2019-12-26 22:10:19 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
RSpec.describe 'Session TTLs', :clean_gitlab_redis_shared_state do
|
2021-11-11 11:23:49 +05:30
|
|
|
include SessionHelpers
|
|
|
|
|
|
2019-12-26 22:10:19 +05:30
|
|
|
it 'creates a session with a short TTL when login fails' do
|
|
|
|
|
visit new_user_session_path
|
|
|
|
|
# The session key only gets created after a post
|
|
|
|
|
fill_in 'user_login', with: 'non-existant@gitlab.org'
|
2022-03-02 08:16:31 +05:30
|
|
|
fill_in 'user_password', with: Gitlab::Password.test_default
|
2019-12-26 22:10:19 +05:30
|
|
|
click_button 'Sign in'
|
|
|
|
|
|
2021-04-29 21:17:54 +05:30
|
|
|
expect(page).to have_content('Invalid login or password')
|
2019-12-26 22:10:19 +05:30
|
|
|
|
2021-11-11 11:23:49 +05:30
|
|
|
expect_single_session_with_short_ttl
|
2019-12-26 22:10:19 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'increases the TTL when the login succeeds' do
|
|
|
|
|
user = create(:user)
|
|
|
|
|
gitlab_sign_in(user)
|
|
|
|
|
|
|
|
|
|
expect(page).to have_content(user.name)
|
|
|
|
|
|
2021-11-11 11:23:49 +05:30
|
|
|
expect_single_session_with_authenticated_ttl
|
2019-12-26 22:10:19 +05:30
|
|
|
end
|
|
|
|
|
|
2021-11-11 11:23:49 +05:30
|
|
|
context 'with an unauthorized project' do
|
|
|
|
|
let_it_be(:project) { create(:project, :repository) }
|
2019-12-26 22:10:19 +05:30
|
|
|
|
2021-11-11 11:23:49 +05:30
|
|
|
it 'creates a session with a short TTL' do
|
|
|
|
|
visit project_raw_path(project, 'master/README.md')
|
2019-12-26 22:10:19 +05:30
|
|
|
|
2021-11-11 11:23:49 +05:30
|
|
|
expect_single_session_with_short_ttl
|
|
|
|
|
expect(page).to have_current_path(new_user_session_path)
|
|
|
|
|
end
|
2019-12-26 22:10:19 +05:30
|
|
|
end
|
|
|
|
|
end
|
