Commit 0ab6f96b authored by Dylan Griffith's avatar Dylan Griffith

Merge branch 'spec_job_token' into 'master'

Move job token specs to core

See merge request gitlab-org/gitlab!42374
parents e2bf573d 88c0e5ca
---
title: Move job token specs to core
merge_request: 42374
author: Mathieu Parent
type: changed
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe API::Helpers do
include API::APIGuard::HelperMethods
include described_class
let_it_be(:user) { create(:user) }
let(:route_authentication_setting) { {} }
let(:csrf_token) { SecureRandom.base64(ActionController::RequestForgeryProtection::AUTHENTICITY_TOKEN_LENGTH) }
let(:env) do
{
'rack.input' => '',
'rack.session' => {
_csrf_token: csrf_token
},
'REQUEST_METHOD' => 'GET',
'CONTENT_TYPE' => 'text/plain;charset=utf-8'
}
end
let(:header) { }
let(:request) { Grape::Request.new(env)}
let(:params) { request.params }
def error!(message, status, header)
raise StandardError.new("#{status} - #{message}")
end
before do
allow_any_instance_of(self.class).to receive(:options).and_return({})
allow_any_instance_of(self.class).to receive(:route_authentication_setting)
.and_return(route_authentication_setting)
end
describe ".current_user" do
describe "when authenticating using a job token" do
let_it_be(:job, reload: true) do
create(:ci_build, user: user, status: :running)
end
context 'when route is allowed to be authenticated' do
let(:route_authentication_setting) { { job_token_allowed: true } }
it "returns a 401 response for an invalid token" do
env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = 'invalid token'
expect { current_user }.to raise_error /401/
end
it "returns a 401 response for a job that's not running" do
job.update!(status: :success)
env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token
expect { current_user }.to raise_error /401/
end
it "returns a 403 response for a user without access" do
env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token
allow_any_instance_of(Gitlab::UserAccess).to receive(:allowed?).and_return(false)
expect { current_user }.to raise_error /403/
end
it 'returns a 403 response for a user who is blocked' do
user.block!
env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token
expect { current_user }.to raise_error /403/
end
it "sets current_user" do
env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token
expect(current_user).to eq(user)
end
end
context 'when route is not allowed to be authenticated' do
let(:route_authentication_setting) { { job_token_allowed: false } }
it "sets current_user to nil" do
env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token
allow_any_instance_of(Gitlab::UserAccess).to receive(:allowed?).and_return(true)
expect(current_user).to be_nil
end
end
end
end
end
...@@ -9,7 +9,7 @@ RSpec.describe API::Helpers do ...@@ -9,7 +9,7 @@ RSpec.describe API::Helpers do
include described_class include described_class
include TermsHelper include TermsHelper
let(:user) { create(:user) } let_it_be(:user, reload: true) { create(:user) }
let(:admin) { create(:admin) } let(:admin) { create(:admin) }
let(:key) { create(:key, user: user) } let(:key) { create(:key, user: user) }
...@@ -243,6 +243,67 @@ RSpec.describe API::Helpers do ...@@ -243,6 +243,67 @@ RSpec.describe API::Helpers do
end end
end end
end end
describe "when authenticating using a job token" do
let_it_be(:job, reload: true) do
create(:ci_build, user: user, status: :running)
end
let(:route_authentication_setting) { {} }
before do
allow_any_instance_of(self.class).to receive(:route_authentication_setting)
.and_return(route_authentication_setting)
end
context 'when route is allowed to be authenticated' do
let(:route_authentication_setting) { { job_token_allowed: true } }
it "returns a 401 response for an invalid token" do
env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = 'invalid token'
expect { current_user }.to raise_error /401/
end
it "returns a 401 response for a job that's not running" do
job.update!(status: :success)
env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token
expect { current_user }.to raise_error /401/
end
it "returns a 403 response for a user without access" do
env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token
allow_any_instance_of(Gitlab::UserAccess).to receive(:allowed?).and_return(false)
expect { current_user }.to raise_error /403/
end
it 'returns a 403 response for a user who is blocked' do
user.block!
env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token
expect { current_user }.to raise_error /403/
end
it "sets current_user" do
env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token
expect(current_user).to eq(user)
end
end
context 'when route is not allowed to be authenticated' do
let(:route_authentication_setting) { { job_token_allowed: false } }
it "sets current_user to nil" do
env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = job.token
allow_any_instance_of(Gitlab::UserAccess).to receive(:allowed?).and_return(true)
expect(current_user).to be_nil
end
end
end
end end
describe '.handle_api_exception' do describe '.handle_api_exception' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment