diff options
Diffstat (limited to 'spec/requests/api/integrations/jira_connect/subscriptions_spec.rb')
-rw-r--r-- | spec/requests/api/integrations/jira_connect/subscriptions_spec.rb | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/spec/requests/api/integrations/jira_connect/subscriptions_spec.rb b/spec/requests/api/integrations/jira_connect/subscriptions_spec.rb new file mode 100644 index 00000000000..86f8992a624 --- /dev/null +++ b/spec/requests/api/integrations/jira_connect/subscriptions_spec.rb @@ -0,0 +1,86 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe API::Integrations::JiraConnect::Subscriptions do + describe 'POST /integrations/jira_connect/subscriptions' do + subject(:post_subscriptions) { post api('/integrations/jira_connect/subscriptions') } + + it 'returns 401' do + post_subscriptions + + expect(response).to have_gitlab_http_status(:unauthorized) + end + + context 'with user token' do + let(:group) { create(:group) } + let(:user) { create(:user) } + + subject(:post_subscriptions) do + post api('/integrations/jira_connect/subscriptions', user), params: { jwt: jwt, namespace_path: group.path } + end + + context 'with feature flag disabled' do + before do + stub_feature_flags(jira_connect_oauth: false) + end + + let(:jwt) { '123' } + + it 'returns 404' do + post_subscriptions + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'with invalid JWT' do + let(:jwt) { '123' } + + it 'returns 401' do + post_subscriptions + + expect(response).to have_gitlab_http_status(:unauthorized) + end + end + + context 'with valid JWT' do + let_it_be(:installation) { create(:jira_connect_installation) } + let_it_be(:user) { create(:user) } + + let(:claims) { { iss: installation.client_key, qsh: 'context-qsh', sub: 1234 } } + let(:jwt) { Atlassian::Jwt.encode(claims, installation.shared_secret) } + let(:jira_user) { { 'groups' => { 'items' => [{ 'name' => jira_group_name }] } } } + let(:jira_group_name) { 'site-admins' } + + before do + WebMock + .stub_request(:get, "#{installation.base_url}/rest/api/3/user?accountId=1234&expand=groups") + .to_return(body: jira_user.to_json, status: 200, headers: { 'Content-Type' => 'application/json' }) + end + + it 'returns 401 if the user does not have access to the group' do + post_subscriptions + + expect(response).to have_gitlab_http_status(:unauthorized) + end + + context 'user has access to the group' do + before do + group.add_maintainer(user) + end + + it 'creates a subscription' do + expect { post_subscriptions }.to change { installation.subscriptions.count }.from(0).to(1) + end + + it 'returns 201' do + post_subscriptions + + expect(response).to have_gitlab_http_status(:created) + end + end + end + end + end +end |