diff options
Diffstat (limited to 'spec/requests/api/internal/base_spec.rb')
-rw-r--r-- | spec/requests/api/internal/base_spec.rb | 98 |
1 files changed, 65 insertions, 33 deletions
diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb index ca32271f573..6414b1efe6a 100644 --- a/spec/requests/api/internal/base_spec.rb +++ b/spec/requests/api/internal/base_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe API::Internal::Base, feature_category: :authentication_and_authorization do +RSpec.describe API::Internal::Base, feature_category: :system_access do include GitlabShellHelpers include APIInternalBaseHelpers @@ -10,6 +10,9 @@ RSpec.describe API::Internal::Base, feature_category: :authentication_and_author let_it_be(:project, reload: true) { create(:project, :repository, :wiki_repo) } let_it_be(:personal_snippet) { create(:personal_snippet, :repository, author: user) } let_it_be(:project_snippet) { create(:project_snippet, :repository, author: user, project: project) } + let_it_be(:max_pat_access_token_lifetime) do + PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now.to_date.freeze + end let(:key) { create(:key, user: user) } let(:secret_token) { Gitlab::Shell.secret_token } @@ -194,39 +197,68 @@ RSpec.describe API::Internal::Base, feature_category: :authentication_and_author expect(json_response['message']).to match(/\AInvalid scope: 'badscope'. Valid scopes are: /) end - it 'returns a token without expiry when the expires_at parameter is missing' do - token_size = (PersonalAccessToken.token_prefix || '').size + 20 + it 'returns a token with expiry when it receives a valid expires_at parameter' do + freeze_time do + token_size = (PersonalAccessToken.token_prefix || '').size + 20 + + post api('/internal/personal_access_token'), + params: { + key_id: key.id, + name: 'newtoken', + scopes: %w(read_api read_repository), + expires_at: max_pat_access_token_lifetime + }, + headers: gitlab_shell_internal_api_request_header - post api('/internal/personal_access_token'), - params: { - key_id: key.id, - name: 'newtoken', - scopes: %w(read_api read_repository) - }, - headers: gitlab_shell_internal_api_request_header + expect(json_response['success']).to be_truthy + expect(json_response['token']).to match(/\A\S{#{token_size}}\z/) + expect(json_response['scopes']).to match_array(%w(read_api read_repository)) + expect(json_response['expires_at']).to eq(max_pat_access_token_lifetime.iso8601) + end + end - expect(json_response['success']).to be_truthy - expect(json_response['token']).to match(/\A\S{#{token_size}}\z/) - expect(json_response['scopes']).to match_array(%w(read_api read_repository)) - expect(json_response['expires_at']).to be_nil + context 'when default_pat_expiration feature flag is true' do + it 'returns token with expiry as PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do + freeze_time do + token_size = (PersonalAccessToken.token_prefix || '').size + 20 + + post api('/internal/personal_access_token'), + params: { + key_id: key.id, + name: 'newtoken', + scopes: %w(read_api read_repository) + }, + headers: gitlab_shell_internal_api_request_header + + expect(json_response['success']).to be_truthy + expect(json_response['token']).to match(/\A\S{#{token_size}}\z/) + expect(json_response['scopes']).to match_array(%w(read_api read_repository)) + expect(json_response['expires_at']).to eq(max_pat_access_token_lifetime.iso8601) + end + end end - it 'returns a token with expiry when it receives a valid expires_at parameter' do - token_size = (PersonalAccessToken.token_prefix || '').size + 20 + context 'when default_pat_expiration feature flag is false' do + before do + stub_feature_flags(default_pat_expiration: false) + end - post api('/internal/personal_access_token'), - params: { - key_id: key.id, - name: 'newtoken', - scopes: %w(read_api read_repository), - expires_at: '9001-11-17' - }, - headers: gitlab_shell_internal_api_request_header + it 'uses nil expiration value' do + token_size = (PersonalAccessToken.token_prefix || '').size + 20 + + post api('/internal/personal_access_token'), + params: { + key_id: key.id, + name: 'newtoken', + scopes: %w(read_api read_repository) + }, + headers: gitlab_shell_internal_api_request_header - expect(json_response['success']).to be_truthy - expect(json_response['token']).to match(/\A\S{#{token_size}}\z/) - expect(json_response['scopes']).to match_array(%w(read_api read_repository)) - expect(json_response['expires_at']).to eq('9001-11-17') + expect(json_response['success']).to be_truthy + expect(json_response['token']).to match(/\A\S{#{token_size}}\z/) + expect(json_response['scopes']).to match_array(%w(read_api read_repository)) + expect(json_response['expires_at']).to be_nil + end end end @@ -514,7 +546,7 @@ RSpec.describe API::Internal::Base, feature_category: :authentication_and_author expect(json_response["gl_repository"]).to eq("wiki-#{project.id}") expect(json_response["gl_key_type"]).to eq("key") expect(json_response["gl_key_id"]).to eq(key.id) - expect(user.reload.last_activity_on).to be_nil + expect(user.reload.last_activity_on).to eql(Date.today) end it_behaves_like 'sets hook env' do @@ -553,7 +585,7 @@ RSpec.describe API::Internal::Base, feature_category: :authentication_and_author expect(json_response["status"]).to be_truthy expect(json_response["gl_project_path"]).to eq(personal_snippet.repository.full_path) expect(json_response["gl_repository"]).to eq("snippet-#{personal_snippet.id}") - expect(user.reload.last_activity_on).to be_nil + expect(user.reload.last_activity_on).to eql(Date.today) end it_behaves_like 'sets hook env' do @@ -585,7 +617,7 @@ RSpec.describe API::Internal::Base, feature_category: :authentication_and_author expect(json_response["status"]).to be_truthy expect(json_response["gl_project_path"]).to eq(project_snippet.repository.full_path) expect(json_response["gl_repository"]).to eq("snippet-#{project_snippet.id}") - expect(user.reload.last_activity_on).to be_nil + expect(user.reload.last_activity_on).to eql(Date.today) end it_behaves_like 'sets hook env' do @@ -703,7 +735,7 @@ RSpec.describe API::Internal::Base, feature_category: :authentication_and_author expect(json_response["gitaly"]["repository"]["relative_path"]).to eq(project.repository.gitaly_repository.relative_path) expect(json_response["gitaly"]["address"]).to eq(Gitlab::GitalyClient.address(project.repository_storage)) expect(json_response["gitaly"]["token"]).to eq(Gitlab::GitalyClient.token(project.repository_storage)) - expect(user.reload.last_activity_on).to be_nil + expect(user.reload.last_activity_on).to eql(Date.today) end it_behaves_like 'rate limited request' do @@ -862,7 +894,7 @@ RSpec.describe API::Internal::Base, feature_category: :authentication_and_author expect(json_response['status']).to be_truthy expect(json_response['payload']).to eql(payload) expect(json_response['gl_console_messages']).to eql(console_messages) - expect(user.reload.last_activity_on).to be_nil + expect(user.reload.last_activity_on).to eql(Date.today) end end end |