BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
130a9933
Commit
130a9933
authored
Nov 10, 2017
by
Francisco Lopez
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Added UserAuthFinders spec
parent
8e57cc7e
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
196 additions
and
2 deletions
+196
-2
request_authenticator_spec.rb
spec/lib/gitlab/auth/request_authenticator_spec.rb
+2
-2
user_auth_finders_spec.rb
spec/lib/gitlab/auth/user_auth_finders_spec.rb
+194
-0
No files found.
spec/lib/gitlab/auth/request_authenticator_spec.rb
View file @
130a9933
...
@@ -11,7 +11,7 @@ describe Gitlab::Auth::RequestAuthenticator do
...
@@ -11,7 +11,7 @@ describe Gitlab::Auth::RequestAuthenticator do
subject
{
described_class
.
new
(
request
)
}
subject
{
described_class
.
new
(
request
)
}
describe
'
.
user'
do
describe
'
#
user'
do
let!
(
:sessionless_user
)
{
build
(
:user
)
}
let!
(
:sessionless_user
)
{
build
(
:user
)
}
let!
(
:session_user
)
{
build
(
:user
)
}
let!
(
:session_user
)
{
build
(
:user
)
}
...
@@ -37,7 +37,7 @@ describe Gitlab::Auth::RequestAuthenticator do
...
@@ -37,7 +37,7 @@ describe Gitlab::Auth::RequestAuthenticator do
end
end
end
end
describe
'
.
find_sessionless_user'
do
describe
'
#
find_sessionless_user'
do
let!
(
:access_token_user
)
{
build
(
:user
)
}
let!
(
:access_token_user
)
{
build
(
:user
)
}
let!
(
:rss_token_user
)
{
build
(
:user
)
}
let!
(
:rss_token_user
)
{
build
(
:user
)
}
...
...
spec/lib/gitlab/auth/user_auth_finders_spec.rb
0 → 100644
View file @
130a9933
require
'spec_helper'
describe
Gitlab
::
Auth
::
UserAuthFinders
do
include
described_class
let
(
:user
)
{
create
(
:user
)
}
let
(
:env
)
do
{
'rack.input'
=>
''
}
end
let
(
:request
)
{
Rack
::
Request
.
new
(
env
)}
def
set_param
(
key
,
value
)
request
.
update_param
(
key
,
value
)
end
describe
'#find_user_from_warden'
do
context
'with CSRF token'
do
before
do
allow
(
Gitlab
::
RequestForgeryProtection
).
to
receive
(
:verified?
).
and_return
(
true
)
end
context
'with invalid credentials'
do
it
'returns nil'
do
expect
(
find_user_from_warden
).
to
be_nil
end
end
context
'with valid credentials'
do
it
'returns the user'
do
env
[
'warden'
]
=
double
(
"warden"
,
authenticate:
user
)
expect
(
find_user_from_warden
).
to
eq
user
end
end
end
context
'without CSRF token'
do
it
'returns nil'
do
allow
(
Gitlab
::
RequestForgeryProtection
).
to
receive
(
:verified?
).
and_return
(
false
)
env
[
'warden'
]
=
double
(
"warden"
,
authenticate:
user
)
expect
(
find_user_from_warden
).
to
be_nil
end
end
end
describe
'#find_user_from_rss_token'
do
context
'when the request format is atom'
do
before
do
env
[
'HTTP_ACCEPT'
]
=
'application/atom+xml'
end
it
'returns user if valid rss_token'
do
set_param
(
:rss_token
,
user
.
rss_token
)
expect
(
find_user_from_rss_token
).
to
eq
user
end
it
'returns nil if rss_token is blank'
do
expect
(
find_user_from_rss_token
).
to
be_nil
end
it
'returns exception if invalid rss_token'
do
set_param
(
:rss_token
,
'invalid_token'
)
expect
{
find_user_from_rss_token
}.
to
raise_error
(
API
::
APIGuard
::
UnauthorizedError
)
end
end
context
'when the request format is not atom'
do
it
'returns nil'
do
set_param
(
:rss_token
,
user
.
rss_token
)
expect
(
find_user_from_rss_token
).
to
be_nil
end
end
end
describe
'#find_user_from_access_token'
do
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
user
)
}
it
'returns nil if no access_token present'
do
expect
(
find_personal_access_token
).
to
be_nil
end
context
'when validate_access_token! returns valid'
do
it
'returns user'
do
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
expect
(
find_user_from_access_token
).
to
eq
user
end
it
'returns exception if token has no user'
do
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
allow_any_instance_of
(
PersonalAccessToken
).
to
receive
(
:user
).
and_return
(
nil
)
expect
{
find_user_from_access_token
}.
to
raise_error
(
API
::
APIGuard
::
UnauthorizedError
)
end
end
end
describe
'#find_personal_access_token'
do
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
user
)
}
context
'passed as header'
do
it
'returns token if valid personal_access_token'
do
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
expect
(
find_personal_access_token
).
to
eq
personal_access_token
end
end
context
'passed as param'
do
it
'returns token if valid personal_access_token'
do
set_param
(
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_PARAM
,
personal_access_token
.
token
)
expect
(
find_personal_access_token
).
to
eq
personal_access_token
end
end
it
'returns nil if no personal_access_token'
do
expect
(
find_personal_access_token
).
to
be_nil
end
it
'returns exception if invalid personal_access_token'
do
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
'invalid_token'
expect
{
find_personal_access_token
}.
to
raise_error
(
API
::
APIGuard
::
UnauthorizedError
)
end
end
describe
'#find_oauth_access_token'
do
let
(
:application
)
{
Doorkeeper
::
Application
.
create!
(
name:
'MyApp'
,
redirect_uri:
'https://app.com'
,
owner:
user
)
}
let
(
:token
)
{
Doorkeeper
::
AccessToken
.
create!
(
application_id:
application
.
id
,
resource_owner_id:
user
.
id
,
scopes:
'api'
)
}
context
'passed as header'
do
it
'returns token if valid oauth_access_token'
do
env
[
'HTTP_AUTHORIZATION'
]
=
"Bearer
#{
token
.
token
}
"
expect
(
find_oauth_access_token
.
token
).
to
eq
token
.
token
end
end
context
'passed as param'
do
it
'returns user if valid oauth_access_token'
do
set_param
(
:access_token
,
token
.
token
)
expect
(
find_oauth_access_token
.
token
).
to
eq
token
.
token
end
end
it
'returns nil if no oauth_access_token'
do
expect
(
find_oauth_access_token
).
to
be_nil
end
it
'returns exception if invalid oauth_access_token'
do
env
[
'HTTP_AUTHORIZATION'
]
=
"Bearer invalid_token"
expect
{
find_oauth_access_token
}.
to
raise_error
(
API
::
APIGuard
::
UnauthorizedError
)
end
end
describe
'#validate_access_token!'
do
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
user
)
}
it
'returns nil if no access_token present'
do
expect
(
validate_access_token!
).
to
be_nil
end
context
'token is not valid'
do
before
do
allow_any_instance_of
(
described_class
).
to
receive
(
:access_token
).
and_return
(
personal_access_token
)
end
it
'returns API::APIGuard::ExpiredError if token expired'
do
personal_access_token
.
expires_at
=
1
.
day
.
ago
expect
{
validate_access_token!
}.
to
raise_error
(
API
::
APIGuard
::
ExpiredError
)
end
it
'returns API::APIGuard::RevokedError if token revoked'
do
personal_access_token
.
revoke!
expect
{
validate_access_token!
}.
to
raise_error
(
API
::
APIGuard
::
RevokedError
)
end
it
'returns API::APIGuard::InsufficientScopeError if invalid token scope'
do
expect
{
validate_access_token!
(
scopes:
[
:sudo
])
}.
to
raise_error
(
API
::
APIGuard
::
InsufficientScopeError
)
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment