From b1bbcf85684cee176ed5bb7eb43dd487a75f18fa Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 3 Aug 2021 12:00:08 +0000 Subject: Add latest changes from gitlab-org/security/gitlab@14-1-stable-ee --- spec/lib/gitlab/auth_spec.rb | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'spec/lib') diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb index d529d4a96e1..1d708b17076 100644 --- a/spec/lib/gitlab/auth_spec.rb +++ b/spec/lib/gitlab/auth_spec.rb @@ -336,6 +336,15 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do expect_results_with_abilities(impersonation_token, described_class.full_authentication_abilities) end + it 'fails if it is an impersonation token but impersonation is blocked' do + stub_config_setting(impersonation_enabled: false) + + impersonation_token = create(:personal_access_token, :impersonation, scopes: ['api']) + + expect(gl_auth.find_for_git_client('', impersonation_token.token, project: nil, ip: 'ip')) + .to eq(Gitlab::Auth::Result.new(nil, nil, nil, nil)) + end + it 'limits abilities based on scope' do personal_access_token = create(:personal_access_token, scopes: %w[read_user sudo]) -- cgit v1.2.3