Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec
diff options
context:
space:
mode:
Diffstat (limited to 'spec')
-rw-r--r--spec/factories/deploy_tokens.rb12
-rw-r--r--spec/factories/project_deploy_tokens.rb6
-rw-r--r--spec/features/projects/settings/repository_settings_spec.rb14
-rw-r--r--spec/lib/gitlab/auth_spec.rb11
-rw-r--r--spec/lib/gitlab/git_access_spec.rb16
-rw-r--r--spec/models/deploy_token_spec.rb50
-rw-r--r--spec/models/project_deploy_token_spec.rb15
-rw-r--r--spec/models/project_spec.rb2
-rw-r--r--spec/policies/deploy_token_policy_spec.rb2
-rw-r--r--spec/presenters/projects/settings/deploy_tokens_presenter_spec.rb18
-rw-r--r--spec/services/auth/container_registry_authentication_service_spec.rb1
-rw-r--r--spec/services/deploy_tokens/create_service_spec.rb30
12 files changed, 97 insertions, 80 deletions
diff --git a/spec/factories/deploy_tokens.rb b/spec/factories/deploy_tokens.rb
index 7cce55a3e14..5fea4a9d5a6 100644
--- a/spec/factories/deploy_tokens.rb
+++ b/spec/factories/deploy_tokens.rb
@@ -1,22 +1,14 @@
FactoryBot.define do
factory :deploy_token do
- project
token { SecureRandom.hex(50) }
sequence(:name) { |n| "PDT #{n}" }
+ read_repository true
+ read_registry true
revoked false
expires_at { 5.days.from_now }
- scopes %w(read_repository read_registry)
trait :revoked do
revoked true
end
-
- trait :read_repository do
- scopes ['read_repository']
- end
-
- trait :read_registry do
- scopes ['read_registry']
- end
end
end
diff --git a/spec/factories/project_deploy_tokens.rb b/spec/factories/project_deploy_tokens.rb
new file mode 100644
index 00000000000..4866cb58d88
--- /dev/null
+++ b/spec/factories/project_deploy_tokens.rb
@@ -0,0 +1,6 @@
+FactoryBot.define do
+ factory :project_deploy_token do
+ project
+ deploy_token
+ end
+end
diff --git a/spec/features/projects/settings/repository_settings_spec.rb b/spec/features/projects/settings/repository_settings_spec.rb
index f0997b6809d..7887178a3ed 100644
--- a/spec/features/projects/settings/repository_settings_spec.rb
+++ b/spec/features/projects/settings/repository_settings_spec.rb
@@ -90,25 +90,26 @@ feature 'Repository settings' do
end
context 'Deploy tokens' do
- let(:deploy_token) { create(:deploy_token, project: project) }
+ let(:deploy_token_project) { create(:project_deploy_token, project: project) }
+ let!(:deploy_token) { deploy_token_project.deploy_token }
before do
- project.deploy_tokens << deploy_token
visit project_settings_repository_path(project)
end
scenario 'view deploy tokens' do
within('.deploy-tokens') do
expect(page).to have_content(deploy_token.name)
- expect(page).to have_content(deploy_token.scopes.join(", "))
+ expect(page).to have_content('read_repository')
+ expect(page).to have_content('read_registry')
end
end
scenario 'add a new deploy token' do
fill_in 'deploy_token_name', with: 'new_deploy_key'
fill_in 'deploy_token_expires_at', with: (Date.today + 1.month).to_s
- check 'deploy_token_scopes_read_repo'
- check 'deploy_token_scopes_read_registry'
+ check 'deploy_token_read_repository'
+ check 'deploy_token_read_registry'
click_button 'Create deploy token'
expect(page).to have_content('Your new project deploy token has been created')
@@ -120,7 +121,8 @@ feature 'Repository settings' do
click_link "Revoke #{deploy_token.name}"
expect(page).not_to have_content(deploy_token.name)
- expect(page).not_to have_content(deploy_token.scopes.join(", "))
+ expect(page).not_to have_content('read_repository')
+ expect(page).not_to have_content('read_registry')
end
end
end
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb
index 4ed554f06ec..db517c25ef4 100644
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -261,7 +261,7 @@ describe Gitlab::Auth do
let(:auth_failure) { Gitlab::Auth::Result.new(nil, nil) }
context 'when the deploy token has read_repository as scope' do
- let(:deploy_token) { create(:deploy_token, :read_repository, project: project) }
+ let(:deploy_token) { create(:deploy_token, read_registry: false, projects: [project]) }
it 'succeeds when project is present, token is valid and has read_repository as scope' do
abilities = %i(read_project download_code)
@@ -284,13 +284,6 @@ describe Gitlab::Auth do
.to eq(auth_failure)
end
- it 'fails for any other project' do
- another_project = create(:project)
- expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: '')
- expect(gl_auth.find_for_git_client('', deploy_token.token, project: another_project, ip: 'ip'))
- .to eq(auth_failure)
- end
-
it 'fails if token has been revoked' do
deploy_token.revoke!
@@ -302,7 +295,7 @@ describe Gitlab::Auth do
end
context 'when the deploy token has read_registry as a scope' do
- let(:deploy_token) { create(:deploy_token, :read_registry, project: project) }
+ let(:deploy_token) { create(:deploy_token, read_repository: false, projects: [project]) }
context 'when registry enabled' do
before do
diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb
index 928825c21fa..000e9e86813 100644
--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -147,25 +147,17 @@ describe Gitlab::GitAccess do
end
context 'when actor is DeployToken' do
- context 'when DeployToken is active and belongs to project' do
- let(:actor) { create(:deploy_token, :read_repo, project: project) }
+ let(:project_deploy_token) { create(:project_deploy_token, project: project) }
+ let(:actor) { project_deploy_token.deploy_token }
+ context 'when DeployToken is active and belongs to project' do
it 'allows pull access' do
expect { pull_access_check }.not_to raise_error
end
end
- context 'when DeployToken has been revoked' do
- let(:actor) { create(:deploy_token, :read_repo, project: project) }
-
- it 'blocks pull access' do
- actor.revoke!
- expect { pull_access_check }.to raise_not_found
- end
- end
-
context 'when DeployToken does not belong to project' do
- let(:actor) { create(:deploy_token, :read_repo) }
+ let(:actor) { create(:deploy_token) }
it 'blocks pull access' do
expect { pull_access_check }.to raise_not_found
diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb
index 50f6f441a58..395c97f13a5 100644
--- a/spec/models/deploy_token_spec.rb
+++ b/spec/models/deploy_token_spec.rb
@@ -1,28 +1,49 @@
require 'spec_helper'
describe DeployToken do
- let(:deploy_token) { create(:deploy_token) }
+ subject(:deploy_token) { create(:deploy_token) }
- it { is_expected.to belong_to :project }
- it { is_expected.to validate_presence_of :project }
+ it { is_expected.to have_many :project_deploy_tokens }
+ it { is_expected.to have_many(:projects).through(:project_deploy_tokens) }
- describe 'validations' do
- context 'with no scopes defined' do
- it 'should not be valid' do
- deploy_token.scopes = []
+ describe '#ensure_token' do
+ it 'should ensure a token' do
+ deploy_token.token = nil
+ deploy_token.save
+
+ expect(deploy_token.token).not_to be_empty
+ end
+ end
+
+ describe '#ensure_at_least_one_scope' do
+ context 'with at least one scope' do
+ it 'should be valid' do
+ is_expected.to be_valid
+ end
+ end
+
+ context 'with no scopes' do
+ it 'should be invalid' do
+ deploy_token = build(:deploy_token, read_repository: false, read_registry: false)
expect(deploy_token).not_to be_valid
- expect(deploy_token.errors[:scopes].first).to eq("can't be blank")
+ expect(deploy_token.errors[:base].first).to eq("Scopes can't be blank")
end
end
end
- describe '#ensure_token' do
- it 'should ensure a token' do
- deploy_token.token = nil
- deploy_token.save
+ describe '#scopes' do
+ context 'with all the scopes' do
+ it 'should return scopes assigned to DeployToken' do
+ expect(deploy_token.scopes).to eq([:read_repository, :read_registry])
+ end
+ end
- expect(deploy_token.token).not_to be_empty
+ context 'with only one scope' do
+ it 'should return scopes assigned to DeployToken' do
+ deploy_token = create(:deploy_token, read_registry: false)
+ expect(deploy_token.scopes).to eq([:read_repository])
+ end
end
end
@@ -50,8 +71,7 @@ describe DeployToken do
describe '#username' do
it 'returns Ghost username' do
- ghost = User.ghost
- expect(deploy_token.username).to eq(ghost.username)
+ expect(deploy_token.username).to eq("gitlab+deploy-token-#{deploy_token.id}")
end
end
end
diff --git a/spec/models/project_deploy_token_spec.rb b/spec/models/project_deploy_token_spec.rb
new file mode 100644
index 00000000000..ccaed23f11a
--- /dev/null
+++ b/spec/models/project_deploy_token_spec.rb
@@ -0,0 +1,15 @@
+require 'rails_helper'
+
+RSpec.describe ProjectDeployToken, type: :model do
+ let(:project) { create(:project) }
+ let(:deploy_token) { create(:deploy_token) }
+ subject(:project_deploy_token) { create(:project_deploy_token, project: project, deploy_token: deploy_token) }
+
+ it { is_expected.to belong_to :project }
+ it { is_expected.to belong_to :deploy_token }
+ it { is_expected.to accept_nested_attributes_for :deploy_token }
+
+ it { is_expected.to validate_presence_of :deploy_token }
+ it { is_expected.to validate_presence_of :project }
+ it { is_expected.to validate_uniqueness_of(:deploy_token_id).scoped_to(:project_id) }
+end
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index 7007f78e702..2675c2f52c1 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -84,6 +84,8 @@ describe Project do
it { is_expected.to have_many(:custom_attributes).class_name('ProjectCustomAttribute') }
it { is_expected.to have_many(:project_badges).class_name('ProjectBadge') }
it { is_expected.to have_many(:lfs_file_locks) }
+ it { is_expected.to have_many(:project_deploy_tokens) }
+ it { is_expected.to have_many(:deploy_tokens).through(:project_deploy_tokens) }
context 'after initialized' do
it "has a project_feature" do
diff --git a/spec/policies/deploy_token_policy_spec.rb b/spec/policies/deploy_token_policy_spec.rb
index cbb5fb815a1..f6d8d19aac9 100644
--- a/spec/policies/deploy_token_policy_spec.rb
+++ b/spec/policies/deploy_token_policy_spec.rb
@@ -15,7 +15,7 @@ describe DeployTokenPolicy do
it { is_expected.to be_allowed(:create_deploy_token) }
end
-
+
context 'when user is not master' do
before do
project.add_developer(current_user)
diff --git a/spec/presenters/projects/settings/deploy_tokens_presenter_spec.rb b/spec/presenters/projects/settings/deploy_tokens_presenter_spec.rb
index 7bfe074ad30..f52bd46074d 100644
--- a/spec/presenters/projects/settings/deploy_tokens_presenter_spec.rb
+++ b/spec/presenters/projects/settings/deploy_tokens_presenter_spec.rb
@@ -3,25 +3,11 @@ require 'spec_helper'
describe Projects::Settings::DeployTokensPresenter do
let(:user) { create(:user) }
let(:project) { create(:project) }
- let(:deploy_tokens) { create_list(:deploy_token, 3, project: project) }
+ let!(:project_deploy_tokens) { create_list(:project_deploy_token, 3, project: project) }
+ let(:deploy_tokens) { project.deploy_tokens }
subject(:presenter) { described_class.new(deploy_tokens, current_user: user, project: project) }
- describe '#available_scopes' do
- it 'returns the all the deploy token scopes' do
- expect(presenter.available_scopes).to match_array(%w(read_repository read_registry))
- end
- end
-
- describe '#scope_description' do
- let(:deploy_token) { create(:deploy_token, project: project, scopes: [:read_registry]) }
-
- it 'returns the description for a given scope' do
- description = 'Allows read-only access to the registry images'
- expect(presenter.scope_description('read_registry')).to eq(description)
- end
- end
-
describe '#length' do
it 'returns the size of deploy tokens presented' do
expect(presenter.length).to eq(3)
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
index 290eeae828e..0949ec24c50 100644
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -558,6 +558,7 @@ describe Auth::ContainerRegistryAuthenticationService do
let(:project) { create(:project, :public) }
context 'when pulling and pushing' do
+ let(:current_user) { create(:deploy_token, projects: [project]) }
let(:current_params) do
{ scope: "repository:#{project.full_path}:pull,push" }
end
diff --git a/spec/services/deploy_tokens/create_service_spec.rb b/spec/services/deploy_tokens/create_service_spec.rb
index df18213cf84..4830f17faa8 100644
--- a/spec/services/deploy_tokens/create_service_spec.rb
+++ b/spec/services/deploy_tokens/create_service_spec.rb
@@ -13,42 +13,50 @@ describe DeployTokens::CreateService, :clean_gitlab_redis_shared_state do
expect { subject }.to change { DeployToken.count }.by(1)
end
- it 'returns a DeployToken' do
- expect(subject).to be_an_instance_of DeployToken
+ it 'should create a new ProjectDeployToken' do
+ expect { subject }.to change { ProjectDeployToken.count }.by(1)
end
- it 'should assign the DeployToken to the project' do
- expect(subject.project).to eq(project)
+ it 'returns a DeployToken' do
+ expect(subject).to be_an_instance_of DeployToken
end
it 'should store the token on redis' do
- redis_key = subject.redis_shared_state_key(user.id)
+ redis_key = DeployToken.redis_shared_state_key(user.id)
+ subject
expect(Gitlab::Redis::SharedState.with { |redis| redis.get(redis_key) }).not_to be_nil
end
- it 'should not store deploy token attributes on redis' do
- redis_key = subject.redis_shared_state_key(user.id) + ":attributes"
+ it 'should not store deploy token attributes on redis' do
+ redis_key = DeployToken.redis_shared_state_key(user.id) + ":attributes"
+ subject
expect(Gitlab::Redis::SharedState.with { |redis| redis.get(redis_key) }).to be_nil
end
end
context 'when the deploy token is invalid' do
- let(:deploy_token_params) { attributes_for(:deploy_token, scopes: []) }
+ let(:deploy_token_params) { attributes_for(:deploy_token, read_repository: false, read_registry: false) }
- it 'it should not create a new DeployToken' do
+ it 'should not create a new DeployToken' do
expect { subject }.not_to change { DeployToken.count }
end
+ it 'should not create a new ProjectDeployToken' do
+ expect { subject }.not_to change { ProjectDeployToken.count }
+ end
+
it 'should not store the token on redis' do
- redis_key = subject.redis_shared_state_key(user.id)
+ redis_key = DeployToken.redis_shared_state_key(user.id)
+ subject
expect(Gitlab::Redis::SharedState.with { |redis| redis.get(redis_key) }).to be_nil
end
it 'should store deploy token attributes on redis' do
- redis_key = subject.redis_shared_state_key(user.id) + ":attributes"
+ redis_key = DeployToken.redis_shared_state_key(user.id) + ":attributes"
+ subject
expect(Gitlab::Redis::SharedState.with { |redis| redis.get(redis_key) }).not_to be_nil
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-17 14:36:49 +0300