BigW Consortium Gitlab

personal_access_token_spec.rb 3.65 KB
Newer Older
1 2
require 'spec_helper'

3
describe PersonalAccessToken do
4 5
  subject { described_class }

6 7
  describe '.build' do
    let(:personal_access_token) { build(:personal_access_token) }
8
    let(:invalid_personal_access_token) { build(:personal_access_token, :invalid) }
9 10 11

    it 'is a valid personal access token' do
      expect(personal_access_token).to be_valid
12 13
    end

14 15 16 17 18
    it 'ensures that the token is generated' do
      invalid_personal_access_token.save!

      expect(invalid_personal_access_token).to be_valid
      expect(invalid_personal_access_token.token).not_to be_nil
19 20
    end
  end
21

22 23
  describe ".active?" do
    let(:active_personal_access_token) { build(:personal_access_token) }
24 25
    let(:revoked_personal_access_token) { build(:personal_access_token, :revoked) }
    let(:expired_personal_access_token) { build(:personal_access_token, :expired) }
26 27 28 29 30 31 32 33 34 35 36 37 38

    it "returns false if the personal_access_token is revoked" do
      expect(revoked_personal_access_token).not_to be_active
    end

    it "returns false if the personal_access_token is expired" do
      expect(expired_personal_access_token).not_to be_active
    end

    it "returns true if the personal_access_token is not revoked and not expired" do
      expect(active_personal_access_token).to be_active
    end
  end
39

40 41 42 43 44 45
  describe 'revoke!' do
    let(:active_personal_access_token) { create(:personal_access_token) }

    it 'revokes the token' do
      active_personal_access_token.revoke!

46
      expect(active_personal_access_token).to be_revoked
47 48 49
    end
  end

50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72
  describe 'Redis storage' do
    let(:user_id) { 123 }
    let(:token) { 'abc000foo' }

    before do
      subject.redis_store!(user_id, token)
    end

    it 'returns stored data' do
      expect(subject.redis_getdel(user_id)).to eq(token)
    end

    context 'after deletion' do
      before do
        expect(subject.redis_getdel(user_id)).to eq(token)
      end

      it 'token is removed' do
        expect(subject.redis_getdel(user_id)).to be_nil
      end
    end
  end

73 74 75 76 77 78 79 80 81 82
  context "validations" do
    let(:personal_access_token) { build(:personal_access_token) }

    it "requires at least one scope" do
      personal_access_token.scopes = []

      expect(personal_access_token).not_to be_valid
      expect(personal_access_token.errors[:scopes].first).to eq "can't be blank"
    end

83 84 85 86 87 88
    it "allows creating a token with API scopes" do
      personal_access_token.scopes = [:api, :read_user]

      expect(personal_access_token).to be_valid
    end

89 90 91 92
    context 'when registry is disabled' do
      before do
        stub_container_registry_config(enabled: false)
      end
93

94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119
      it "rejects creating a token with read_registry scope" do
        personal_access_token.scopes = [:read_registry]

        expect(personal_access_token).not_to be_valid
        expect(personal_access_token.errors[:scopes].first).to eq "can only contain available scopes"
      end

      it "allows revoking a token with read_registry scope" do
        personal_access_token.scopes = [:read_registry]

        personal_access_token.revoke!

        expect(personal_access_token).to be_revoked
      end
    end

    context 'when registry is enabled' do
      before do
        stub_container_registry_config(enabled: true)
      end

      it "allows creating a token with read_registry scope" do
        personal_access_token.scopes = [:read_registry]

        expect(personal_access_token).to be_valid
      end
120 121 122
    end

    it "rejects creating a token with unavailable scopes" do
123 124 125
      personal_access_token.scopes = [:openid, :api]

      expect(personal_access_token).not_to be_valid
126
      expect(personal_access_token.errors[:scopes].first).to eq "can only contain available scopes"
127 128
    end
  end
129
end