diff options
Diffstat (limited to 'spec/lib/gitlab')
-rw-r--r-- | spec/lib/gitlab/auth_spec.rb | 11 | ||||
-rw-r--r-- | spec/lib/gitlab/git_access_spec.rb | 16 |
2 files changed, 6 insertions, 21 deletions
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb index 4ed554f06ec..db517c25ef4 100644 --- a/spec/lib/gitlab/auth_spec.rb +++ b/spec/lib/gitlab/auth_spec.rb @@ -261,7 +261,7 @@ describe Gitlab::Auth do let(:auth_failure) { Gitlab::Auth::Result.new(nil, nil) } context 'when the deploy token has read_repository as scope' do - let(:deploy_token) { create(:deploy_token, :read_repository, project: project) } + let(:deploy_token) { create(:deploy_token, read_registry: false, projects: [project]) } it 'succeeds when project is present, token is valid and has read_repository as scope' do abilities = %i(read_project download_code) @@ -284,13 +284,6 @@ describe Gitlab::Auth do .to eq(auth_failure) end - it 'fails for any other project' do - another_project = create(:project) - expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: '') - expect(gl_auth.find_for_git_client('', deploy_token.token, project: another_project, ip: 'ip')) - .to eq(auth_failure) - end - it 'fails if token has been revoked' do deploy_token.revoke! @@ -302,7 +295,7 @@ describe Gitlab::Auth do end context 'when the deploy token has read_registry as a scope' do - let(:deploy_token) { create(:deploy_token, :read_registry, project: project) } + let(:deploy_token) { create(:deploy_token, read_repository: false, projects: [project]) } context 'when registry enabled' do before do diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb index 928825c21fa..000e9e86813 100644 --- a/spec/lib/gitlab/git_access_spec.rb +++ b/spec/lib/gitlab/git_access_spec.rb @@ -147,25 +147,17 @@ describe Gitlab::GitAccess do end context 'when actor is DeployToken' do - context 'when DeployToken is active and belongs to project' do - let(:actor) { create(:deploy_token, :read_repo, project: project) } + let(:project_deploy_token) { create(:project_deploy_token, project: project) } + let(:actor) { project_deploy_token.deploy_token } + context 'when DeployToken is active and belongs to project' do it 'allows pull access' do expect { pull_access_check }.not_to raise_error end end - context 'when DeployToken has been revoked' do - let(:actor) { create(:deploy_token, :read_repo, project: project) } - - it 'blocks pull access' do - actor.revoke! - expect { pull_access_check }.to raise_not_found - end - end - context 'when DeployToken does not belong to project' do - let(:actor) { create(:deploy_token, :read_repo) } + let(:actor) { create(:deploy_token) } it 'blocks pull access' do expect { pull_access_check }.to raise_not_found |