Commit 53dab498 authored by Mark Chao's avatar Mark Chao

Merge branch...

Merge branch '290987-follow-up-from-draft-audit-event-logs-for-project-access-token-create-and-revoke-services' into 'master'

Iterate on personal access token audit log specs

See merge request gitlab-org/gitlab!49189
parents b3fe7a2c c657bad7
...@@ -4,19 +4,51 @@ require 'spec_helper' ...@@ -4,19 +4,51 @@ require 'spec_helper'
RSpec.describe PersonalAccessTokens::CreateService do RSpec.describe PersonalAccessTokens::CreateService do
describe '#execute' do describe '#execute' do
subject { service.execute } let_it_be(:user) { create(:user) }
let(:params) { { name: 'admin-token', impersonation: true, scopes: [:api], expires_at: Date.today + 1.month } }
let(:user) { create(:user) } context 'when non-admin user' do
let(:params) { { name: 'Test token', impersonation: true, scopes: [:api], expires_at: Date.today + 1.month } } context 'when user creates their own token' do
let(:service) { described_class.new(current_user: user, target_user: user, params: params) } it 'creates audit logs with success message' do
expect_to_log(user, user, /Created personal access token with id \d+/)
it 'creates audit logs' do described_class.new(current_user: user, target_user: user, params: params).execute
expect(::AuditEventService) end
.to receive(:new) end
.with(user, user, action: :custom, custom_message: /Created personal access token with id \d+/, ip_address: nil)
.and_call_original context 'when user attempts to create a token for a different user' do
let(:other_user) { create(:user) }
it 'creates audit logs with failure message' do
expect_to_log(user, other_user, 'Attempted to create personal access token but failed with message: Not permitted to create')
subject described_class.new(current_user: user, target_user: other_user, params: params).execute
end end
end end
end
context 'when admin' do
let(:admin) { create(:user, :admin) }
it 'with admin mode enabled', :enable_admin_mode do
expect_to_log(admin, user, /Created personal access token with id \d+/)
described_class.new(current_user: admin, target_user: user, params: params).execute
end
context 'with admin mode disabled' do
it 'creates audit logs with failure message' do
expect_to_log(admin, user, 'Attempted to create personal access token but failed with message: Not permitted to create')
described_class.new(current_user: admin, target_user: user, params: params).execute
end
end
end
end
def expect_to_log(current_user, target_user, message)
expect(::AuditEventService).to receive(:new)
.with(current_user, target_user, action: :custom, custom_message: message, ip_address: nil)
.and_call_original
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment