diff options
Diffstat (limited to 'spec/lib/gitlab/auth/auth_finders_spec.rb')
-rw-r--r-- | spec/lib/gitlab/auth/auth_finders_spec.rb | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/spec/lib/gitlab/auth/auth_finders_spec.rb b/spec/lib/gitlab/auth/auth_finders_spec.rb index 1a1e165c50a..b0ec46a3a0e 100644 --- a/spec/lib/gitlab/auth/auth_finders_spec.rb +++ b/spec/lib/gitlab/auth/auth_finders_spec.rb @@ -516,17 +516,23 @@ RSpec.describe Gitlab::Auth::AuthFinders, feature_category: :system_access do set_bearer_token(token_3.token) end - it 'revokes the latest rotated token' do - expect(token_1).not_to be_revoked + context 'with url related to access tokens' do + before do + set_header('SCRIPT_NAME', "/personal_access_tokens/#{token_3.id}/rotate") + end + + it 'revokes the latest rotated token' do + expect(token_1).not_to be_revoked - expect { find_user_from_access_token }.to raise_error(Gitlab::Auth::RevokedError) + expect { find_user_from_access_token }.to raise_error(Gitlab::Auth::RevokedError) - expect(token_1.reload).to be_revoked + expect(token_1.reload).to be_revoked + end end - context 'when the feature flag is disabled' do + context 'with url not related to access tokens' do before do - stub_feature_flags(pat_reuse_detection: false) + set_header('SCRIPT_NAME', '/epics/1') end it 'does not revoke the latest rotated token' do |