1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Profiles::PersonalAccessTokensController do
let(:user) { create(:user) }
let(:token_attributes) { attributes_for(:personal_access_token) }
before do
sign_in(user)
end
describe '#create' do
def created_token
PersonalAccessToken.order(:created_at).last
end
it "allows creation of a token with scopes" do
name = 'My PAT'
scopes = %w[api read_user]
post :create, params: { personal_access_token: token_attributes.merge(scopes: scopes, name: name) }
expect(created_token).not_to be_nil
expect(created_token.name).to eq(name)
expect(created_token.scopes).to eq(scopes)
expect(PersonalAccessToken.active).to include(created_token)
end
it "allows creation of a token with an expiry date" do
expires_at = 5.days.from_now.to_date
post :create, params: { personal_access_token: token_attributes.merge(expires_at: expires_at) }
expect(created_token).not_to be_nil
expect(created_token.expires_at).to eq(expires_at)
end
end
describe '#index' do
let!(:active_personal_access_token) { create(:personal_access_token, user: user) }
before do
# Impersonation and inactive personal tokens are ignored
create(:personal_access_token, :impersonation, user: user)
create(:personal_access_token, :revoked, user: user)
get :index
end
it "only includes details of the active personal access token" do
active_personal_access_tokens_detail = ::API::Entities::PersonalAccessTokenWithDetails
.represent([active_personal_access_token])
expect(assigns(:active_personal_access_tokens).to_json).to eq(active_personal_access_tokens_detail.to_json)
end
it "sets PAT name and scopes" do
name = 'My PAT'
scopes = 'api,read_user'
get :index, params: { name: name, scopes: scopes }
expect(assigns(:personal_access_token)).to have_attributes(
name: eq(name),
scopes: contain_exactly(:api, :read_user)
)
end
end
end
|
