and_return(false) + end + end + + it_behaves_like 'rollback revoke steps' + end + end + end + end +end |