diff options
author | Imre Farkas <ifarkas@gitlab.com> | 2018-11-08 18:03:56 +0300 |
---|---|---|
committer | Imre Farkas <ifarkas@gitlab.com> | 2018-11-12 14:16:25 +0300 |
commit | f3cd24a9f3f581488d621475e55e3a81bbd9e67c (patch) | |
tree | 66266d4ae8b2864a2e8423f7e8022483c357ccb9 /spec | |
parent | 369631c84195f6b8b26624d5647ae994e64b77e8 (diff) |
Display impersonation token value only after creation
Since we migrated all PersonlAccessTokens to store only its hash in the
DB, the token value can no longer be shown to the user.
Diffstat (limited to 'spec')
4 files changed, 16 insertions, 2 deletions
diff --git a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb index ed08a4c1bf2..f5860d4296b 100644 --- a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb +++ b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb @@ -39,8 +39,10 @@ describe Profiles::PersonalAccessTokensController do let!(:active_personal_access_token) { create(:personal_access_token, user: user) } let!(:inactive_personal_access_token) { create(:personal_access_token, :revoked, user: user) } let!(:impersonation_personal_access_token) { create(:personal_access_token, :impersonation, user: user) } + let(:token_value) { 's3cr3t' } before do + PersonalAccessToken.redis_store!(user.id, token_value) get :index end @@ -56,5 +58,9 @@ describe Profiles::PersonalAccessTokensController do expect(assigns(:active_personal_access_tokens)).not_to include(impersonation_personal_access_token) expect(assigns(:inactive_personal_access_tokens)).not_to include(impersonation_personal_access_token) end + + it "retrieves newly created personal access token value" do + expect(assigns(:new_personal_access_token)).to eql(token_value) + end end end diff --git a/spec/features/admin/admin_users_impersonation_tokens_spec.rb b/spec/features/admin/admin_users_impersonation_tokens_spec.rb index e16eae219a4..c7860bebb06 100644 --- a/spec/features/admin/admin_users_impersonation_tokens_spec.rb +++ b/spec/features/admin/admin_users_impersonation_tokens_spec.rb @@ -12,6 +12,10 @@ describe 'Admin > Users > Impersonation Tokens', :js do find(".settings-message") end + def created_impersonation_token + find("#created-personal-access-token").value + end + before do sign_in(admin) end @@ -39,6 +43,7 @@ describe 'Admin > Users > Impersonation Tokens', :js do expect(active_impersonation_tokens).to have_text('api') expect(active_impersonation_tokens).to have_text('read_user') expect(PersonalAccessTokensFinder.new(impersonation: true).execute.count).to equal(1) + expect(created_impersonation_token).not_to be_empty end end diff --git a/spec/features/profiles/personal_access_tokens_spec.rb b/spec/features/profiles/personal_access_tokens_spec.rb index 8461cd0027c..dee213a11d4 100644 --- a/spec/features/profiles/personal_access_tokens_spec.rb +++ b/spec/features/profiles/personal_access_tokens_spec.rb @@ -43,10 +43,12 @@ describe 'Profile > Personal Access Tokens', :js do check "read_user" click_on "Create personal access token" + expect(active_personal_access_tokens).to have_text(name) expect(active_personal_access_tokens).to have_text('In') expect(active_personal_access_tokens).to have_text('api') expect(active_personal_access_tokens).to have_text('read_user') + expect(created_personal_access_token).not_to be_empty end context "when creation fails" do @@ -57,6 +59,7 @@ describe 'Profile > Personal Access Tokens', :js do expect { click_on "Create personal access token" }.not_to change { PersonalAccessToken.count } expect(page).to have_content("Name cannot be nil") + expect(page).not_to have_selector("#created-personal-access-token") end end end diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index e6d01c9689f..bb913ae0e79 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -2018,11 +2018,11 @@ describe API::Users do expect(json_response['message']).to eq('403 Forbidden') end - it 'returns a personal access token' do + it 'returns an impersonation token' do get api("/users/#{user.id}/impersonation_tokens/#{impersonation_token.id}", admin) expect(response).to have_gitlab_http_status(200) - expect(json_response['token']).to be_present + expect(json_response['token']).not_to be_present expect(json_response['impersonation']).to be_truthy end end |