diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-06 00:09:42 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-06 00:09:42 +0300 |
| commit | 53288eeb6300a5c162f146b13d1710c71f0ee197 (patch) | |
| tree | 790faa45cf2a56bb0022ef02f989ddbd8ab0c0d9 /spec | |
| parent | 38ceebb9b3a541f8530b379d5b5ab5e13ffc58ed (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/controllers/projects/settings/access_tokens_controller_spec.rb | 190 | ||||
| -rw-r--r-- | spec/features/merge_request/user_posts_diff_notes_spec.rb | 4 | ||||
| -rw-r--r-- | spec/features/merge_request/user_posts_notes_spec.rb | 5 | ||||
| -rw-r--r-- | spec/features/projects/pipelines/pipeline_spec.rb | 51 | ||||
| -rw-r--r-- | spec/frontend/notes/components/note_form_spec.js | 8 | ||||
| -rw-r--r-- | spec/lib/api/helpers/pagination_strategies_spec.rb | 77 | ||||
| -rw-r--r-- | spec/lib/banzai/renderer_spec.rb | 57 | ||||
| -rw-r--r-- | spec/lib/gitlab/auth_spec.rb | 8 | ||||
| -rw-r--r-- | spec/lib/gitlab/pagination/keyset_spec.rb | 12 | ||||
| -rw-r--r-- | spec/models/milestone_spec.rb | 2 | ||||
| -rw-r--r-- | spec/models/personal_access_token_spec.rb | 23 | ||||
| -rw-r--r-- | spec/models/project_spec.rb | 17 | ||||
| -rw-r--r-- | spec/services/resource_access_tokens/create_service_spec.rb (renamed from spec/services/resources/create_access_token_service_spec.rb) | 22 | ||||
| -rw-r--r-- | spec/services/resource_access_tokens/revoke_service_spec.rb | 111 |
14 files changed, 557 insertions, 30 deletions
diff --git a/spec/controllers/projects/settings/access_tokens_controller_spec.rb b/spec/controllers/projects/settings/access_tokens_controller_spec.rb new file mode 100644 index 00000000000..884a5bc2836 --- /dev/null +++ b/spec/controllers/projects/settings/access_tokens_controller_spec.rb @@ -0,0 +1,190 @@ +# frozen_string_literal: true + +require('spec_helper') + +describe Projects::Settings::AccessTokensController do + let_it_be(:user) { create(:user) } + let_it_be(:project) { create(:project) } + + before_all do + project.add_maintainer(user) + end + + before do + sign_in(user) + end + + shared_examples 'feature unavailability' do + context 'when flag is disabled' do + before do + stub_feature_flags(resource_access_token: false) + end + + it { is_expected.to have_gitlab_http_status(:not_found) } + end + + context 'when environment is Gitlab.com' do + before do + allow(Gitlab).to receive(:com?).and_return(true) + end + + it { is_expected.to have_gitlab_http_status(:not_found) } + end + end + + describe '#index' do + subject { get :index, params: { namespace_id: project.namespace, project_id: project } } + + it_behaves_like 'feature unavailability' + + context 'when feature is available' do + let_it_be(:bot_user) { create(:user, :project_bot) } + let_it_be(:active_project_access_token) { create(:personal_access_token, user: bot_user) } + let_it_be(:inactive_project_access_token) { create(:personal_access_token, :revoked, user: bot_user) } + + before_all do + project.add_maintainer(bot_user) + end + + before do + enable_feature + end + + it 'retrieves active project access tokens' do + subject + + expect(assigns(:active_project_access_tokens)).to contain_exactly(active_project_access_token) + end + + it 'retrieves inactive project access tokens' do + subject + + expect(assigns(:inactive_project_access_tokens)).to contain_exactly(inactive_project_access_token) + end + + it 'lists all available scopes' do + subject + + expect(assigns(:scopes)).to eq(Gitlab::Auth.resource_bot_scopes) + end + + it 'retrieves newly created personal access token value' do + token_value = 'random-value' + allow(PersonalAccessToken).to receive(:redis_getdel).with("#{user.id}:#{project.id}").and_return(token_value) + + subject + + expect(assigns(:new_project_access_token)).to eq(token_value) + end + end + end + + describe '#create', :clean_gitlab_redis_shared_state do + subject { post :create, params: { namespace_id: project.namespace, project_id: project }.merge(project_access_token: access_token_params) } + + let_it_be(:access_token_params) { {} } + + it_behaves_like 'feature unavailability' + + context 'when feature is available' do + let_it_be(:access_token_params) { { name: 'Nerd bot', scopes: ["api"], expires_at: 1.month.since.to_date } } + + before do + enable_feature + end + + def created_token + PersonalAccessToken.order(:created_at).last + end + + it 'returns success message' do + subject + + expect(response.flash[:notice]).to match(/\AYour new project access token has been created./i) + end + + it 'creates project access token' do + subject + + expect(created_token.name).to eq(access_token_params[:name]) + expect(created_token.scopes).to eq(access_token_params[:scopes]) + expect(created_token.expires_at).to eq(access_token_params[:expires_at]) + end + + it 'creates project bot user' do + subject + + expect(created_token.user).to be_project_bot + end + + it 'stores newly created token redis store' do + expect(PersonalAccessToken).to receive(:redis_store!) + + subject + end + + it { expect { subject }.to change { User.count }.by(1) } + it { expect { subject }.to change { PersonalAccessToken.count }.by(1) } + + context 'when unsuccessful' do + before do + allow_next_instance_of(ResourceAccessTokens::CreateService) do |service| + allow(service).to receive(:execute).and_return ServiceResponse.error(message: 'Failed!') + end + end + + it { expect(subject).to render_template(:index) } + end + end + end + + describe '#revoke' do + subject { put :revoke, params: { namespace_id: project.namespace, project_id: project, id: project_access_token } } + + let_it_be(:bot_user) { create(:user, :project_bot) } + let_it_be(:project_access_token) { create(:personal_access_token, user: bot_user) } + + before_all do + project.add_maintainer(bot_user) + end + + it_behaves_like 'feature unavailability' + + context 'when feature is available' do + before do + enable_feature + end + + it 'revokes token access' do + subject + + expect(project_access_token.reload.revoked?).to be true + end + + it 'removed membership of bot user' do + subject + + expect(project.reload.bots).not_to include(bot_user) + end + + it 'blocks project bot user' do + subject + + expect(bot_user.reload.blocked?).to be true + end + + it 'converts issuables of the bot user to ghost user' do + issue = create(:issue, author: bot_user) + + subject + + expect(issue.reload.author.ghost?).to be true + end + end + end + + def enable_feature + allow(Gitlab).to receive(:com?).and_return(false) + stub_feature_flags(resource_access_token: true) + end +end diff --git a/spec/features/merge_request/user_posts_diff_notes_spec.rb b/spec/features/merge_request/user_posts_diff_notes_spec.rb index 19f82058be2..ebfb5ce796f 100644 --- a/spec/features/merge_request/user_posts_diff_notes_spec.rb +++ b/spec/features/merge_request/user_posts_diff_notes_spec.rb @@ -235,7 +235,9 @@ describe 'Merge request > User posts diff notes', :js do def should_allow_dismissing_a_comment(line_holder, diff_side = nil) write_comment_on_line(line_holder, diff_side) - find('.js-close-discussion-note-form').click + accept_confirm do + find('.js-close-discussion-note-form').click + end assert_comment_dismissal(line_holder) end diff --git a/spec/features/merge_request/user_posts_notes_spec.rb b/spec/features/merge_request/user_posts_notes_spec.rb index b22f5a6c211..0548d958322 100644 --- a/spec/features/merge_request/user_posts_notes_spec.rb +++ b/spec/features/merge_request/user_posts_notes_spec.rb @@ -147,7 +147,10 @@ describe 'Merge request > User posts notes', :js do it 'resets the edit note form textarea with the original content of the note if cancelled' do within('.current-note-edit-form') do fill_in 'note[note]', with: 'Some new content' - find('.btn-cancel').click + + accept_confirm do + find('.btn-cancel').click + end end expect(find('.js-note-text').text).to eq '' end diff --git a/spec/features/projects/pipelines/pipeline_spec.rb b/spec/features/projects/pipelines/pipeline_spec.rb index aad57bd9b16..de81547887b 100644 --- a/spec/features/projects/pipelines/pipeline_spec.rb +++ b/spec/features/projects/pipelines/pipeline_spec.rb @@ -327,9 +327,10 @@ describe 'Pipeline', :js do visit_pipeline end - it 'shows Pipeline, Jobs and Failed Jobs tabs with link' do + it 'shows Pipeline, Jobs, DAG and Failed Jobs tabs with link' do expect(page).to have_link('Pipeline') expect(page).to have_link('Jobs') + expect(page).to have_link('DAG') expect(page).to have_link('Failed Jobs') end @@ -614,6 +615,20 @@ describe 'Pipeline', :js do end end end + + context 'when FF dag_pipeline_tab is disabled' do + before do + stub_feature_flags(dag_pipeline_tab: false) + visit_pipeline + end + + it 'does not show DAG link' do + expect(page).to have_link('Pipeline') + expect(page).to have_link('Jobs') + expect(page).not_to have_link('DAG') + expect(page).to have_link('Failed Jobs') + end + end end context 'when user does not have access to read jobs' do @@ -865,9 +880,10 @@ describe 'Pipeline', :js do end context 'page tabs' do - it 'shows Pipeline and Jobs tabs with link' do + it 'shows Pipeline, Jobs and DAG tabs with link' do expect(page).to have_link('Pipeline') expect(page).to have_link('Jobs') + expect(page).to have_link('DAG') end it 'shows counter in Jobs tab' do @@ -1057,6 +1073,37 @@ describe 'Pipeline', :js do end end + describe 'GET /:project/pipelines/:id/dag' do + include_context 'pipeline builds' + + let(:project) { create(:project, :repository) } + let(:pipeline) { create(:ci_pipeline, project: project, ref: 'master', sha: project.commit.id) } + + before do + visit dag_project_pipeline_path(project, pipeline) + end + + it 'shows DAG tab pane as active' do + expect(page).to have_css('#js-tab-dag.active', visible: false) + end + + context 'page tabs' do + it 'shows Pipeline, Jobs and DAG tabs with link' do + expect(page).to have_link('Pipeline') + expect(page).to have_link('Jobs') + expect(page).to have_link('DAG') + end + + it 'shows counter in Jobs tab' do + expect(page.find('.js-builds-counter').text).to eq(pipeline.total_size.to_s) + end + + it 'shows DAG tab as active' do + expect(page).to have_css('li.js-dag-tab-link .active') + end + end + end + context 'when user sees pipeline flags in a pipeline detail page' do let(:project) { create(:project, :repository) } diff --git a/spec/frontend/notes/components/note_form_spec.js b/spec/frontend/notes/components/note_form_spec.js index bccac03126c..8270c148fb5 100644 --- a/spec/frontend/notes/components/note_form_spec.js +++ b/spec/frontend/notes/components/note_form_spec.js @@ -161,18 +161,18 @@ describe('issue_note_form component', () => { describe('actions', () => { it('should be possible to cancel', () => { - // TODO: do not spy on vm - jest.spyOn(wrapper.vm, 'cancelHandler'); + const cancelHandler = jest.fn(); wrapper.setProps({ ...props, isEditing: true, }); + wrapper.setMethods({ cancelHandler }); return wrapper.vm.$nextTick().then(() => { - const cancelButton = wrapper.find('.note-edit-cancel'); + const cancelButton = wrapper.find('[data-testid="cancel"]'); cancelButton.trigger('click'); - expect(wrapper.vm.cancelHandler).toHaveBeenCalled(); + expect(cancelHandler).toHaveBeenCalledWith(true); }); }); diff --git a/spec/lib/api/helpers/pagination_strategies_spec.rb b/spec/lib/api/helpers/pagination_strategies_spec.rb index a418c09a824..eaa71159714 100644 --- a/spec/lib/api/helpers/pagination_strategies_spec.rb +++ b/spec/lib/api/helpers/pagination_strategies_spec.rb @@ -6,7 +6,7 @@ describe API::Helpers::PaginationStrategies do subject { Class.new.include(described_class).new } let(:expected_result) { double("result") } - let(:relation) { double("relation") } + let(:relation) { double("relation", klass: "SomeClass") } let(:params) { {} } before do @@ -17,18 +17,18 @@ describe API::Helpers::PaginationStrategies do let(:paginator) { double("paginator", paginate: expected_result, finalize: nil) } before do - allow(subject).to receive(:paginator).with(relation).and_return(paginator) + allow(subject).to receive(:paginator).with(relation, nil).and_return(paginator) end it 'yields paginated relation' do - expect { |b| subject.paginate_with_strategies(relation, &b) }.to yield_with_args(expected_result) + expect { |b| subject.paginate_with_strategies(relation, nil, &b) }.to yield_with_args(expected_result) end it 'calls #finalize with first value returned from block' do return_value = double expect(paginator).to receive(:finalize).with(return_value) - subject.paginate_with_strategies(relation) do |records| + subject.paginate_with_strategies(relation, nil) do |records| some_options = {} [return_value, some_options] end @@ -37,7 +37,7 @@ describe API::Helpers::PaginationStrategies do it 'returns whatever the block returns' do return_value = [double, double] - result = subject.paginate_with_strategies(relation) do |records| + result = subject.paginate_with_strategies(relation, nil) do |records| return_value end @@ -47,16 +47,77 @@ describe API::Helpers::PaginationStrategies do describe '#paginator' do context 'offset pagination' do + let(:plan_limits) { Plan.default.actual_limits } + let(:offset_limit) { plan_limits.offset_pagination_limit } let(:paginator) { double("paginator") } before do allow(subject).to receive(:keyset_pagination_enabled?).and_return(false) end - it 'delegates to OffsetPagination' do - expect(Gitlab::Pagination::OffsetPagination).to receive(:new).with(subject).and_return(paginator) + context 'when keyset pagination is available for the relation' do + before do + allow(Gitlab::Pagination::Keyset).to receive(:available_for_type?).and_return(true) + end + + context 'when a request scope is given' do + let(:params) { { per_page: 100, page: offset_limit / 100 + 1 } } + let(:request_scope) { double("scope", actual_limits: plan_limits) } + + context 'when the scope limit is exceeded' do + it 'renders a 405 error' do + expect(subject).to receive(:error!).with(/maximum allowed offset/, 405) + + subject.paginator(relation, request_scope) + end + end + + context 'when the scope limit is not exceeded' do + let(:params) { { per_page: 100, page: offset_limit / 100 } } + + it 'delegates to OffsetPagination' do + expect(Gitlab::Pagination::OffsetPagination).to receive(:new).with(subject).and_return(paginator) + + expect(subject.paginator(relation, request_scope)).to eq(paginator) + end + end + end + + context 'when a request scope is not given' do + context 'when the default limits are exceeded' do + let(:params) { { per_page: 100, page: offset_limit / 100 + 1 } } + + it 'renders a 405 error' do + expect(subject).to receive(:error!).with(/maximum allowed offset/, 405) + + subject.paginator(relation) + end + end - expect(subject.paginator(relation)).to eq(paginator) + context 'when the default limits are not exceeded' do + let(:params) { { per_page: 100, page: offset_limit / 100 } } + + it 'delegates to OffsetPagination' do + expect(Gitlab::Pagination::OffsetPagination).to receive(:new).with(subject).and_return(paginator) + + expect(subject.paginator(relation)).to eq(paginator) + end + end + end + end + + context 'when keyset pagination is not available for the relation' do + let(:params) { { per_page: 100, page: offset_limit / 100 + 1 } } + + before do + allow(Gitlab::Pagination::Keyset).to receive(:available_for_type?).and_return(false) + end + + it 'delegates to OffsetPagination' do + expect(Gitlab::Pagination::OffsetPagination).to receive(:new).with(subject).and_return(paginator) + + expect(subject.paginator(relation)).to eq(paginator) + end end end diff --git a/spec/lib/banzai/renderer_spec.rb b/spec/lib/banzai/renderer_spec.rb index 0d329b47aa3..b540a76face 100644 --- a/spec/lib/banzai/renderer_spec.rb +++ b/spec/lib/banzai/renderer_spec.rb @@ -3,6 +3,8 @@ require 'spec_helper' describe Banzai::Renderer do + let(:renderer) { described_class } + def fake_object(fresh:) object = double('object') @@ -40,8 +42,6 @@ describe Banzai::Renderer do end describe '#render_field' do - let(:renderer) { described_class } - context 'without cache' do let(:commit) { fake_cacheless_object } @@ -83,4 +83,57 @@ describe Banzai::Renderer do end end end + + describe '#post_process' do + let(:context_options) { {} } + let(:html) { 'Consequatur aperiam et nesciunt modi aut assumenda quo id. '} + let(:post_processed_html) { double(html_safe: 'safe doc') } + let(:doc) { double(to_html: post_processed_html) } + + subject { renderer.post_process(html, context_options) } + + context 'when xhtml' do + let(:context_options) { { xhtml: ' ' } } + + context 'without :post_process_pipeline key' do + it 'uses PostProcessPipeline' do + expect(::Banzai::Pipeline::PostProcessPipeline).to receive(:to_document).and_return(doc) + + subject + end + end + + context 'with :post_process_pipeline key' do + let(:context_options) { { post_process_pipeline: Object, xhtml: ' ' } } + + it 'uses passed post process pipeline' do + expect(Object).to receive(:to_document).and_return(doc) + + subject + end + end + end + + context 'when not xhtml' do + context 'without :post_process_pipeline key' do + it 'uses PostProcessPipeline' do + expect(::Banzai::Pipeline::PostProcessPipeline).to receive(:to_html) + .with(html, { only_path: true, disable_asset_proxy: true }) + .and_return(post_processed_html) + + subject + end + end + + context 'with :post_process_pipeline key' do + let(:context_options) { { post_process_pipeline: Object } } + + it 'uses passed post process pipeline' do + expect(Object).to receive(:to_html).and_return(post_processed_html) + + subject + end + end + end + end end diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb index a0a8767637e..870f02b6933 100644 --- a/spec/lib/gitlab/auth_spec.rb +++ b/spec/lib/gitlab/auth_spec.rb @@ -715,6 +715,14 @@ describe Gitlab::Auth, :use_clean_rails_memory_store_caching do end end + describe ".resource_bot_scopes" do + subject { described_class.resource_bot_scopes } + + it { is_expected.to include(*described_class::API_SCOPES - [:read_user]) } + it { is_expected.to include(*described_class::REPOSITORY_SCOPES) } + it { is_expected.to include(*described_class.registry_scopes) } + end + private def expect_results_with_abilities(personal_access_token, abilities, success = true) diff --git a/spec/lib/gitlab/pagination/keyset_spec.rb b/spec/lib/gitlab/pagination/keyset_spec.rb index bde280c5fca..0ac40080872 100644 --- a/spec/lib/gitlab/pagination/keyset_spec.rb +++ b/spec/lib/gitlab/pagination/keyset_spec.rb @@ -3,6 +3,18 @@ require 'spec_helper' describe Gitlab::Pagination::Keyset do + describe '.available_for_type?' do + subject { described_class } + + it 'returns true for Project' do + expect(subject.available_for_type?(Project.all)).to be_truthy + end + + it 'return false for other types of relations' do + expect(subject.available_for_type?(User.all)).to be_falsey + end + end + describe '.available?' do subject { described_class } diff --git a/spec/models/milestone_spec.rb b/spec/models/milestone_spec.rb index e6544fda640..9aaaf536351 100644 --- a/spec/models/milestone_spec.rb +++ b/spec/models/milestone_spec.rb @@ -6,7 +6,7 @@ describe Milestone do it_behaves_like 'a timebox', :milestone describe 'MilestoneStruct#serializable_hash' do - let(:predefined_milestone) { described_class::MilestoneStruct.new('Test Milestone', '#test', 1) } + let(:predefined_milestone) { described_class::TimeboxStruct.new('Test Milestone', '#test', 1) } it 'presents the predefined milestone as a hash' do expect(predefined_milestone.serializable_hash).to eq( diff --git a/spec/models/personal_access_token_spec.rb b/spec/models/personal_access_token_spec.rb index b16d1f58be5..596b11613b3 100644 --- a/spec/models/personal_access_token_spec.rb +++ b/spec/models/personal_access_token_spec.rb @@ -179,4 +179,27 @@ describe PersonalAccessToken do end end end + + describe '.simple_sorts' do + it 'includes overriden keys' do + expect(described_class.simple_sorts.keys).to include(*%w(expires_at_asc expires_at_desc)) + end + end + + describe 'ordering by expires_at' do + let_it_be(:earlier_token) { create(:personal_access_token, expires_at: 2.days.ago) } + let_it_be(:later_token) { create(:personal_access_token, expires_at: 1.day.ago) } + + describe '.order_expires_at_asc' do + it 'returns ordered list in asc order of expiry date' do + expect(described_class.order_expires_at_asc).to match [earlier_token, later_token] + end + end + + describe '.order_expires_at_desc' do + it 'returns ordered list in desc order of expiry date' do + expect(described_class.order_expires_at_desc).to match [later_token, earlier_token] + end + end + end end diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index bcd28538e2c..8c2323eb0d8 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -6081,6 +6081,23 @@ describe Project do end end + describe '#bots' do + subject { project.bots } + + let_it_be(:project) { create(:project) } + let_it_be(:project_bot) { create(:user, :project_bot) } + let_it_be(:user) { create(:user) } + + before_all do + [project_bot, user].each do |member| + project.add_maintainer(member) + end + end + + it { is_expected.to contain_exactly(project_bot) } + it { is_expected.not_to include(user) } + end + def finish_job(export_job) export_job.start export_job.finish diff --git a/spec/services/resources/create_access_token_service_spec.rb b/spec/services/resource_access_tokens/create_service_spec.rb index 8c108d9937a..57e7e4e66de 100644 --- a/spec/services/resources/create_access_token_service_spec.rb +++ b/spec/services/resource_access_tokens/create_service_spec.rb @@ -2,8 +2,8 @@ require 'spec_helper' -describe Resources::CreateAccessTokenService do - subject { described_class.new(resource_type, resource, user, params).execute } +describe ResourceAccessTokens::CreateService do + subject { described_class.new(user, resource, params).execute } let_it_be(:user) { create(:user) } let_it_be(:project) { create(:project, :private) } @@ -12,7 +12,7 @@ describe Resources::CreateAccessTokenService do describe '#execute' do # Created shared_examples as it will easy to include specs for group bots in https://gitlab.com/gitlab-org/gitlab/-/issues/214046 shared_examples 'fails when user does not have the permission to create a Resource Bot' do - before do + before_all do resource.add_developer(user) end @@ -56,7 +56,7 @@ describe Resources::CreateAccessTokenService do end context 'when user provides value' do - let(:params) { { name: 'Random bot' } } + let_it_be(:params) { { name: 'Random bot' } } it 'overrides the default value' do response = subject @@ -83,12 +83,12 @@ describe Resources::CreateAccessTokenService do response = subject access_token = response.payload[:access_token] - expect(access_token.scopes).to eq(Gitlab::Auth::API_SCOPES + Gitlab::Auth::REPOSITORY_SCOPES + Gitlab::Auth.registry_scopes - [:read_user]) + expect(access_token.scopes).to eq(Gitlab::Auth.resource_bot_scopes) end end context 'when user provides scope explicitly' do - let(:params) { { scopes: Gitlab::Auth::REPOSITORY_SCOPES } } + let_it_be(:params) { { scopes: Gitlab::Auth::REPOSITORY_SCOPES } } it 'overrides the default value' do response = subject @@ -109,7 +109,7 @@ describe Resources::CreateAccessTokenService do end context 'when user provides value' do - let(:params) { { expires_at: Date.today + 1.month } } + let_it_be(:params) { { expires_at: Date.today + 1.month } } it 'overrides the default value' do response = subject @@ -120,7 +120,7 @@ describe Resources::CreateAccessTokenService do end context 'when invalid scope is passed' do - let(:params) { { scopes: [:invalid_scope] } } + let_it_be(:params) { { scopes: [:invalid_scope] } } it 'returns error' do response = subject @@ -145,14 +145,14 @@ describe Resources::CreateAccessTokenService do end context 'when resource is a project' do - let(:resource_type) { 'project' } - let(:resource) { project } + let_it_be(:resource_type) { 'project' } + let_it_be(:resource) { project } it_behaves_like 'fails when user does not have the permission to create a Resource Bot' it_behaves_like 'fails when flag is disabled' context 'user with valid permission' do - before do + before_all do resource.add_maintainer(user) end diff --git a/spec/services/resource_access_tokens/revoke_service_spec.rb b/spec/services/resource_access_tokens/revoke_service_spec.rb new file mode 100644 index 00000000000..3ce82745b9e --- /dev/null +++ b/spec/services/resource_access_tokens/revoke_service_spec.rb @@ -0,0 +1,111 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe ResourceAccessTokens::RevokeService do + subject { described_class.new(user, resource, access_token).execute } + + let_it_be(:user) { create(:user) } + let(:access_token) { create(:personal_access_token, user: resource_bot) } + + describe '#execute' do + # Created shared_examples as it will easy to include specs for group bots in https://gitlab.com/gitlab-org/gitlab/-/issues/214046 + shared_examples 'revokes access token' do + it { expect(subject.success?).to be true } + + it { expect(subject.message).to eq("Revoked access token: #{access_token.name}") } + + it 'revokes token access' do + subject + + expect(access_token.reload.revoked?).to be true + end + + it 'removes membership of bot user' do + subject + + expect(resource.reload.users).not_to include(resource_bot) + end + + it 'transfer issuables of bot user to ghost user' do + issue = create(:issue, author: resource_bot) + + subject + + expect(issue.reload.author.ghost?).to be true + end + end + + shared_examples 'rollback revoke steps' do + it 'does not revoke the access token' do + subject + + expect(access_token.reload.revoked?).to be false + end + + it 'does not remove bot from member list' do + subject + + expect(resource.reload.users).to include(resource_bot) + end + + it 'does not transfer issuables of bot user to ghost user' do + issue = create(:issue, author: resource_bot) + + subject + + expect(issue.reload.author.ghost?).to be false + end + end + + context 'when resource is a project' do + let_it_be(:resource) { create(:project, :private) } + let_it_be(:resource_bot) { create(:user, :project_bot) } + + before_all do + resource.add_maintainer(user) + resource.add_maintainer(resource_bot) + end + + it_behaves_like 'revokes access token' + + context 'when revoke fails' do + context 'invalid resource type' do + subject { described_class.new(user, resource, access_token).execute } + + let_it_be(:resource) { double } + let_it_be(:resource_bot) { create(:user, :project_bot) } + + it 'returns error response' do + response = subject + + expect(response.success?).to be false + expect(response.message).to eq("Failed to find bot user") + end + + it { expect { subject }.not_to change(access_token.reload, :revoked) } + end + + context 'when migration to ghost user fails' do + before do + allow_next_instance_of(::Members::DestroyService) do |service| + allow(service).to receive(:execute).and_return(false) + end + end + + it_behaves_like 'rollback revoke steps' + end + + context 'when migration to ghost user fails' do + before do + allow_next_instance_of(::Users::MigrateToGhostUserService) do |service| + allow(service).to receive(:execute).and_return(false) + end + end + + it_behaves_like 'rollback revoke steps' + end + end + end + end +end |