diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-26 22:59:56 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-26 22:59:56 +0300 |
commit | 34a401c88dd94954363884f1325b92659159bdd7 (patch) | |
tree | 4bd9c57a6f7f527895f15d2877816453aa75c82c /spec | |
parent | 5b4b2ed55320932ddaecbb7ce7f957235a1c73cf (diff) |
Add latest changes from gitlab-org/gitlab@16-2-stable-ee
Diffstat (limited to 'spec')
-rw-r--r-- | spec/lib/json_web_token/hmac_token_spec.rb | 2 | ||||
-rw-r--r-- | spec/requests/api/internal/base_spec.rb | 11 |
2 files changed, 12 insertions, 1 deletions
diff --git a/spec/lib/json_web_token/hmac_token_spec.rb b/spec/lib/json_web_token/hmac_token_spec.rb index 7c486b2fe1b..877184a4a3d 100644 --- a/spec/lib/json_web_token/hmac_token_spec.rb +++ b/spec/lib/json_web_token/hmac_token_spec.rb @@ -25,7 +25,7 @@ RSpec.describe JSONWebToken::HMACToken do end describe '.decode' do - let(:leeway) { described_class::IAT_LEEWAY } + let(:leeway) { described_class::LEEWAY } let(:decoded_token) { described_class.decode(encoded_token, secret, leeway: leeway) } context 'with an invalid token' do diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb index 619ffd8d41a..12b7b8d7054 100644 --- a/spec/requests/api/internal/base_spec.rb +++ b/spec/requests/api/internal/base_spec.rb @@ -50,6 +50,17 @@ RSpec.describe API::Internal::Base, feature_category: :system_access do expect(response).to have_gitlab_http_status(:ok) end + it 'authenticates using a jwt token with an IAT from 10 seconds in the future' do + headers = + travel_to(Time.now + 10.seconds) do + gitlab_shell_internal_api_request_header + end + + perform_request(headers: headers) + + expect(response).to have_gitlab_http_status(:ok) + end + it 'returns 401 when jwt token is expired' do headers = gitlab_shell_internal_api_request_header |