debian-mirror-gitlab/spec/requests/api/deploy_tokens_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

529 lines
15 KiB
Ruby
Raw Permalink Normal View History

2020-04-08 14:13:33 +05:30
# frozen_string_literal: true
require 'spec_helper'
2023-06-20 00:43:36 +05:30
RSpec.describe API::DeployTokens, :aggregate_failures, feature_category: :continuous_delivery do
2020-04-08 14:13:33 +05:30
let_it_be(:user) { create(:user) }
let_it_be(:creator) { create(:user) }
let_it_be(:project) { create(:project, creator_id: creator.id) }
let_it_be(:group) { create(:group) }
2021-09-30 23:02:18 +05:30
2020-04-08 14:13:33 +05:30
let!(:deploy_token) { create(:deploy_token, projects: [project]) }
2021-06-08 01:23:25 +05:30
let!(:revoked_deploy_token) { create(:deploy_token, projects: [project], revoked: true) }
let!(:expired_deploy_token) { create(:deploy_token, projects: [project], expires_at: '1988-01-11T04:33:04-0600') }
2020-04-08 14:13:33 +05:30
let!(:group_deploy_token) { create(:deploy_token, :group, groups: [group]) }
2021-06-08 01:23:25 +05:30
let!(:revoked_group_deploy_token) { create(:deploy_token, :group, groups: [group], revoked: true) }
let!(:expired_group_deploy_token) { create(:deploy_token, :group, groups: [group], expires_at: '1988-01-11T04:33:04-0600') }
2020-04-08 14:13:33 +05:30
describe 'GET /deploy_tokens' do
subject do
2023-06-20 00:43:36 +05:30
get api('/deploy_tokens', user, admin_mode: admin_mode)
2020-04-08 14:13:33 +05:30
response
end
2023-06-20 00:43:36 +05:30
let_it_be(:admin_mode) { false }
2020-04-08 14:13:33 +05:30
2023-06-20 00:43:36 +05:30
it_behaves_like 'GET request permissions for admin mode' do
let(:path) { '/deploy_tokens' }
2020-04-08 14:13:33 +05:30
end
2023-06-20 00:43:36 +05:30
context 'when unauthenticated' do
let(:user) { nil }
2020-04-08 14:13:33 +05:30
2023-06-20 00:43:36 +05:30
it { is_expected.to have_gitlab_http_status(:unauthorized) }
2020-04-08 14:13:33 +05:30
end
context 'when authenticated as admin' do
let(:user) { create(:admin) }
2023-06-20 00:43:36 +05:30
let_it_be(:admin_mode) { true }
2020-04-08 14:13:33 +05:30
it 'returns all deploy tokens' do
subject
2021-06-08 01:23:25 +05:30
token_ids = json_response.map { |token| token['id'] }
2020-04-08 14:13:33 +05:30
expect(response).to include_pagination_headers
expect(response).to match_response_schema('public_api/v4/deploy_tokens')
2022-11-25 23:54:43 +05:30
expect(token_ids).to match_array(
[
deploy_token.id,
revoked_deploy_token.id,
expired_deploy_token.id,
group_deploy_token.id,
revoked_group_deploy_token.id,
expired_group_deploy_token.id
])
2021-06-08 01:23:25 +05:30
end
context 'and active=true' do
it 'only returns active deploy tokens' do
2023-06-20 00:43:36 +05:30
get api('/deploy_tokens?active=true', user, admin_mode: true)
2021-06-08 01:23:25 +05:30
token_ids = json_response.map { |token| token['id'] }
expect(response).to have_gitlab_http_status(:ok)
expect(response).to include_pagination_headers
2022-11-25 23:54:43 +05:30
expect(token_ids).to match_array(
[
deploy_token.id,
group_deploy_token.id
])
2021-06-08 01:23:25 +05:30
end
2020-04-08 14:13:33 +05:30
end
end
end
describe 'GET /projects/:id/deploy_tokens' do
2023-06-20 00:43:36 +05:30
let(:path) { "/projects/#{project.id}/deploy_tokens" }
2020-04-08 14:13:33 +05:30
subject do
2023-06-20 00:43:36 +05:30
get api(path, user)
2020-04-08 14:13:33 +05:30
response
end
context 'when unauthenticated' do
let(:user) { nil }
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'when authenticated as non-admin user' do
before do
project.add_developer(user)
end
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as maintainer' do
let!(:other_deploy_token) { create(:deploy_token) }
before do
project.add_maintainer(user)
end
it { is_expected.to have_gitlab_http_status(:ok) }
it 'returns all deploy tokens for the project' do
subject
expect(response).to include_pagination_headers
expect(response).to match_response_schema('public_api/v4/deploy_tokens')
end
it 'does not return deploy tokens for other projects' do
subject
token_ids = json_response.map { |token| token['id'] }
2022-11-25 23:54:43 +05:30
expect(token_ids).to match_array(
[
deploy_token.id,
expired_deploy_token.id,
revoked_deploy_token.id
])
2021-06-08 01:23:25 +05:30
end
context 'and active=true' do
it 'only returns active deploy tokens for the project' do
get api("/projects/#{project.id}/deploy_tokens?active=true", user)
token_ids = json_response.map { |token| token['id'] }
expect(response).to have_gitlab_http_status(:ok)
expect(response).to include_pagination_headers
expect(token_ids).to match_array([deploy_token.id])
end
2020-04-08 14:13:33 +05:30
end
end
end
2022-05-07 20:08:51 +05:30
describe 'GET /projects/:id/deploy_tokens/:token_id' do
2023-06-20 00:43:36 +05:30
let(:path) { "/projects/#{project.id}/deploy_tokens/#{deploy_token.id}" }
2022-05-07 20:08:51 +05:30
subject do
2023-06-20 00:43:36 +05:30
get api(path, user)
2022-05-07 20:08:51 +05:30
response
end
context 'when unauthenticated' do
let(:user) { nil }
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'when authenticated as non-admin user' do
before do
project.add_developer(user)
end
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as maintainer' do
before do
project.add_maintainer(user)
end
it { is_expected.to have_gitlab_http_status(:ok) }
it 'returns specific deploy token for the project' do
subject
expect(response).to match_response_schema('public_api/v4/deploy_token')
end
context 'invalid request' do
it 'returns not found with invalid project id' do
get api("/projects/bad_id/deploy_tokens/#{deploy_token.id}", user)
expect(response).to have_gitlab_http_status(:not_found)
end
it 'returns not found with invalid token id' do
get api("/projects/#{project.id}/deploy_tokens/#{non_existing_record_id}", user)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
2020-04-08 14:13:33 +05:30
describe 'GET /groups/:id/deploy_tokens' do
2023-06-20 00:43:36 +05:30
let(:path) { "/groups/#{group.id}/deploy_tokens" }
2020-04-08 14:13:33 +05:30
subject do
2023-06-20 00:43:36 +05:30
get api(path, user)
2020-04-08 14:13:33 +05:30
response
end
context 'when unauthenticated' do
let(:user) { nil }
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as non-admin user' do
before do
group.add_developer(user)
end
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as maintainer' do
let!(:other_deploy_token) { create(:deploy_token, :group) }
before do
group.add_maintainer(user)
end
it { is_expected.to have_gitlab_http_status(:ok) }
it 'returns all deploy tokens for the group' do
subject
2021-06-08 01:23:25 +05:30
token_ids = json_response.map { |token| token['id'] }
2020-04-08 14:13:33 +05:30
expect(response).to include_pagination_headers
expect(response).to match_response_schema('public_api/v4/deploy_tokens')
2021-06-08 01:23:25 +05:30
expect(token_ids.length).to be(3)
2020-04-08 14:13:33 +05:30
end
it 'does not return deploy tokens for other groups' do
subject
token_ids = json_response.map { |token| token['id'] }
expect(token_ids).not_to include(other_deploy_token.id)
end
2021-06-08 01:23:25 +05:30
context 'and active=true' do
it 'only returns active deploy tokens for the group' do
get api("/groups/#{group.id}/deploy_tokens?active=true", user)
token_ids = json_response.map { |token| token['id'] }
expect(response).to have_gitlab_http_status(:ok)
expect(response).to include_pagination_headers
expect(token_ids).to eql([group_deploy_token.id])
end
end
2020-04-08 14:13:33 +05:30
end
end
2022-05-07 20:08:51 +05:30
describe 'GET /groups/:id/deploy_tokens/:token_id' do
2023-06-20 00:43:36 +05:30
let(:path) { "/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}" }
2022-05-07 20:08:51 +05:30
subject do
2023-06-20 00:43:36 +05:30
get api(path, user)
2022-05-07 20:08:51 +05:30
response
end
context 'when unauthenticated' do
let(:user) { nil }
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as non-admin user' do
before do
group.add_developer(user)
end
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as maintainer' do
before do
group.add_maintainer(user)
end
it { is_expected.to have_gitlab_http_status(:ok) }
it 'returns specific deploy token for the group' do
subject
expect(response).to match_response_schema('public_api/v4/deploy_token')
end
context 'invalid request' do
it 'returns not found with invalid group id' do
get api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user)
expect(response).to have_gitlab_http_status(:not_found)
end
it 'returns not found with invalid token id' do
get api("/groups/#{group.id}/deploy_tokens/#{non_existing_record_id}", user)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
2020-04-08 14:13:33 +05:30
describe 'DELETE /projects/:id/deploy_tokens/:token_id' do
2023-06-20 00:43:36 +05:30
let(:path) { "/projects/#{project.id}/deploy_tokens/#{deploy_token.id}" }
2020-04-08 14:13:33 +05:30
subject do
2023-06-20 00:43:36 +05:30
delete api(path, user)
2020-04-08 14:13:33 +05:30
response
end
context 'when unauthenticated' do
let(:user) { nil }
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'when authenticated as non-admin user' do
before do
project.add_developer(user)
end
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as maintainer' do
before do
project.add_maintainer(user)
end
it { is_expected.to have_gitlab_http_status(:no_content) }
2020-04-22 19:07:51 +05:30
it 'calls the deploy token destroy service' do
expect(::Projects::DeployTokens::DestroyService).to receive(:new)
.with(project, user, token_id: deploy_token.id)
.and_return(true)
subject
2020-04-08 14:13:33 +05:30
end
context 'invalid request' do
it 'returns not found with invalid group id' do
delete api("/projects/bad_id/deploy_tokens/#{group_deploy_token.id}", user)
expect(response).to have_gitlab_http_status(:not_found)
end
it 'returns bad_request with invalid token id' do
2020-04-22 19:07:51 +05:30
expect(::Projects::DeployTokens::DestroyService).to receive(:new)
2022-05-07 20:08:51 +05:30
.with(project, user, token_id: non_existing_record_id)
2020-04-22 19:07:51 +05:30
.and_raise(ActiveRecord::RecordNotFound)
2022-05-07 20:08:51 +05:30
delete api("/projects/#{project.id}/deploy_tokens/#{non_existing_record_id}", user)
2020-04-08 14:13:33 +05:30
2020-04-22 19:07:51 +05:30
expect(response).to have_gitlab_http_status(:not_found)
2020-04-08 14:13:33 +05:30
end
end
end
end
context 'deploy token creation' do
2020-07-02 01:45:43 +05:30
shared_examples 'creating a deploy token' do |entity, unauthenticated_response, authorized_role|
2023-03-04 22:38:38 +05:30
let(:expires_time) { 1.year.from_now.to_datetime }
2020-04-08 14:13:33 +05:30
let(:params) do
{
name: 'Foo',
2020-04-22 19:07:51 +05:30
expires_at: expires_time,
2020-04-08 14:13:33 +05:30
scopes: [
'read_repository'
],
username: 'Bar'
}
end
context 'when unauthenticated' do
let(:user) { nil }
it { is_expected.to have_gitlab_http_status(unauthenticated_response) }
end
context 'when authenticated as non-admin user' do
before do
send(entity).add_developer(user)
end
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
2020-07-02 01:45:43 +05:30
context "when authenticated as #{authorized_role}" do
2020-04-08 14:13:33 +05:30
before do
2020-07-02 01:45:43 +05:30
send(entity).send("add_#{authorized_role}", user)
2020-04-08 14:13:33 +05:30
end
it 'creates the deploy token' do
expect { subject }.to change { DeployToken.count }.by(1)
expect(response).to have_gitlab_http_status(:created)
expect(response).to match_response_schema('public_api/v4/deploy_token')
2020-04-22 19:07:51 +05:30
expect(json_response['name']).to eq('Foo')
expect(json_response['scopes']).to eq(['read_repository'])
expect(json_response['username']).to eq('Bar')
expect(json_response['expires_at'].to_time.to_i).to eq(expires_time.to_i)
end
context 'with no optional params given' do
let(:params) do
{
name: 'Foo',
scopes: [
'read_repository'
]
}
end
it 'creates the deploy token with default values' do
subject
expect(response).to have_gitlab_http_status(:created)
expect(json_response['username']).to match(/gitlab\+deploy-token-\d+/)
expect(json_response['expires_at']).to eq(nil)
end
2020-04-08 14:13:33 +05:30
end
context 'with an invalid scope' do
before do
params[:scopes] = %w[read_repository all_access]
end
it { is_expected.to have_gitlab_http_status(:bad_request) }
end
2023-03-04 22:38:38 +05:30
context 'with an invalid expires_at date' do
before do
params[:expires_at] = 'foo'
end
it { is_expected.to have_gitlab_http_status(:bad_request) }
end
2020-04-08 14:13:33 +05:30
end
end
describe 'POST /projects/:id/deploy_tokens' do
subject do
post api("/projects/#{project.id}/deploy_tokens", user), params: params
response
end
2020-07-02 01:45:43 +05:30
it_behaves_like 'creating a deploy token', :project, :not_found, :maintainer
2020-04-08 14:13:33 +05:30
end
describe 'POST /groups/:id/deploy_tokens' do
subject do
post api("/groups/#{group.id}/deploy_tokens", user), params: params
response
end
2020-07-02 01:45:43 +05:30
it_behaves_like 'creating a deploy token', :group, :forbidden, :owner
context 'when authenticated as maintainer' do
before do
group.add_maintainer(user)
end
let(:params) { { name: 'test', scopes: ['read_repository'] } }
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
2020-04-08 14:13:33 +05:30
end
end
describe 'DELETE /groups/:id/deploy_tokens/:token_id' do
2023-06-20 00:43:36 +05:30
let(:path) { "/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}" }
2020-04-08 14:13:33 +05:30
subject do
2023-06-20 00:43:36 +05:30
delete api(path, user)
2020-04-08 14:13:33 +05:30
response
end
context 'when unauthenticated' do
let(:user) { nil }
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as non-admin user' do
before do
group.add_developer(user)
end
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as maintainer' do
before do
group.add_maintainer(user)
end
2020-07-02 01:45:43 +05:30
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as owner' do
before do
group.add_owner(user)
end
2020-04-22 19:07:51 +05:30
it 'calls the deploy token destroy service' do
expect(::Groups::DeployTokens::DestroyService).to receive(:new)
.with(group, user, token_id: group_deploy_token.id)
.and_return(true)
2020-04-08 14:13:33 +05:30
2020-04-22 19:07:51 +05:30
subject
2020-04-08 14:13:33 +05:30
end
context 'invalid request' do
it 'returns bad request with invalid group id' do
delete api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user)
expect(response).to have_gitlab_http_status(:not_found)
end
it 'returns not found with invalid deploy token id' do
2020-04-22 19:07:51 +05:30
expect(::Groups::DeployTokens::DestroyService).to receive(:new)
2022-05-07 20:08:51 +05:30
.with(group, user, token_id: non_existing_record_id)
2020-04-22 19:07:51 +05:30
.and_raise(ActiveRecord::RecordNotFound)
2022-05-07 20:08:51 +05:30
delete api("/groups/#{group.id}/deploy_tokens/#{non_existing_record_id}", user)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
end