diff options
Diffstat (limited to 'spec/requests/jwt_controller_spec.rb')
| -rw-r--r-- | spec/requests/jwt_controller_spec.rb | 55 |
1 files changed, 18 insertions, 37 deletions
diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb index 965bead4068..966cc2d6d4e 100644 --- a/spec/requests/jwt_controller_spec.rb +++ b/spec/requests/jwt_controller_spec.rb @@ -61,7 +61,7 @@ RSpec.describe JwtController, feature_category: :system_access do end end - shared_examples 'container registry authenticator' do + context 'authenticating against container registry' do context 'existing service' do subject! { get '/jwt/auth', params: parameters } @@ -124,7 +124,7 @@ RSpec.describe JwtController, feature_category: :system_access do end it 'does not log a user' do - expect(log_data.keys).not_to include(%w(username user_id)) + expect(log_data.keys).not_to include(%w[username user_id]) end end @@ -177,7 +177,7 @@ RSpec.describe JwtController, feature_category: :system_access do end let(:service_parameters) do - ActionController::Parameters.new({ service: service_name, scopes: %w(scope1 scope2) }).permit! + ActionController::Parameters.new({ service: service_name, scopes: %w[scope1 scope2] }).permit! end it { expect(service_class).to have_received(:new).with(nil, user, service_parameters.merge(auth_type: :gitlab_or_ldap)) } @@ -185,6 +185,21 @@ RSpec.describe JwtController, feature_category: :system_access do it_behaves_like 'user logging' end + context 'when passing a space-delimited list of scopes' do + let(:parameters) do + { + service: service_name, + scope: 'scope1 scope2' + } + end + + let(:service_parameters) do + ActionController::Parameters.new({ service: service_name, scopes: %w[scope1 scope2] }).permit! + end + + it { expect(service_class).to have_received(:new).with(nil, user, service_parameters.merge(auth_type: :gitlab_or_ldap)) } + end + context 'when user has 2FA enabled' do let(:user) { create(:user, :two_factor) } @@ -254,40 +269,6 @@ RSpec.describe JwtController, feature_category: :system_access do end end - shared_examples 'parses a space-delimited list of scopes' do |output| - let(:user) { create(:user) } - let(:headers) { { authorization: credentials(user.username, user.password) } } - - subject! { get '/jwt/auth', params: parameters, headers: headers } - - let(:parameters) do - { - service: service_name, - scope: 'scope1 scope2' - } - end - - let(:service_parameters) do - ActionController::Parameters.new({ service: service_name, scopes: output }).permit! - end - - it { expect(service_class).to have_received(:new).with(nil, user, service_parameters.merge(auth_type: :gitlab_or_ldap)) } - end - - context 'authenticating against container registry' do - it_behaves_like 'container registry authenticator' - it_behaves_like 'parses a space-delimited list of scopes', %w(scope1 scope2) - - context 'when jwt_auth_space_delimited_scopes feature flag is disabled' do - before do - stub_feature_flags(jwt_auth_space_delimited_scopes: false) - end - - it_behaves_like 'container registry authenticator' - it_behaves_like 'parses a space-delimited list of scopes', ['scope1 scope2'] - end - end - context 'authenticating against dependency proxy' do let_it_be(:user) { create(:user) } let_it_be(:personal_access_token) { create(:personal_access_token, user: user) } |