diff options
Diffstat (limited to 'spec/requests/jwt_controller_spec.rb')
-rw-r--r-- | spec/requests/jwt_controller_spec.rb | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb index 69127a7526e..965bead4068 100644 --- a/spec/requests/jwt_controller_spec.rb +++ b/spec/requests/jwt_controller_spec.rb @@ -61,7 +61,7 @@ RSpec.describe JwtController, feature_category: :system_access do end end - context 'authenticating against container registry' do + shared_examples 'container registry authenticator' do context 'existing service' do subject! { get '/jwt/auth', params: parameters } @@ -254,6 +254,40 @@ RSpec.describe JwtController, feature_category: :system_access do end end + shared_examples 'parses a space-delimited list of scopes' do |output| + let(:user) { create(:user) } + let(:headers) { { authorization: credentials(user.username, user.password) } } + + subject! { get '/jwt/auth', params: parameters, headers: headers } + + let(:parameters) do + { + service: service_name, + scope: 'scope1 scope2' + } + end + + let(:service_parameters) do + ActionController::Parameters.new({ service: service_name, scopes: output }).permit! + end + + it { expect(service_class).to have_received(:new).with(nil, user, service_parameters.merge(auth_type: :gitlab_or_ldap)) } + end + + context 'authenticating against container registry' do + it_behaves_like 'container registry authenticator' + it_behaves_like 'parses a space-delimited list of scopes', %w(scope1 scope2) + + context 'when jwt_auth_space_delimited_scopes feature flag is disabled' do + before do + stub_feature_flags(jwt_auth_space_delimited_scopes: false) + end + + it_behaves_like 'container registry authenticator' + it_behaves_like 'parses a space-delimited list of scopes', ['scope1 scope2'] + end + end + context 'authenticating against dependency proxy' do let_it_be(:user) { create(:user) } let_it_be(:personal_access_token) { create(:personal_access_token, user: user) } |