diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-17 03:08:46 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-17 03:08:46 +0300 |
commit | 88141b43d5d048b9f6e550e37351c514cdcfdb3b (patch) | |
tree | ac06bf6454897dabcabccee01b5ab3ed5ba6d898 /spec | |
parent | fd11748fe8dcb109a1bd0650963383d843ea7bd5 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec')
-rw-r--r-- | spec/requests/api/internal/base_spec.rb | 186 | ||||
-rw-r--r-- | spec/support/shared_examples/features/wiki/user_views_wiki_page_shared_examples.rb | 6 |
2 files changed, 128 insertions, 64 deletions
diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb index b2e676f79a3..10a239e3f7e 100644 --- a/spec/requests/api/internal/base_spec.rb +++ b/spec/requests/api/internal/base_spec.rb @@ -50,43 +50,63 @@ RSpec.describe API::Internal::Base do end end - describe 'GET /internal/two_factor_recovery_codes' do - it 'returns an error message when the key does not exist' do - post api('/internal/two_factor_recovery_codes'), - params: { - secret_token: secret_token, - key_id: non_existing_record_id - } + shared_examples 'actor key validations' do + context 'key id is not provided' do + let(:key_id) { nil } - expect(json_response['success']).to be_falsey - expect(json_response['message']).to eq('Could not find the given key') + it 'returns an error message' do + subject + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq('Could not find a user without a key') + end end - it 'returns an error message when the key is a deploy key' do - deploy_key = create(:deploy_key) + context 'key does not exist' do + let(:key_id) { non_existing_record_id } - post api('/internal/two_factor_recovery_codes'), - params: { - secret_token: secret_token, - key_id: deploy_key.id - } + it 'returns an error message' do + subject - expect(json_response['success']).to be_falsey - expect(json_response['message']).to eq('Deploy keys cannot be used to retrieve recovery codes') + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq('Could not find the given key') + end end - it 'returns an error message when the user does not exist' do - key_without_user = create(:key, user: nil) + context 'key without user' do + let(:key_id) { create(:key, user: nil).id } + + it 'returns an error message' do + subject + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq('Could not find a user for the given key') + end + end + end + describe 'GET /internal/two_factor_recovery_codes' do + let(:key_id) { key.id } + + subject do post api('/internal/two_factor_recovery_codes'), params: { secret_token: secret_token, - key_id: key_without_user.id + key_id: key_id } + end - expect(json_response['success']).to be_falsey - expect(json_response['message']).to eq('Could not find a user for the given key') - expect(json_response['recovery_codes']).to be_nil + it_behaves_like 'actor key validations' + + context 'key is a deploy key' do + let(:key_id) { create(:deploy_key).id } + + it 'returns an error message' do + subject + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq('Deploy keys cannot be used to retrieve recovery codes') + end end context 'when two-factor is enabled' do @@ -95,11 +115,7 @@ RSpec.describe API::Internal::Base do allow_any_instance_of(User) .to receive(:generate_otp_backup_codes!).and_return(%w(119135e5a3ebce8e 34bd7b74adbc8861)) - post api('/internal/two_factor_recovery_codes'), - params: { - secret_token: secret_token, - key_id: key.id - } + subject expect(json_response['success']).to be_truthy expect(json_response['recovery_codes']).to match_array(%w(119135e5a3ebce8e 34bd7b74adbc8861)) @@ -110,11 +126,7 @@ RSpec.describe API::Internal::Base do it 'returns an error message' do allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(false) - post api('/internal/two_factor_recovery_codes'), - params: { - secret_token: secret_token, - key_id: key.id - } + subject expect(json_response['success']).to be_falsey expect(json_response['recovery_codes']).to be_nil @@ -123,42 +135,27 @@ RSpec.describe API::Internal::Base do end describe 'POST /internal/personal_access_token' do - it 'returns an error message when the key does not exist' do - post api('/internal/personal_access_token'), - params: { - secret_token: secret_token, - key_id: non_existing_record_id - } - - expect(json_response['success']).to be_falsey - expect(json_response['message']).to eq('Could not find the given key') - end - - it 'returns an error message when the key is a deploy key' do - deploy_key = create(:deploy_key) + let(:key_id) { key.id } + subject do post api('/internal/personal_access_token'), params: { secret_token: secret_token, - key_id: deploy_key.id + key_id: key_id } - - expect(json_response['success']).to be_falsey - expect(json_response['message']).to eq('Deploy keys cannot be used to create personal access tokens') end - it 'returns an error message when the user does not exist' do - key_without_user = create(:key, user: nil) + it_behaves_like 'actor key validations' - post api('/internal/personal_access_token'), - params: { - secret_token: secret_token, - key_id: key_without_user.id - } + context 'key is a deploy key' do + let(:key_id) { create(:deploy_key).id } - expect(json_response['success']).to be_falsey - expect(json_response['message']).to eq('Could not find a user for the given key') - expect(json_response['token']).to be_nil + it 'returns an error message' do + subject + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq('Deploy keys cannot be used to create personal access tokens') + end end it 'returns an error message when given an non existent user' do @@ -1209,6 +1206,73 @@ RSpec.describe API::Internal::Base do end end + describe 'POST /internal/two_factor_config' do + let(:key_id) { key.id } + + before do + stub_feature_flags(two_factor_for_cli: true) + end + + subject do + post api('/internal/two_factor_config'), + params: { + secret_token: secret_token, + key_id: key_id + } + end + + it_behaves_like 'actor key validations' + + context 'when the key is a deploy key' do + let(:key) { create(:deploy_key) } + + it 'does not required two factor' do + subject + + expect(json_response['success']).to be_truthy + expect(json_response['two_factor_required']).to be_falsey + end + end + + context 'when two-factor is enabled' do + it 'returns user two factor config' do + allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(true) + + subject + + expect(json_response['success']).to be_truthy + expect(json_response['two_factor_required']).to be_truthy + end + end + + context 'when two-factor is not enabled' do + it 'returns an error message' do + allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(false) + + subject + + expect(json_response['success']).to be_truthy + expect(json_response['two_factor_required']).to be_falsey + end + end + + context 'two_factor_for_cli feature is disabled' do + before do + stub_feature_flags(two_factor_for_cli: false) + end + + context 'when two-factor is enabled for the user' do + it 'returns user two factor config' do + allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(true) + + subject + + expect(json_response['success']).to be_falsey + end + end + end + end + def lfs_auth_project(project) post( api("/internal/lfs_authenticate"), diff --git a/spec/support/shared_examples/features/wiki/user_views_wiki_page_shared_examples.rb b/spec/support/shared_examples/features/wiki/user_views_wiki_page_shared_examples.rb index 5e9c6735339..85eedbf4cc5 100644 --- a/spec/support/shared_examples/features/wiki/user_views_wiki_page_shared_examples.rb +++ b/spec/support/shared_examples/features/wiki/user_views_wiki_page_shared_examples.rb @@ -121,7 +121,7 @@ RSpec.shared_examples 'User views a wiki page' do it 'shows the page history' do visit(wiki_page_path(wiki, wiki_page)) - expect(page).to have_selector('a.btn', text: 'Edit') + expect(page).to have_selector('[data-testid="wiki_edit_button"]') click_on('Page history') @@ -133,7 +133,7 @@ RSpec.shared_examples 'User views a wiki page' do it 'does not show the "Edit" button' do visit(wiki_page_path(wiki, wiki_page, version_id: wiki_page.versions.last.id)) - expect(page).not_to have_selector('a.btn', text: 'Edit') + expect(page).not_to have_selector('[data-testid="wiki_edit_button"]') end context 'show the diff' do @@ -250,7 +250,7 @@ RSpec.shared_examples 'User views a wiki page' do end it 'does not show "Edit" button' do - expect(page).not_to have_selector('a.btn', text: 'Edit') + expect(page).not_to have_selector('[data-testid="wiki_edit_button"]') end it 'shows error' do |