1 files changed, 48 insertions, 0 deletions

diff --git a/spec/requests/api/personal_access_tokens_spec.rb b/spec/requests/api/personal_access_tokens_spec.rb
index 0ff2c46e693..01f69f0aae2 100644
--- a/spec/requests/api/personal_access_tokens_spec.rb
+++ b/spec/requests/api/personal_access_tokens_spec.rb
@@ -73,6 +73,54 @@ RSpec.describe API::PersonalAccessTokens do
     end
   end
 
+  describe 'DELETE /personal_access_tokens/self' do
+    let(:path) { '/personal_access_tokens/self' }
+    let(:token) { create(:personal_access_token, user: current_user) }
+
+    subject { delete api(path, current_user, personal_access_token: token) }
+
+    shared_examples 'revoking token succeeds' do
+      it 'revokes token' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:no_content)
+        expect(token.reload).to be_revoked
+      end
+    end
+
+    shared_examples 'revoking token denied' do |status|
+      it 'cannot revoke token' do
+        subject
+
+        expect(response).to have_gitlab_http_status(status)
+      end
+    end
+
+    context 'when current_user is an administrator', :enable_admin_mode do
+      let(:current_user) { create(:admin) }
+
+      it_behaves_like 'revoking token succeeds'
+    end
+
+    context 'when current_user is not an administrator' do
+      let(:current_user) { create(:user) }
+
+      it_behaves_like 'revoking token succeeds'
+
+      context 'with impersonated token' do
+        let(:token) { create(:personal_access_token, :impersonation, user: current_user) }
+
+        it_behaves_like 'revoking token denied', :bad_request
+      end
+
+      context 'with already revoked token' do
+        let(:token) { create(:personal_access_token, :revoked, user: current_user) }
+
+        it_behaves_like 'revoking token denied', :unauthorized
+      end
+    end
+  end
+
   describe 'DELETE /personal_access_tokens/:id' do
     let(:path) { "/personal_access_tokens/#{token1.id}" }