diff options
Diffstat (limited to 'spec/migrations/remove_scim_token_and_scim_identity_non_root_group_spec.rb')
| -rw-r--r-- | spec/migrations/remove_scim_token_and_scim_identity_non_root_group_spec.rb | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/spec/migrations/remove_scim_token_and_scim_identity_non_root_group_spec.rb b/spec/migrations/remove_scim_token_and_scim_identity_non_root_group_spec.rb new file mode 100644 index 00000000000..31915365c91 --- /dev/null +++ b/spec/migrations/remove_scim_token_and_scim_identity_non_root_group_spec.rb @@ -0,0 +1,58 @@ +# frozen_string_literal: true + +require 'spec_helper' +require_migration! + +RSpec.describe RemoveScimTokenAndScimIdentityNonRootGroup, feature_category: :system_access do + let(:namespaces) { table(:namespaces) } + let(:scim_oauth_access_tokens) { table(:scim_oauth_access_tokens) } + let(:scim_identities) { table(:scim_identities) } + let(:users) { table(:users) } + let(:root_group) do + namespaces.create!(name: 'root_group', path: 'foo', parent_id: nil, type: 'Group') + end + + let(:non_root_group) do + namespaces.create!(name: 'non_root_group', path: 'non_root', parent_id: root_group.id, type: 'Group') + end + + let(:root_group_user) do + users.create!(name: 'Example User', email: 'user@example.com', projects_limit: 0) + end + + let(:non_root_group_user) do + users.create!(username: 'user2', email: 'user2@example.com', projects_limit: 10) + end + + it 'removes scim_oauth_access_tokens that belong to non-root group and related scim_identities' do + scim_oauth_access_token_root_group = scim_oauth_access_tokens.create!( + group_id: root_group.id, + token_encrypted: Gitlab::CryptoHelper.aes256_gcm_encrypt(SecureRandom.hex(50)) + ) + scim_oauth_access_token_non_root_group = scim_oauth_access_tokens.create!( + group_id: non_root_group.id, + token_encrypted: Gitlab::CryptoHelper.aes256_gcm_encrypt(SecureRandom.hex(50)) + ) + + scim_identity_root_group = scim_identities.create!( + group_id: root_group.id, + extern_uid: "12345", + user_id: root_group_user.id, + active: true + ) + + scim_identity_non_root_group = scim_identities.create!( + group_id: non_root_group.id, + extern_uid: "12345", + user_id: non_root_group_user.id, + active: true + ) + + expect { migrate! }.to change { scim_oauth_access_tokens.count }.from(2).to(1) + expect(scim_oauth_access_tokens.find_by_id(scim_oauth_access_token_non_root_group.id)).to be_nil + expect(scim_identities.find_by_id(scim_identity_non_root_group.id)).to be_nil + + expect(scim_oauth_access_tokens.find_by_id(scim_oauth_access_token_root_group.id)).not_to be_nil + expect(scim_identities.find_by_id(scim_identity_root_group.id)).not_to be_nil + end +end |