Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec
diff options
context:
space:
mode:
authorMarkus Koller <markus-koller@gmx.ch>2017-01-31 13:21:29 +0300
committerAlexis Reigel <mail@koffeinfrei.org>2017-03-07 17:00:29 +0300
commiteefbc837301acc49a33617063faafa97adee307e (patch)
treeb46f35df1792744897dfe1d31d9a519d19f09669 /spec
parent93daeee16428707fc348f8c45215854aed6e117a (diff)
Only use API scopes for personal access tokens
Diffstat (limited to 'spec')
-rw-r--r--spec/initializers/doorkeeper_spec.rb12
-rw-r--r--spec/lib/gitlab/auth_spec.rb18
-rw-r--r--spec/models/personal_access_token_spec.rb16
3 files changed, 46 insertions, 0 deletions
diff --git a/spec/initializers/doorkeeper_spec.rb b/spec/initializers/doorkeeper_spec.rb
new file mode 100644
index 00000000000..32133edece7
--- /dev/null
+++ b/spec/initializers/doorkeeper_spec.rb
@@ -0,0 +1,12 @@
+require 'spec_helper'
+require_relative '../../config/initializers/doorkeeper'
+
+describe Doorkeeper.configuration do
+ it 'default_scopes matches Gitlab::Auth::DEFAULT_SCOPES' do
+ expect(subject.default_scopes).to eq Gitlab::Auth::DEFAULT_SCOPES
+ end
+
+ it 'optional_scopes matches Gitlab::Auth::OPTIONAL_SCOPES' do
+ expect(subject.optional_scopes).to eq Gitlab::Auth::OPTIONAL_SCOPES
+ end
+end
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb
index 8726ca569ca..0609ca78b3c 100644
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -3,6 +3,24 @@ require 'spec_helper'
describe Gitlab::Auth, lib: true do
let(:gl_auth) { described_class }
+ describe 'constants' do
+ it 'API_SCOPES contains all scopes for API access' do
+ expect(subject::API_SCOPES).to eq [:api, :read_user]
+ end
+
+ it 'OPENID_SCOPES contains all scopes for OpenID Connect' do
+ expect(subject::OPENID_SCOPES).to eq [:openid]
+ end
+
+ it 'DEFAULT_SCOPES contains all default scopes' do
+ expect(subject::DEFAULT_SCOPES).to eq [:api]
+ end
+
+ it 'OPTIONAL_SCOPES contains all non-default scopes' do
+ expect(subject::OPTIONAL_SCOPES).to eq [:read_user, :openid]
+ end
+ end
+
describe 'find_for_git_client' do
context 'build token' do
subject { gl_auth.find_for_git_client('gitlab-ci-token', build.token, project: project, ip: 'ip') }
diff --git a/spec/models/personal_access_token_spec.rb b/spec/models/personal_access_token_spec.rb
index 46eb71cef14..4cc9cf02e6d 100644
--- a/spec/models/personal_access_token_spec.rb
+++ b/spec/models/personal_access_token_spec.rb
@@ -12,4 +12,20 @@ describe PersonalAccessToken, models: true do
expect(personal_access_token).not_to be_persisted
end
end
+
+ describe 'validate_scopes' do
+ it "allows creating a token with API scopes" do
+ personal_access_token = build(:personal_access_token)
+ personal_access_token.scopes = [:api, :read_user]
+
+ expect(personal_access_token).to be_valid
+ end
+
+ it "rejects creating a token with non-API scopes" do
+ personal_access_token = build(:personal_access_token)
+ personal_access_token.scopes = [:openid, :api]
+
+ expect(personal_access_token).not_to be_valid
+ end
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 16:11:15 +0300