debian-mirror-gitlab/spec/requests/api/doorkeeper_access_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

83 lines
2.1 KiB
Ruby
Raw Normal View History

2019-12-26 22:10:19 +05:30
# frozen_string_literal: true
2015-04-26 12:48:37 +05:30
require 'spec_helper'
2023-03-04 22:38:38 +05:30
RSpec.describe 'doorkeeper access', feature_category: :authentication_and_authorization do
2015-04-26 12:48:37 +05:30
let!(:user) { create(:user) }
2015-09-11 14:41:01 +05:30
let!(:application) { Doorkeeper::Application.create!(name: "MyApp", redirect_uri: "https://app.com", owner: user) }
2017-08-17 22:00:37 +05:30
let!(:token) { Doorkeeper::AccessToken.create! application_id: application.id, resource_owner_id: user.id, scopes: "api" }
2015-09-11 14:41:01 +05:30
2017-08-17 22:00:37 +05:30
describe "unauthenticated" do
2015-04-26 12:48:37 +05:30
it "returns authentication success" do
2022-08-27 11:52:29 +05:30
get api("/user"), params: { access_token: token.plaintext_token }
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2015-04-26 12:48:37 +05:30
end
2017-08-17 22:00:37 +05:30
include_examples 'user login request with unique ip limit' do
def request
2022-08-27 11:52:29 +05:30
get api('/user'), params: { access_token: token.plaintext_token }
2017-08-17 22:00:37 +05:30
end
end
2015-04-26 12:48:37 +05:30
end
describe "when token invalid" do
it "returns authentication error" do
2019-02-15 15:39:39 +05:30
get api("/user"), params: { access_token: "123a" }
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:unauthorized)
2015-04-26 12:48:37 +05:30
end
end
2018-03-17 18:26:18 +05:30
describe "authorization by OAuth token" do
2015-04-26 12:48:37 +05:30
it "returns authentication success" do
get api("/user", user)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2015-04-26 12:48:37 +05:30
end
2017-08-17 22:00:37 +05:30
include_examples 'user login request with unique ip limit' do
def request
get api('/user', user)
end
end
end
2019-12-21 20:55:43 +05:30
shared_examples 'forbidden request' do
it 'returns 403 response' do
2022-08-27 11:52:29 +05:30
get api("/user"), params: { access_token: token.plaintext_token }
2017-08-17 22:00:37 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
2017-08-17 22:00:37 +05:30
end
end
2019-12-21 20:55:43 +05:30
context "when user is blocked" do
before do
user.block
end
it_behaves_like 'forbidden request'
end
context "when user is ldap_blocked" do
before do
2017-08-17 22:00:37 +05:30
user.ldap_block
2019-12-21 20:55:43 +05:30
end
2017-08-17 22:00:37 +05:30
2019-12-21 20:55:43 +05:30
it_behaves_like 'forbidden request'
end
context "when user is deactivated" do
before do
user.deactivate
2017-08-17 22:00:37 +05:30
end
2019-12-21 20:55:43 +05:30
it_behaves_like 'forbidden request'
2015-04-26 12:48:37 +05:30
end
2021-01-03 14:25:43 +05:30
context 'when user is blocked pending approval' do
before do
user.block_pending_approval
end
it_behaves_like 'forbidden request'
end
2015-04-26 12:48:37 +05:30
end