Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/auth_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/lib/gitlab/auth_spec.rb')
-rw-r--r--spec/lib/gitlab/auth_spec.rb49
1 files changed, 32 insertions, 17 deletions
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb
index 611c70d73a1..706344831b8 100644
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -10,29 +10,29 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
describe 'constants' do
it 'API_SCOPES contains all scopes for API access' do
- expect(subject::API_SCOPES).to eq %i[api read_user read_api]
+ expect(subject::API_SCOPES).to match_array %i[api read_user read_api]
end
it 'ADMIN_SCOPES contains all scopes for ADMIN access' do
- expect(subject::ADMIN_SCOPES).to eq %i[sudo]
+ expect(subject::ADMIN_SCOPES).to match_array %i[sudo]
end
it 'REPOSITORY_SCOPES contains all scopes for REPOSITORY access' do
- expect(subject::REPOSITORY_SCOPES).to eq %i[read_repository write_repository]
+ expect(subject::REPOSITORY_SCOPES).to match_array %i[read_repository write_repository]
end
it 'OPENID_SCOPES contains all scopes for OpenID Connect' do
- expect(subject::OPENID_SCOPES).to eq [:openid]
+ expect(subject::OPENID_SCOPES).to match_array [:openid]
end
it 'DEFAULT_SCOPES contains all default scopes' do
- expect(subject::DEFAULT_SCOPES).to eq [:api]
+ expect(subject::DEFAULT_SCOPES).to match_array [:api]
end
it 'optional_scopes contains all non-default scopes' do
stub_container_registry_config(enabled: true)
- expect(subject.optional_scopes).to eq %i[read_user read_api read_repository write_repository read_registry write_registry sudo openid profile email]
+ expect(subject.optional_scopes).to match_array %i[read_user read_api read_repository write_repository read_registry write_registry sudo openid profile email]
end
end
@@ -40,21 +40,21 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
it 'contains all non-default scopes' do
stub_container_registry_config(enabled: true)
- expect(subject.all_available_scopes).to eq %i[api read_user read_api read_repository write_repository read_registry write_registry sudo]
+ expect(subject.all_available_scopes).to match_array %i[api read_user read_api read_repository write_repository read_registry write_registry sudo]
end
it 'contains for non-admin user all non-default scopes without ADMIN access' do
stub_container_registry_config(enabled: true)
user = create(:user, admin: false)
- expect(subject.available_scopes_for(user)).to eq %i[api read_user read_api read_repository write_repository read_registry write_registry]
+ expect(subject.available_scopes_for(user)).to match_array %i[api read_user read_api read_repository write_repository read_registry write_registry]
end
it 'contains for admin user all non-default scopes with ADMIN access' do
stub_container_registry_config(enabled: true)
user = create(:user, admin: true)
- expect(subject.available_scopes_for(user)).to eq %i[api read_user read_api read_repository write_repository read_registry write_registry sudo]
+ expect(subject.available_scopes_for(user)).to match_array %i[api read_user read_api read_repository write_repository read_registry write_registry sudo]
end
context 'registry_scopes' do
@@ -156,21 +156,36 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
let(:username) { 'gitlab-ci-token' }
context 'for running build' do
- let!(:build) { create(:ci_build, :running) }
- let(:project) { build.project }
+ let!(:group) { create(:group) }
+ let!(:project) { create(:project, group: group) }
+ let!(:build) { create(:ci_build, :running, project: project) }
it 'recognises user-less build' do
expect(subject).to have_attributes(actor: nil, project: build.project, type: :ci, authentication_abilities: described_class.build_authentication_abilities)
end
it 'recognises user token' do
- build.update(user: create(:user))
+ build.update!(user: create(:user))
+
+ expect(subject).to have_attributes(actor: build.user, project: build.project, type: :build, authentication_abilities: described_class.build_authentication_abilities)
+ end
+
+ it 'recognises project level bot access token' do
+ build.update!(user: create(:user, :project_bot))
+ project.add_maintainer(build.user)
+
+ expect(subject).to have_attributes(actor: build.user, project: build.project, type: :build, authentication_abilities: described_class.build_authentication_abilities)
+ end
+
+ it 'recognises group level bot access token' do
+ build.update!(user: create(:user, :project_bot))
+ group.add_maintainer(build.user)
expect(subject).to have_attributes(actor: build.user, project: build.project, type: :build, authentication_abilities: described_class.build_authentication_abilities)
end
it 'fails with blocked user token' do
- build.update(user: create(:user, :blocked))
+ build.update!(user: create(:user, :blocked))
expect(subject).to have_attributes(auth_failure)
end
@@ -198,7 +213,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
it 'recognizes other ci services' do
project.create_drone_ci_integration(active: true)
- project.drone_ci_integration.update(token: 'token')
+ project.drone_ci_integration.update!(token: 'token', drone_url: generate(:url))
expect(gl_auth.find_for_git_client('drone-ci-token', 'token', project: project, ip: 'ip')).to have_attributes(actor: nil, project: project, type: :ci, authentication_abilities: described_class.build_authentication_abilities)
end
@@ -311,7 +326,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
context 'orphaned token' do
before do
- user.destroy
+ user.destroy!
end
it_behaves_like 'an oauth failure'
@@ -888,7 +903,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
it 'resets failed_attempts when true and password is correct' do
user.failed_attempts = 2
- user.save
+ user.save!
expect do
gl_auth.find_with_user_password(username, password, increment_failed_attempts: true)
@@ -917,7 +932,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
it 'does not reset failed_attempts when true and password is correct' do
user.failed_attempts = 2
- user.save
+ user.save!
expect do
gl_auth.find_with_user_password(username, password, increment_failed_attempts: true)
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 04:43:23 +0300