Welcome to mirror list, hosted at ThFree Co, Russian Federation.

access_tokens_controller_spec.rb « settings « projects « requests « spec - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/requests/projects/settings/access_tokens_controller_spec.rb
blob: b4cfa964ac8e03f341a74693e3da66df93a9f2df (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Projects::Settings::AccessTokensController, feature_category: :system_access do
  let_it_be(:user) { create(:user) }
  let_it_be(:group) { create(:group) }
  let_it_be(:resource) { create(:project, group: group) }
  let_it_be(:access_token_user) { create(:user, :project_bot) }

  before_all do
    resource.add_maintainer(user)
    resource.add_maintainer(access_token_user)
  end

  before do
    sign_in(user)
  end

  shared_examples 'feature unavailable' do
    context 'user is not a maintainer' do
      before do
        resource.add_developer(user)
      end

      it { expect(subject).to have_gitlab_http_status(:not_found) }
    end
  end

  describe 'GET /:namespace/:project/-/settings/access_tokens' do
    let(:get_access_tokens) do
      get project_settings_access_tokens_path(resource)
      response
    end

    let(:get_access_tokens_json) do
      get project_settings_access_tokens_path(resource), params: { format: :json }
      response
    end

    subject(:get_access_tokens_with_page) do
      get project_settings_access_tokens_path(resource), params: { page: 1 }
      response
    end

    it_behaves_like 'feature unavailable'
    it_behaves_like 'GET resource access tokens available'
    it_behaves_like 'GET access tokens are paginated and ordered'
  end

  describe 'POST /:namespace/:project/-/settings/access_tokens' do
    let(:access_token_params) { { name: 'Nerd bot', scopes: ["api"], expires_at: Date.today + 1.month } }

    subject do
      post project_settings_access_tokens_path(resource), params: { resource_access_token: access_token_params }
      response
    end

    it_behaves_like 'feature unavailable'
    it_behaves_like 'POST resource access tokens available'

    context 'when project access token creation is disabled' do
      before do
        group.namespace_settings.update_column(:resource_access_token_creation_allowed, false)
      end

      it { expect(subject).to have_gitlab_http_status(:not_found) }

      it 'does not create the token' do
        expect { subject }.not_to change { PersonalAccessToken.count }
      end

      it 'does not add the project bot as a member' do
        expect { subject }.not_to change { Member.count }
      end

      it 'does not create the project bot user' do
        expect { subject }.not_to change { User.count }
      end
    end

    context 'with custom access level' do
      let(:access_token_params) { { name: 'Nerd bot', scopes: ["api"], expires_at: Date.today + 1.month, access_level: 20 } }

      subject { post project_settings_access_tokens_path(resource), params: { resource_access_token: access_token_params } }

      it_behaves_like 'POST resource access tokens available'
    end
  end

  describe 'PUT /:namespace/:project/-/settings/access_tokens/:id', :sidekiq_inline do
    let(:resource_access_token) { create(:personal_access_token, user: access_token_user) }

    subject do
      put revoke_project_settings_access_token_path(resource, resource_access_token)
      response
    end

    it_behaves_like 'feature unavailable'
    it_behaves_like 'PUT resource access tokens available'
  end

  describe '#index' do
    let_it_be(:resource_access_tokens) { create_list(:personal_access_token, 3, user: access_token_user) }

    before do
      get project_settings_access_tokens_path(resource)
    end

    it 'includes details of the active project access tokens' do
      active_access_tokens =
        ::ProjectAccessTokenSerializer.new.represent(resource_access_tokens.reverse, project: resource)

      expect(assigns(:active_access_tokens).to_json).to eq(active_access_tokens.to_json)
    end

    it 'sets available scopes' do
      expect(assigns(:scopes)).to include(Gitlab::Auth::K8S_PROXY_SCOPE)
    end

    context 'with feature flag k8s_proxy_pat disabled' do
      before do
        stub_feature_flags(k8s_proxy_pat: false)
        get project_settings_access_tokens_path(resource)
      end

      it 'includes details of the active project access tokens' do
        active_access_tokens =
          ::ProjectAccessTokenSerializer.new.represent(resource_access_tokens.reverse, project: resource)

        expect(assigns(:active_access_tokens).to_json).to eq(active_access_tokens.to_json)
      end

      it 'sets available scopes' do
        expect(assigns(:scopes)).not_to include(Gitlab::Auth::K8S_PROXY_SCOPE)
      end
    end
  end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-11 18:51:19 +0300