diff options
Diffstat (limited to 'spec/lib/gitlab/auth/request_authenticator_spec.rb')
-rw-r--r-- | spec/lib/gitlab/auth/request_authenticator_spec.rb | 56 |
1 files changed, 50 insertions, 6 deletions
diff --git a/spec/lib/gitlab/auth/request_authenticator_spec.rb b/spec/lib/gitlab/auth/request_authenticator_spec.rb index b89ceb37076..ef6b1d72712 100644 --- a/spec/lib/gitlab/auth/request_authenticator_spec.rb +++ b/spec/lib/gitlab/auth/request_authenticator_spec.rb @@ -50,13 +50,13 @@ RSpec.describe Gitlab::Auth::RequestAuthenticator do allow_any_instance_of(described_class).to receive(:find_user_from_web_access_token).and_return(access_token_user) allow_any_instance_of(described_class).to receive(:find_user_from_feed_token).and_return(feed_token_user) - expect(subject.find_sessionless_user([:api])).to eq access_token_user + expect(subject.find_sessionless_user(:api)).to eq access_token_user end it 'returns feed_token user if no access_token user found' do allow_any_instance_of(described_class).to receive(:find_user_from_feed_token).and_return(feed_token_user) - expect(subject.find_sessionless_user([:api])).to eq feed_token_user + expect(subject.find_sessionless_user(:api)).to eq feed_token_user end it 'returns static_object_token user if no feed_token user found' do @@ -64,7 +64,7 @@ RSpec.describe Gitlab::Auth::RequestAuthenticator do .to receive(:find_user_from_static_object_token) .and_return(static_object_token_user) - expect(subject.find_sessionless_user([:api])).to eq static_object_token_user + expect(subject.find_sessionless_user(:api)).to eq static_object_token_user end it 'returns job_token user if no static_object_token user found' do @@ -72,17 +72,61 @@ RSpec.describe Gitlab::Auth::RequestAuthenticator do .to receive(:find_user_from_job_token) .and_return(job_token_user) - expect(subject.find_sessionless_user([:api])).to eq job_token_user + expect(subject.find_sessionless_user(:api)).to eq job_token_user end it 'returns nil if no user found' do - expect(subject.find_sessionless_user([:api])).to be_blank + expect(subject.find_sessionless_user(:api)).to be_blank end it 'rescue Gitlab::Auth::AuthenticationError exceptions' do allow_any_instance_of(described_class).to receive(:find_user_from_web_access_token).and_raise(Gitlab::Auth::UnauthorizedError) - expect(subject.find_sessionless_user([:api])).to be_blank + expect(subject.find_sessionless_user(:api)).to be_blank + end + end + + describe '#find_personal_access_token_from_http_basic_auth' do + let_it_be(:personal_access_token) { create(:personal_access_token) } + let_it_be(:user) { personal_access_token.user } + + before do + allow(subject).to receive(:has_basic_credentials?).and_return(true) + allow(subject).to receive(:user_name_and_password).and_return([user.username, personal_access_token.token]) + end + + context 'with API requests' do + before do + env['SCRIPT_NAME'] = '/api/endpoint' + end + + it 'tries to find the user' do + expect(subject.user([:api])).to eq user + end + + it 'returns nil if the token is revoked' do + personal_access_token.revoke! + + expect(subject.user([:api])).to be_blank + end + + it 'returns nil if the token does not have API scope' do + personal_access_token.update!(scopes: ['read_registry']) + + expect(subject.user([:api])).to be_blank + end + end + + context 'without API requests' do + before do + env['SCRIPT_NAME'] = '/web/endpoint' + end + + it 'does not search for job users' do + expect(PersonalAccessToken).not_to receive(:find_by_token) + + expect(subject.user([:api])).to be_nil + end end end |