diff options
Diffstat (limited to 'spec/requests/api/npm_project_packages_spec.rb')
-rw-r--r-- | spec/requests/api/npm_project_packages_spec.rb | 38 |
1 files changed, 20 insertions, 18 deletions
diff --git a/spec/requests/api/npm_project_packages_spec.rb b/spec/requests/api/npm_project_packages_spec.rb index e64b5ddc374..10271719a15 100644 --- a/spec/requests/api/npm_project_packages_spec.rb +++ b/spec/requests/api/npm_project_packages_spec.rb @@ -41,6 +41,15 @@ RSpec.describe API::NpmProjectPackages do project.add_developer(user) end + shared_examples 'successfully downloads the file' do + it 'returns the file' do + subject + + expect(response).to have_gitlab_http_status(:ok) + expect(response.media_type).to eq('application/octet-stream') + end + end + shared_examples 'a package file that requires auth' do it 'denies download with no token' do subject @@ -51,35 +60,28 @@ RSpec.describe API::NpmProjectPackages do context 'with access token' do let(:headers) { build_token_auth_header(token.token) } - it 'returns the file' do - subject - - expect(response).to have_gitlab_http_status(:ok) - expect(response.media_type).to eq('application/octet-stream') - end + it_behaves_like 'successfully downloads the file' end context 'with job token' do let(:headers) { build_token_auth_header(job.token) } - it 'returns the file' do - subject - - expect(response).to have_gitlab_http_status(:ok) - expect(response.media_type).to eq('application/octet-stream') - end + it_behaves_like 'successfully downloads the file' end end context 'a public project' do - it 'returns the file with no token needed' do - subject + it_behaves_like 'successfully downloads the file' + it_behaves_like 'a package tracking event', 'API::NpmPackages', 'pull_package' - expect(response).to have_gitlab_http_status(:ok) - expect(response.media_type).to eq('application/octet-stream') - end + context 'with a job token for a different user' do + let_it_be(:other_user) { create(:user) } + let_it_be_with_reload(:other_job) { create(:ci_build, :running, user: other_user) } - it_behaves_like 'a package tracking event', 'API::NpmPackages', 'pull_package' + let(:headers) { build_token_auth_header(other_job.token) } + + it_behaves_like 'successfully downloads the file' + end end context 'private project' do |