debian-mirror-gitlab/spec/models/concerns/token_authenticatable_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

451 lines
12 KiB
Ruby
Raw Permalink Normal View History

2019-07-07 11:18:12 +05:30
# frozen_string_literal: true
2015-12-23 02:04:40 +05:30
require 'spec_helper'
2020-07-28 23:09:34 +05:30
RSpec.shared_examples 'TokenAuthenticatable' do
2015-12-23 02:04:40 +05:30
describe 'dynamically defined methods' do
it { expect(described_class).to respond_to("find_by_#{token_field}") }
it { is_expected.to respond_to("ensure_#{token_field}") }
2017-08-17 22:00:37 +05:30
it { is_expected.to respond_to("set_#{token_field}") }
2015-12-23 02:04:40 +05:30
it { is_expected.to respond_to("reset_#{token_field}!") }
end
2022-05-07 20:08:51 +05:30
describe 'SensitiveSerializableHash' do
it 'includes the token field in list of sensitive attributes prevented from serialization' do
expect(described_class.attributes_exempt_from_serializable_hash).to include(token_field)
end
end
2015-12-23 02:04:40 +05:30
end
2020-07-28 23:09:34 +05:30
RSpec.describe User, 'TokenAuthenticatable' do
2018-11-08 19:23:39 +05:30
let(:token_field) { :feed_token }
2020-03-13 15:44:24 +05:30
2015-12-23 02:04:40 +05:30
it_behaves_like 'TokenAuthenticatable'
describe 'ensures authentication token' do
subject { create(:user).send(token_field) }
2019-12-21 20:55:43 +05:30
2015-12-23 02:04:40 +05:30
it { is_expected.to be_a String }
end
end
2020-07-28 23:09:34 +05:30
RSpec.describe ApplicationSetting, 'TokenAuthenticatable' do
2015-12-23 02:04:40 +05:30
let(:token_field) { :runners_registration_token }
2019-02-15 15:39:39 +05:30
let(:settings) { described_class.new }
2015-12-23 02:04:40 +05:30
it_behaves_like 'TokenAuthenticatable'
describe 'generating new token' do
context 'token is not generated yet' do
describe 'token field accessor' do
2019-02-15 15:39:39 +05:30
subject { settings.send(token_field) }
it { is_expected.not_to be_blank }
end
2015-12-23 02:04:40 +05:30
2019-02-15 15:39:39 +05:30
describe "ensure_runners_registration_token" do
subject { settings.send("ensure_#{token_field}") }
2015-12-23 02:04:40 +05:30
it { is_expected.to be_a String }
it { is_expected.not_to be_blank }
2019-02-15 15:39:39 +05:30
it 'does not persist token' do
expect(settings).not_to be_persisted
end
2015-12-23 02:04:40 +05:30
end
2019-02-15 15:39:39 +05:30
describe 'ensure_runners_registration_token!' do
subject { settings.send("ensure_#{token_field}!") }
2019-02-15 15:39:39 +05:30
it 'persists new token as an encrypted string' do
expect(subject).to eq settings.reload.runners_registration_token
expect(settings.read_attribute('runners_registration_token_encrypted'))
2021-04-29 21:17:54 +05:30
.to eq TokenAuthenticatableStrategies::EncryptionHelper.encrypt_token(subject)
2019-02-15 15:39:39 +05:30
expect(settings).to be_persisted
end
it 'does not persist token in a clear text' do
expect(subject).not_to eq settings.reload
.read_attribute('runners_registration_token_encrypted')
end
end
2015-12-23 02:04:40 +05:30
end
context 'token is generated' do
2017-09-10 17:25:29 +05:30
before do
2019-02-15 15:39:39 +05:30
settings.send("reset_#{token_field}!")
2017-09-10 17:25:29 +05:30
end
it 'persists a new token' do
2019-02-15 15:39:39 +05:30
expect(settings.runners_registration_token).to be_a String
end
2015-12-23 02:04:40 +05:30
end
end
2017-08-17 22:00:37 +05:30
describe 'setting new token' do
2019-02-15 15:39:39 +05:30
subject { settings.send("set_#{token_field}", '0123456789') }
2017-08-17 22:00:37 +05:30
it { is_expected.to eq '0123456789' }
end
2015-12-23 02:04:40 +05:30
describe 'multiple token fields' do
2018-11-18 11:00:15 +05:30
before(:all) do
2015-12-23 02:04:40 +05:30
described_class.send(:add_authentication_token_field, :yet_another_token)
end
2018-11-18 11:00:15 +05:30
it { is_expected.to respond_to(:ensure_runners_registration_token) }
2022-08-13 15:12:31 +05:30
it { is_expected.to respond_to(:ensure_error_tracking_access_token) }
2018-11-18 11:00:15 +05:30
it { is_expected.to respond_to(:ensure_yet_another_token) }
end
describe 'setting same token field multiple times' do
subject { described_class.send(:add_authentication_token_field, :runners_registration_token) }
it 'raises error' do
2022-08-27 11:52:29 +05:30
expect { subject }.to raise_error(ArgumentError)
2018-11-18 11:00:15 +05:30
end
end
end
2020-07-28 23:09:34 +05:30
RSpec.describe PersonalAccessToken, 'TokenAuthenticatable' do
2019-07-07 11:18:12 +05:30
shared_examples 'changes personal access token' do
it 'sets new token' do
subject
2021-02-22 17:27:13 +05:30
expect(personal_access_token.token).to eq("#{PersonalAccessToken.token_prefix}#{token_value}")
expect(personal_access_token.token_digest).to eq(Gitlab::CryptoHelper.sha256("#{PersonalAccessToken.token_prefix}#{token_value}"))
2019-07-07 11:18:12 +05:30
end
end
shared_examples 'does not change personal access token' do
it 'sets new token' do
subject
expect(personal_access_token.token).to be(nil)
expect(personal_access_token.token_digest).to eq(token_digest)
end
end
2022-08-27 11:52:29 +05:30
let(:token_value) { Devise.friendly_token }
2019-07-07 11:18:12 +05:30
let(:token_digest) { Gitlab::CryptoHelper.sha256(token_value) }
2018-11-18 11:00:15 +05:30
let(:user) { create(:user) }
let(:personal_access_token) do
2023-06-20 00:43:36 +05:30
described_class.new(name: 'test-pat-01', user_id: user.id, scopes: [:api], token_digest: token_digest)
2018-11-18 11:00:15 +05:30
end
before do
allow(Devise).to receive(:friendly_token).and_return(token_value)
end
describe '.find_by_token' do
subject { PersonalAccessToken.find_by_token(token_value) }
2019-07-07 11:18:12 +05:30
it 'finds the token' do
2021-01-03 14:25:43 +05:30
personal_access_token.save!
2018-11-18 11:00:15 +05:30
2019-07-07 11:18:12 +05:30
expect(subject).to eq(personal_access_token)
2018-11-18 11:00:15 +05:30
end
end
describe '#set_token' do
let(:new_token_value) { 'new-token' }
2019-05-30 16:15:17 +05:30
2019-07-07 11:18:12 +05:30
subject { personal_access_token.set_token(new_token_value) }
2019-05-30 16:15:17 +05:30
2019-07-07 11:18:12 +05:30
it 'sets new token' do
subject
2018-11-18 11:00:15 +05:30
2019-07-07 11:18:12 +05:30
expect(personal_access_token.token).to eq(new_token_value)
expect(personal_access_token.token_digest).to eq(Gitlab::CryptoHelper.sha256(new_token_value))
2018-11-18 11:00:15 +05:30
end
end
describe '#ensure_token' do
subject { personal_access_token.ensure_token }
2019-07-07 11:18:12 +05:30
context 'token_digest does not exist' do
2018-11-18 11:00:15 +05:30
let(:token_digest) { nil }
2019-07-07 11:18:12 +05:30
it_behaves_like 'changes personal access token'
2018-11-18 11:00:15 +05:30
end
2019-07-07 11:18:12 +05:30
context 'token_digest already generated' do
let(:token_digest) { 's3cr3t' }
2018-11-18 11:00:15 +05:30
2019-07-07 11:18:12 +05:30
it_behaves_like 'does not change personal access token'
2018-11-18 11:00:15 +05:30
end
end
describe '#ensure_token!' do
subject { personal_access_token.ensure_token! }
2019-07-07 11:18:12 +05:30
context 'token_digest does not exist' do
2018-11-18 11:00:15 +05:30
let(:token_digest) { nil }
2019-07-07 11:18:12 +05:30
it_behaves_like 'changes personal access token'
2018-11-18 11:00:15 +05:30
end
2019-07-07 11:18:12 +05:30
context 'token_digest already generated' do
let(:token_digest) { 's3cr3t' }
2018-11-18 11:00:15 +05:30
2019-07-07 11:18:12 +05:30
it_behaves_like 'does not change personal access token'
2018-11-18 11:00:15 +05:30
end
end
describe '#reset_token!' do
subject { personal_access_token.reset_token! }
2019-07-07 11:18:12 +05:30
context 'token_digest does not exist' do
2019-05-30 16:15:17 +05:30
let(:token_digest) { nil }
2019-07-07 11:18:12 +05:30
it_behaves_like 'changes personal access token'
2019-05-30 16:15:17 +05:30
end
2019-07-07 11:18:12 +05:30
context 'token_digest already generated' do
let(:token_digest) { 's3cr3t' }
2019-05-30 16:15:17 +05:30
2019-07-07 11:18:12 +05:30
it_behaves_like 'changes personal access token'
2015-12-23 02:04:40 +05:30
end
end
end
2019-02-15 15:39:39 +05:30
2020-07-28 23:09:34 +05:30
RSpec.describe Ci::Build, 'TokenAuthenticatable' do
2019-02-15 15:39:39 +05:30
let(:token_field) { :token }
2023-01-13 00:05:48 +05:30
let(:build) { FactoryBot.build(:ci_build, :created) }
2019-02-15 15:39:39 +05:30
it_behaves_like 'TokenAuthenticatable'
describe 'generating new token' do
context 'token is not generated yet' do
describe 'token field accessor' do
2023-01-13 00:05:48 +05:30
it 'does not generate a token when saving a build' do
expect { build.save! }.not_to change(build, :token).from(nil)
2019-02-15 15:39:39 +05:30
end
end
describe "ensure_token" do
subject { build.ensure_token }
it { is_expected.to be_a String }
it { is_expected.not_to be_blank }
it 'does not persist token' do
expect(build).not_to be_persisted
end
end
describe 'ensure_token!' do
it 'persists a new token' do
expect(build.ensure_token!).to eq build.reload.token
expect(build).to be_persisted
end
it 'persists new token as an encrypted string' do
build.ensure_token!
2021-04-29 21:17:54 +05:30
encrypted = TokenAuthenticatableStrategies::EncryptionHelper.encrypt_token(build.token)
2019-02-15 15:39:39 +05:30
expect(build.read_attribute('token_encrypted')).to eq encrypted
end
it 'does not persist a token in a clear text' do
build.ensure_token!
expect(build.read_attribute('token')).to be_nil
end
end
end
describe '#reset_token!' do
it 'persists a new token' do
build.save!
build.token.yield_self do |previous_token|
build.reset_token!
expect(build.token).not_to eq previous_token
expect(build.token).to be_a String
end
end
end
end
describe 'setting a new token' do
subject { build.set_token('0123456789') }
it 'returns the token' do
expect(subject).to eq '0123456789'
end
it 'writes a new encrypted token' do
expect(build.read_attribute('token_encrypted')).to be_nil
expect(subject).to eq '0123456789'
expect(build.read_attribute('token_encrypted')).to be_present
end
it 'does not write a new cleartext token' do
expect(build.read_attribute('token')).to be_nil
expect(subject).to eq '0123456789'
expect(build.read_attribute('token')).to be_nil
end
end
2022-04-04 11:22:00 +05:30
describe '#token_with_expiration' do
describe '#expirable?' do
subject { build.token_with_expiration.expirable? }
it { is_expected.to eq(false) }
end
end
end
RSpec.describe Ci::Runner, 'TokenAuthenticatable', :freeze_time do
let_it_be(:non_expirable_runner) { create(:ci_runner) }
let_it_be(:non_expired_runner) { create(:ci_runner).tap { |r| r.update!(token_expires_at: 5.seconds.from_now) } }
let_it_be(:expired_runner) { create(:ci_runner).tap { |r| r.update!(token_expires_at: 5.seconds.ago) } }
describe '#token_expired?' do
subject { runner.token_expired? }
2022-11-25 23:54:43 +05:30
context 'when runner has no token expiration' do
let(:runner) { non_expirable_runner }
2022-04-04 11:22:00 +05:30
2022-11-25 23:54:43 +05:30
it { is_expected.to eq(false) }
2022-04-04 11:22:00 +05:30
end
2022-11-25 23:54:43 +05:30
context 'when runner token is not expired' do
let(:runner) { non_expired_runner }
2022-04-04 11:22:00 +05:30
2022-11-25 23:54:43 +05:30
it { is_expected.to eq(false) }
end
2022-04-04 11:22:00 +05:30
2022-11-25 23:54:43 +05:30
context 'when runner token is expired' do
let(:runner) { expired_runner }
2022-04-04 11:22:00 +05:30
2022-11-25 23:54:43 +05:30
it { is_expected.to eq(true) }
2022-04-04 11:22:00 +05:30
end
end
describe '#token_with_expiration' do
describe '#token' do
subject { non_expired_runner.token_with_expiration.token }
it { is_expected.to eq(non_expired_runner.token) }
end
describe '#token_expires_at' do
subject { non_expired_runner.token_with_expiration.token_expires_at }
it { is_expected.to eq(non_expired_runner.token_expires_at) }
end
describe '#expirable?' do
subject { non_expired_runner.token_with_expiration.expirable? }
it { is_expected.to eq(true) }
end
end
describe '.find_by_token' do
subject { Ci::Runner.find_by_token(runner.token) }
2022-11-25 23:54:43 +05:30
context 'when runner has no token expiration' do
let(:runner) { non_expirable_runner }
2022-04-04 11:22:00 +05:30
2022-11-25 23:54:43 +05:30
it { is_expected.to eq(non_expirable_runner) }
2022-04-04 11:22:00 +05:30
end
2022-11-25 23:54:43 +05:30
context 'when runner token is not expired' do
let(:runner) { non_expired_runner }
2022-04-04 11:22:00 +05:30
2022-11-25 23:54:43 +05:30
it { is_expected.to eq(non_expired_runner) }
end
2022-04-04 11:22:00 +05:30
2022-11-25 23:54:43 +05:30
context 'when runner token is expired' do
let(:runner) { expired_runner }
2022-04-04 11:22:00 +05:30
2022-11-25 23:54:43 +05:30
it { is_expected.to be_nil }
2022-04-04 11:22:00 +05:30
end
end
2019-02-15 15:39:39 +05:30
end
2022-02-27 12:50:16 +05:30
RSpec.shared_examples 'prefixed token rotation' do
describe "ensure_runners_token" do
subject { instance.ensure_runners_token }
context 'token is not set' do
it 'generates a new token' do
2022-08-27 11:52:29 +05:30
expect(subject).to match(/^#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}/o)
2022-02-27 12:50:16 +05:30
expect(instance).not_to be_persisted
end
end
context 'token is set, but does not match the prefix' do
before do
instance.set_runners_token('abcdef')
end
it 'generates a new token' do
2022-08-27 11:52:29 +05:30
expect(subject).to match(/^#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}/o)
2022-02-27 12:50:16 +05:30
expect(instance).not_to be_persisted
end
end
context 'token is set and matches prefix' do
before do
2022-04-01 21:47:47 +05:30
instance.set_runners_token(RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX + '-abcdef')
2022-02-27 12:50:16 +05:30
end
it 'leaves the token unchanged' do
expect { subject }.not_to change(instance, :runners_token)
expect(instance).not_to be_persisted
end
end
end
describe 'ensure_runners_token!' do
subject { instance.ensure_runners_token! }
context 'token is not set' do
it 'generates a new token' do
2022-08-27 11:52:29 +05:30
expect(subject).to match(/^#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}/o)
2022-02-27 12:50:16 +05:30
expect(instance).to be_persisted
end
end
context 'token is set, but does not match the prefix' do
before do
instance.set_runners_token('abcdef')
end
it 'generates a new token' do
2022-08-27 11:52:29 +05:30
expect(subject).to match(/^#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}/o)
2022-02-27 12:50:16 +05:30
expect(instance).to be_persisted
end
end
context 'token is set and matches prefix' do
before do
2022-04-01 21:47:47 +05:30
instance.set_runners_token(RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX + '-abcdef')
2022-02-27 12:50:16 +05:30
instance.save!
end
it 'leaves the token unchanged' do
expect { subject }.not_to change(instance, :runners_token)
end
end
end
end
RSpec.describe Project, 'TokenAuthenticatable' do
let(:instance) { build(:project, runners_token: nil) }
it_behaves_like 'prefixed token rotation'
end
RSpec.describe Group, 'TokenAuthenticatable' do
let(:instance) { build(:group, runners_token: nil) }
it_behaves_like 'prefixed token rotation'
end