2 files changed, 38 insertions, 6 deletions

diff --git a/spec/requests/api/graphql/user_spec.rb b/spec/requests/api/graphql/user_spec.rb
index 41ee233dfc5..22ebc1be964 100644
--- a/spec/requests/api/graphql/user_spec.rb
+++ b/spec/requests/api/graphql/user_spec.rb
@@ -113,4 +113,36 @@ RSpec.describe 'User', feature_category: :user_profile do
       end
     end
   end
+
+  describe 'organizations field' do
+    let_it_be(:organization_user) { create(:organization_user, user: current_user) }
+    let_it_be(:organization) { organization_user.organization }
+    let_it_be(:another_organization) { create(:organization) }
+    let_it_be(:another_user) { create(:user) }
+
+    let(:query) do
+      graphql_query_for(
+        :user,
+        { username: current_user.username.to_s.upcase },
+        'organizations { nodes { path } }'
+      )
+    end
+
+    context 'with permission' do
+      it 'returns the relevant organization details' do
+        post_graphql(query, current_user: current_user)
+
+        expect(graphql_data.dig('user', 'organizations', 'nodes').pluck('path'))
+          .to match_array(organization.path)
+      end
+    end
+
+    context 'without permission' do
+      it 'does not return organization details' do
+        post_graphql(query, current_user: another_user)
+
+        expect(graphql_data.dig('user', 'organizations', 'nodes')).to be_nil
+      end
+    end
+  end
 end
diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb
index 966cc2d6d4e..0ac059b5ed3 100644
--- a/spec/requests/jwt_controller_spec.rb
+++ b/spec/requests/jwt_controller_spec.rb
@@ -92,7 +92,7 @@ RSpec.describe JwtController, feature_category: :system_access do
         context 'project with enabled CI' do
           subject! { get '/jwt/auth', params: parameters, headers: headers }
 
-          it { expect(service_class).to have_received(:new).with(project, user, ActionController::Parameters.new(parameters.merge(auth_type: :build)).permit!) }
+          it { expect(service_class).to have_received(:new).with(project, user, ActionController::Parameters.new(parameters.merge(auth_type: :build, raw_token: build.token)).permit!) }
 
           it_behaves_like 'user logging'
         end
@@ -119,7 +119,7 @@ RSpec.describe JwtController, feature_category: :system_access do
               .with(
                 nil,
                 nil,
-                ActionController::Parameters.new(parameters.merge(deploy_token: deploy_token, auth_type: :deploy_token)).permit!
+                ActionController::Parameters.new(parameters.merge(deploy_token: deploy_token, auth_type: :deploy_token, raw_token: deploy_token.token)).permit!
               )
           end
 
@@ -144,7 +144,7 @@ RSpec.describe JwtController, feature_category: :system_access do
               .with(
                 nil,
                 user,
-                ActionController::Parameters.new(parameters.merge(auth_type: :personal_access_token)).permit!
+                ActionController::Parameters.new(parameters.merge(auth_type: :personal_access_token, raw_token: pat.token)).permit!
               )
           end
 
@@ -160,7 +160,7 @@ RSpec.describe JwtController, feature_category: :system_access do
 
         subject! { get '/jwt/auth', params: parameters, headers: headers }
 
-        it { expect(service_class).to have_received(:new).with(nil, user, ActionController::Parameters.new(parameters.merge(auth_type: :gitlab_or_ldap)).permit!) }
+        it { expect(service_class).to have_received(:new).with(nil, user, ActionController::Parameters.new(parameters.merge(auth_type: :gitlab_or_ldap, raw_token: user.password)).permit!) }
 
         it_behaves_like 'rejecting a blocked user'
 
@@ -180,7 +180,7 @@ RSpec.describe JwtController, feature_category: :system_access do
             ActionController::Parameters.new({ service: service_name, scopes: %w[scope1 scope2] }).permit!
           end
 
-          it { expect(service_class).to have_received(:new).with(nil, user, service_parameters.merge(auth_type: :gitlab_or_ldap)) }
+          it { expect(service_class).to have_received(:new).with(nil, user, service_parameters.merge(auth_type: :gitlab_or_ldap, raw_token: user.password)) }
 
           it_behaves_like 'user logging'
         end
@@ -197,7 +197,7 @@ RSpec.describe JwtController, feature_category: :system_access do
             ActionController::Parameters.new({ service: service_name, scopes: %w[scope1 scope2] }).permit!
           end
 
-          it { expect(service_class).to have_received(:new).with(nil, user, service_parameters.merge(auth_type: :gitlab_or_ldap)) }
+          it { expect(service_class).to have_received(:new).with(nil, user, service_parameters.merge(auth_type: :gitlab_or_ldap, raw_token: user.password)) }
         end
 
         context 'when user has 2FA enabled' do