diff options
Diffstat (limited to 'spec/services/auth/dependency_proxy_authentication_service_spec.rb')
-rw-r--r-- | spec/services/auth/dependency_proxy_authentication_service_spec.rb | 77 |
1 files changed, 11 insertions, 66 deletions
diff --git a/spec/services/auth/dependency_proxy_authentication_service_spec.rb b/spec/services/auth/dependency_proxy_authentication_service_spec.rb index 04f7e46daa6..3ef9c8fc96e 100644 --- a/spec/services/auth/dependency_proxy_authentication_service_spec.rb +++ b/spec/services/auth/dependency_proxy_authentication_service_spec.rb @@ -4,17 +4,15 @@ require 'spec_helper' RSpec.describe Auth::DependencyProxyAuthenticationService, feature_category: :dependency_proxy do let_it_be(:user) { create(:user) } - let_it_be(:params) { {} } - let_it_be(:authentication_abilities) { nil } - let(:service) { described_class.new(nil, user, params) } + let(:service) { described_class.new(nil, user) } before do - stub_config(dependency_proxy: { enabled: true }, registry: { enabled: true }) + stub_config(dependency_proxy: { enabled: true }) end describe '#execute' do - subject { service.execute(authentication_abilities: authentication_abilities) } + subject { service.execute(authentication_abilities: nil) } shared_examples 'returning' do |status:, message:| it "returns #{message}", :aggregate_failures do @@ -23,23 +21,9 @@ RSpec.describe Auth::DependencyProxyAuthenticationService, feature_category: :de end end - shared_examples 'returning a token with encoded user_id' do - it 'returns a token with encoded user_id' do - token = subject[:token] - expect(token).not_to be_nil - - decoded_token = decode(token) - expect(decoded_token['user_id']).not_to be_nil - end - end - - shared_examples 'returning a token with encoded deploy_token' do - it 'returns a token with encoded deploy_token' do - token = subject[:token] - expect(token).not_to be_nil - - decoded_token = decode(token) - expect(decoded_token['deploy_token']).not_to be_nil + shared_examples 'returning a token' do + it 'returns a token' do + expect(subject[:token]).not_to be_nil end end @@ -57,53 +41,14 @@ RSpec.describe Auth::DependencyProxyAuthenticationService, feature_category: :de it_behaves_like 'returning', status: 403, message: 'access forbidden' end - context 'with a deploy token' do - let_it_be(:deploy_token) { create(:deploy_token, :group, :dependency_proxy_scopes) } - let_it_be(:params) { { deploy_token: deploy_token } } - - it_behaves_like 'returning a token with encoded deploy_token' - end - - context 'with a human user' do - it_behaves_like 'returning a token with encoded user_id' - end - - context 'with a group access token' do - let_it_be(:user) { create(:user, :project_bot) } - let_it_be_with_reload(:token) { create(:personal_access_token, user: user) } + context 'with a deploy token as user' do + let_it_be(:user) { create(:deploy_token, :group, :dependency_proxy_scopes) } - context 'with insufficient authentication abilities' do - it_behaves_like 'returning', status: 403, message: 'access forbidden' - end - - context 'with sufficient authentication abilities' do - let_it_be(:authentication_abilities) { Auth::DependencyProxyAuthenticationService::REQUIRED_ABILITIES } - let_it_be(:params) { { raw_token: token.token } } - - subject { service.execute(authentication_abilities: authentication_abilities) } - - it_behaves_like 'returning a token with encoded user_id' - - context 'revoked' do - before do - token.revoke! - end - - it_behaves_like 'returning', status: 403, message: 'access forbidden' - end - - context 'expired' do - before do - token.update_column(:expires_at, 1.day.ago) - end - - it_behaves_like 'returning', status: 403, message: 'access forbidden' - end - end + it_behaves_like 'returning a token' end - def decode(token) - DependencyProxy::AuthTokenService.new(token).execute + context 'with a user' do + it_behaves_like 'returning a token' end end end |