From 4eea104c69e59f6fa53c7bc15b986c69f29b60c8 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 11 Dec 2019 15:07:38 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 spec/requests/api/releases_spec.rb | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

(limited to 'spec/requests')

diff --git a/spec/requests/api/releases_spec.rb b/spec/requests/api/releases_spec.rb
index bf05587fe03..da04e852795 100644
--- a/spec/requests/api/releases_spec.rb
+++ b/spec/requests/api/releases_spec.rb
@@ -558,6 +558,43 @@ describe API::Releases do
       end
     end
 
+    context 'when using JOB-TOKEN auth' do
+      let(:job) { create(:ci_build, user: maintainer) }
+      let(:params) do
+        {
+          name: 'Another release',
+          tag_name: 'v0.2',
+          description: 'Another nice release',
+          released_at: '2019-04-25T10:00:00+09:00'
+        }
+      end
+
+      context 'when no token is provided' do
+        it 'returns a :not_found error' do
+          post api("/projects/#{project.id}/releases"), params: params
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+
+      context 'when an invalid token is provided' do
+        it 'returns an :unauthorized error' do
+          post api("/projects/#{project.id}/releases"), params: params.merge(job_token: 'yadayadayada')
+
+          expect(response).to have_gitlab_http_status(:unauthorized)
+        end
+      end
+
+      context 'when a valid token is provided' do
+        it 'creates the release' do
+          post api("/projects/#{project.id}/releases"), params: params.merge(job_token: job.token)
+
+          expect(response).to have_gitlab_http_status(:created)
+          expect(project.releases.last.description).to eq('Another nice release')
+        end
+      end
+    end
+
     context 'when tag does not exist in git repository' do
       let(:params) do
         {
-- 
cgit v1.2.3