debian-mirror-gitlab/spec/services/dependency_proxy/auth_token_service_spec.rb

# frozen_string_literal: true
require 'spec_helper'

RSpec.describe DependencyProxy::AuthTokenService do
  include DependencyProxyHelpers

  let_it_be(:user) { create(:user) }
  let_it_be(:deploy_token) { create(:deploy_token) }

  describe '.user_or_deploy_token_from_jwt' do
    subject { described_class.user_or_deploy_token_from_jwt(token.encoded) }

    shared_examples 'handling token errors' do
      context 'with a decoding error' do
        before do
          allow(JWT).to receive(:decode).and_raise(JWT::DecodeError)
        end

        it { is_expected.to eq(nil) }
      end

      context 'with an immature signature error' do
        before do
          allow(JWT).to receive(:decode).and_raise(JWT::ImmatureSignature)
        end

        it { is_expected.to eq(nil) }
      end

      context 'with an expired signature error' do
        it 'returns nil' do
          travel_to(Time.zone.now + Auth::DependencyProxyAuthenticationService.token_expire_at + 1.minute) do
            expect(subject).to eq(nil)
          end
        end
      end
    end

    context 'with a user' do
      let_it_be(:token) { build_jwt(user) }

      it { is_expected.to eq(user) }

      context 'with an invalid user id' do
        let_it_be(:token) { build_jwt { |jwt| jwt['user_id'] = 'this_is_not_a_user_id' } }

        it 'raises an not found error' do
          expect { subject }.to raise_error(ActiveRecord::RecordNotFound)
        end
      end

      it_behaves_like 'handling token errors'
    end

    context 'with a deploy token' do
      let_it_be(:token) { build_jwt(deploy_token) }

      it { is_expected.to eq(deploy_token) }

      context 'with an invalid token' do
        let_it_be(:token) { build_jwt { |jwt| jwt['deploy_token'] = 'this_is_not_a_token' } }

        it { is_expected.to eq(nil) }
      end

      it_behaves_like 'handling token errors'
    end

    context 'with an empty token payload' do
      let_it_be(:token) { build_jwt(nil) }

      it { is_expected.to eq(nil) }
    end
  end
end
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`# frozen_string_literal: true`
			`require 'spec_helper'`

			`RSpec.describe DependencyProxy::AuthTokenService do`
			`include DependencyProxyHelpers`

New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`let_it_be(:user) { create(:user) }`
			`let_it_be(:deploy_token) { create(:deploy_token) }`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`describe '.user_or_deploy_token_from_jwt' do`
			`subject { described_class.user_or_deploy_token_from_jwt(token.encoded) }`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`shared_examples 'handling token errors' do`
			`context 'with a decoding error' do`
			`before do`
			`allow(JWT).to receive(:decode).and_raise(JWT::DecodeError)`
			`end`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`it { is_expected.to eq(nil) }`
			`end`
New upstream version 14.2.5+ds1 2021-10-27 15:23:28 +05:30
New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`context 'with an immature signature error' do`
			`before do`
			`allow(JWT).to receive(:decode).and_raise(JWT::ImmatureSignature)`
			`end`
New upstream version 14.2.5+ds1 2021-10-27 15:23:28 +05:30
New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`it { is_expected.to eq(nil) }`
			`end`
New upstream version 14.2.5+ds1 2021-10-27 15:23:28 +05:30
New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`context 'with an expired signature error' do`
			`it 'returns nil' do`
			`travel_to(Time.zone.now + Auth::DependencyProxyAuthenticationService.token_expire_at + 1.minute) do`
			`expect(subject).to eq(nil)`
			`end`
			`end`
New upstream version 14.2.5+ds1 2021-10-27 15:23:28 +05:30			`end`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`end`

New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`context 'with a user' do`
			`let_it_be(:token) { build_jwt(user) }`

			`it { is_expected.to eq(user) }`

			`context 'with an invalid user id' do`
			`let_it_be(:token) { build_jwt { \|jwt\| jwt['user_id'] = 'this_is_not_a_user_id' } }`

			`it 'raises an not found error' do`
			`expect { subject }.to raise_error(ActiveRecord::RecordNotFound)`
			`end`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`end`
New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30
			`it_behaves_like 'handling token errors'`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`end`

New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`context 'with a deploy token' do`
			`let_it_be(:token) { build_jwt(deploy_token) }`

			`it { is_expected.to eq(deploy_token) }`

			`context 'with an invalid token' do`
			`let_it_be(:token) { build_jwt { \|jwt\| jwt['deploy_token'] = 'this_is_not_a_token' } }`

			`it { is_expected.to eq(nil) }`
			`end`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`it_behaves_like 'handling token errors'`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`end`

New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`context 'with an empty token payload' do`
			`let_it_be(:token) { build_jwt(nil) }`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`it { is_expected.to eq(nil) }`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`end`
			`end`
			`end`