Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
130a9933
Commit
130a9933
authored
Nov 10, 2017
by
Francisco Lopez
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Added UserAuthFinders spec
parent
8e57cc7e
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
196 additions
and
2 deletions
+196
-2
spec/lib/gitlab/auth/request_authenticator_spec.rb
spec/lib/gitlab/auth/request_authenticator_spec.rb
+2
-2
spec/lib/gitlab/auth/user_auth_finders_spec.rb
spec/lib/gitlab/auth/user_auth_finders_spec.rb
+194
-0
No files found.
spec/lib/gitlab/auth/request_authenticator_spec.rb
View file @
130a9933
...
...
@@ -11,7 +11,7 @@ describe Gitlab::Auth::RequestAuthenticator do
subject
{
described_class
.
new
(
request
)
}
describe
'
.
user'
do
describe
'
#
user'
do
let!
(
:sessionless_user
)
{
build
(
:user
)
}
let!
(
:session_user
)
{
build
(
:user
)
}
...
...
@@ -37,7 +37,7 @@ describe Gitlab::Auth::RequestAuthenticator do
end
end
describe
'
.
find_sessionless_user'
do
describe
'
#
find_sessionless_user'
do
let!
(
:access_token_user
)
{
build
(
:user
)
}
let!
(
:rss_token_user
)
{
build
(
:user
)
}
...
...
spec/lib/gitlab/auth/user_auth_finders_spec.rb
0 → 100644
View file @
130a9933
require
'spec_helper'
describe
Gitlab
::
Auth
::
UserAuthFinders
do
include
described_class
let
(
:user
)
{
create
(
:user
)
}
let
(
:env
)
do
{
'rack.input'
=>
''
}
end
let
(
:request
)
{
Rack
::
Request
.
new
(
env
)}
def
set_param
(
key
,
value
)
request
.
update_param
(
key
,
value
)
end
describe
'#find_user_from_warden'
do
context
'with CSRF token'
do
before
do
allow
(
Gitlab
::
RequestForgeryProtection
).
to
receive
(
:verified?
).
and_return
(
true
)
end
context
'with invalid credentials'
do
it
'returns nil'
do
expect
(
find_user_from_warden
).
to
be_nil
end
end
context
'with valid credentials'
do
it
'returns the user'
do
env
[
'warden'
]
=
double
(
"warden"
,
authenticate:
user
)
expect
(
find_user_from_warden
).
to
eq
user
end
end
end
context
'without CSRF token'
do
it
'returns nil'
do
allow
(
Gitlab
::
RequestForgeryProtection
).
to
receive
(
:verified?
).
and_return
(
false
)
env
[
'warden'
]
=
double
(
"warden"
,
authenticate:
user
)
expect
(
find_user_from_warden
).
to
be_nil
end
end
end
describe
'#find_user_from_rss_token'
do
context
'when the request format is atom'
do
before
do
env
[
'HTTP_ACCEPT'
]
=
'application/atom+xml'
end
it
'returns user if valid rss_token'
do
set_param
(
:rss_token
,
user
.
rss_token
)
expect
(
find_user_from_rss_token
).
to
eq
user
end
it
'returns nil if rss_token is blank'
do
expect
(
find_user_from_rss_token
).
to
be_nil
end
it
'returns exception if invalid rss_token'
do
set_param
(
:rss_token
,
'invalid_token'
)
expect
{
find_user_from_rss_token
}.
to
raise_error
(
API
::
APIGuard
::
UnauthorizedError
)
end
end
context
'when the request format is not atom'
do
it
'returns nil'
do
set_param
(
:rss_token
,
user
.
rss_token
)
expect
(
find_user_from_rss_token
).
to
be_nil
end
end
end
describe
'#find_user_from_access_token'
do
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
user
)
}
it
'returns nil if no access_token present'
do
expect
(
find_personal_access_token
).
to
be_nil
end
context
'when validate_access_token! returns valid'
do
it
'returns user'
do
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
expect
(
find_user_from_access_token
).
to
eq
user
end
it
'returns exception if token has no user'
do
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
allow_any_instance_of
(
PersonalAccessToken
).
to
receive
(
:user
).
and_return
(
nil
)
expect
{
find_user_from_access_token
}.
to
raise_error
(
API
::
APIGuard
::
UnauthorizedError
)
end
end
end
describe
'#find_personal_access_token'
do
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
user
)
}
context
'passed as header'
do
it
'returns token if valid personal_access_token'
do
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
expect
(
find_personal_access_token
).
to
eq
personal_access_token
end
end
context
'passed as param'
do
it
'returns token if valid personal_access_token'
do
set_param
(
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_PARAM
,
personal_access_token
.
token
)
expect
(
find_personal_access_token
).
to
eq
personal_access_token
end
end
it
'returns nil if no personal_access_token'
do
expect
(
find_personal_access_token
).
to
be_nil
end
it
'returns exception if invalid personal_access_token'
do
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
'invalid_token'
expect
{
find_personal_access_token
}.
to
raise_error
(
API
::
APIGuard
::
UnauthorizedError
)
end
end
describe
'#find_oauth_access_token'
do
let
(
:application
)
{
Doorkeeper
::
Application
.
create!
(
name:
'MyApp'
,
redirect_uri:
'https://app.com'
,
owner:
user
)
}
let
(
:token
)
{
Doorkeeper
::
AccessToken
.
create!
(
application_id:
application
.
id
,
resource_owner_id:
user
.
id
,
scopes:
'api'
)
}
context
'passed as header'
do
it
'returns token if valid oauth_access_token'
do
env
[
'HTTP_AUTHORIZATION'
]
=
"Bearer
#{
token
.
token
}
"
expect
(
find_oauth_access_token
.
token
).
to
eq
token
.
token
end
end
context
'passed as param'
do
it
'returns user if valid oauth_access_token'
do
set_param
(
:access_token
,
token
.
token
)
expect
(
find_oauth_access_token
.
token
).
to
eq
token
.
token
end
end
it
'returns nil if no oauth_access_token'
do
expect
(
find_oauth_access_token
).
to
be_nil
end
it
'returns exception if invalid oauth_access_token'
do
env
[
'HTTP_AUTHORIZATION'
]
=
"Bearer invalid_token"
expect
{
find_oauth_access_token
}.
to
raise_error
(
API
::
APIGuard
::
UnauthorizedError
)
end
end
describe
'#validate_access_token!'
do
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
user
)
}
it
'returns nil if no access_token present'
do
expect
(
validate_access_token!
).
to
be_nil
end
context
'token is not valid'
do
before
do
allow_any_instance_of
(
described_class
).
to
receive
(
:access_token
).
and_return
(
personal_access_token
)
end
it
'returns API::APIGuard::ExpiredError if token expired'
do
personal_access_token
.
expires_at
=
1
.
day
.
ago
expect
{
validate_access_token!
}.
to
raise_error
(
API
::
APIGuard
::
ExpiredError
)
end
it
'returns API::APIGuard::RevokedError if token revoked'
do
personal_access_token
.
revoke!
expect
{
validate_access_token!
}.
to
raise_error
(
API
::
APIGuard
::
RevokedError
)
end
it
'returns API::APIGuard::InsufficientScopeError if invalid token scope'
do
expect
{
validate_access_token!
(
scopes:
[
:sudo
])
}.
to
raise_error
(
API
::
APIGuard
::
InsufficientScopeError
)
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment