doorkeeper_access_spec.rb 1.6 KB
Newer Older
Valery Sizov's avatar
Valery Sizov committed
1 2
require 'spec_helper'

Sean McGivern's avatar
Sean McGivern committed
3
describe 'doorkeeper access' do
Valery Sizov's avatar
Valery Sizov committed
4
  let!(:user) { create(:user) }
5 6
  let!(:application) { Doorkeeper::Application.create!(name: "MyApp", redirect_uri: "https://app.com", owner: user) }
  let!(:token) { Doorkeeper::AccessToken.create! application_id: application.id, resource_owner_id: user.id, scopes: "api" }
7

8 9 10
  describe "unauthenticated" do
    it "returns authentication success" do
      get api("/user"), access_token: token.token
11
      expect(response).to have_gitlab_http_status(200)
Valery Sizov's avatar
Valery Sizov committed
12
    end
13

Pawel Chojnacki's avatar
Pawel Chojnacki committed
14 15
    include_examples 'user login request with unique ip limit' do
      def request
16 17 18
        get api('/user'), access_token: token.token
      end
    end
Valery Sizov's avatar
Valery Sizov committed
19 20
  end

21 22 23
  describe "when token invalid" do
    it "returns authentication error" do
      get api("/user"), access_token: "123a"
24
      expect(response).to have_gitlab_http_status(401)
Valery Sizov's avatar
Valery Sizov committed
25 26 27
    end
  end

28
  describe "authorization by OAuth token" do
29 30
    it "returns authentication success" do
      get api("/user", user)
31
      expect(response).to have_gitlab_http_status(200)
Valery Sizov's avatar
Valery Sizov committed
32
    end
33

Pawel Chojnacki's avatar
Pawel Chojnacki committed
34 35
    include_examples 'user login request with unique ip limit' do
      def request
36 37 38
        get api('/user', user)
      end
    end
Valery Sizov's avatar
Valery Sizov committed
39
  end
40 41

  describe "when user is blocked" do
Douwe Maan's avatar
Douwe Maan committed
42
    it "returns authorization error" do
43 44 45
      user.block
      get api("/user"), access_token: token.token

Douwe Maan's avatar
Douwe Maan committed
46
      expect(response).to have_gitlab_http_status(403)
47 48 49 50
    end
  end

  describe "when user is ldap_blocked" do
Douwe Maan's avatar
Douwe Maan committed
51
    it "returns authorization error" do
52 53 54
      user.ldap_block
      get api("/user"), access_token: token.token

Douwe Maan's avatar
Douwe Maan committed
55
      expect(response).to have_gitlab_http_status(403)
56 57
    end
  end
Valery Sizov's avatar
Valery Sizov committed
58
end