debian-mirror-gitlab/spec/models/concerns/token_authenticatable_spec.rb

require 'spec_helper'

shared_examples 'TokenAuthenticatable' do
  describe 'dynamically defined methods' do
    it { expect(described_class).to respond_to("find_by_#{token_field}") }
    it { is_expected.to respond_to("ensure_#{token_field}") }
    it { is_expected.to respond_to("set_#{token_field}") }
    it { is_expected.to respond_to("reset_#{token_field}!") }
  end
end

describe User, 'TokenAuthenticatable' do
  let(:token_field) { :feed_token }
  it_behaves_like 'TokenAuthenticatable'

  describe 'ensures authentication token' do
    subject { create(:user).send(token_field) }
    it { is_expected.to be_a String }
  end
end

describe ApplicationSetting, 'TokenAuthenticatable' do
  let(:token_field) { :runners_registration_token }
  let(:settings) { described_class.new }

  it_behaves_like 'TokenAuthenticatable'

  describe 'generating new token' do
    context 'token is not generated yet' do
      describe 'token field accessor' do
        subject { settings.send(token_field) }

        it { is_expected.not_to be_blank }
      end

      describe "ensure_runners_registration_token" do
        subject { settings.send("ensure_#{token_field}") }

        it { is_expected.to be_a String }
        it { is_expected.not_to be_blank }

        it 'does not persist token' do
          expect(settings).not_to be_persisted
        end
      end

      describe 'ensure_runners_registration_token!' do
        subject { settings.send("ensure_#{token_field}!") }

        it 'persists new token as an encrypted string' do
          expect(subject).to eq settings.reload.runners_registration_token
          expect(settings.read_attribute('runners_registration_token_encrypted'))
            .to eq Gitlab::CryptoHelper.aes256_gcm_encrypt(subject)
          expect(settings).to be_persisted
        end

        it 'does not persist token in a clear text' do
          expect(subject).not_to eq settings.reload
            .read_attribute('runners_registration_token_encrypted')
        end
      end
    end

    context 'token is generated' do
      before do
        settings.send("reset_#{token_field}!")
      end

      it 'persists a new token' do
        expect(settings.runners_registration_token).to be_a String
      end
    end
  end

  describe 'setting new token' do
    subject { settings.send("set_#{token_field}", '0123456789') }

    it { is_expected.to eq '0123456789' }
  end

  describe 'multiple token fields' do
    before(:all) do
      described_class.send(:add_authentication_token_field, :yet_another_token)
    end

    it { is_expected.to respond_to(:ensure_runners_registration_token) }
    it { is_expected.to respond_to(:ensure_yet_another_token) }
  end

  describe 'setting same token field multiple times' do
    subject { described_class.send(:add_authentication_token_field, :runners_registration_token) }

    it 'raises error' do
      expect {subject}.to raise_error(ArgumentError)
    end
  end
end

describe PersonalAccessToken, 'TokenAuthenticatable' do
  let(:personal_access_token_name) { 'test-pat-01' }
  let(:token_value) { 'token' }
  let(:user) { create(:user) }
  let(:personal_access_token) do
    described_class.new(name: personal_access_token_name,
                        user_id: user.id,
                        scopes: [:api],
                        token: token,
                        token_digest: token_digest)
  end

  before do
    allow(Devise).to receive(:friendly_token).and_return(token_value)
  end

  describe '.find_by_token' do
    subject { PersonalAccessToken.find_by_token(token_value) }

    before do
      personal_access_token.save
    end

    context 'token_digest already exists' do
      let(:token) { nil }
      let(:token_digest) { Gitlab::CryptoHelper.sha256(token_value) }

      it 'finds the token' do
        expect(subject).not_to be_nil
        expect(subject.name).to eql(personal_access_token_name)
      end
    end

    context 'token_digest does not exist' do
      let(:token) { token_value }
      let(:token_digest) { nil }

      it 'finds the token' do
        expect(subject).not_to be_nil
        expect(subject.name).to eql(personal_access_token_name)
      end
    end
  end

  describe '#set_token'   do
    let(:new_token_value) { 'new-token' }
    subject { personal_access_token.set_token(new_token_value) }

    context 'token_digest already exists' do
      let(:token) { nil }
      let(:token_digest) { Gitlab::CryptoHelper.sha256(token_value) }

      it 'overwrites token_digest' do
        subject

        expect(personal_access_token.read_attribute('token')).to be_nil
        expect(personal_access_token.token).to eql(new_token_value)
        expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(new_token_value))
      end
    end

    context 'token_digest does not exist but token does' do
      let(:token) { token_value }
      let(:token_digest) { nil }

      it 'creates new token_digest and clears token' do
        subject

        expect(personal_access_token.read_attribute('token')).to be_nil
        expect(personal_access_token.token).to eql(new_token_value)
        expect(personal_access_token.token_digest).to eql(Gitlab::CryptoHelper.sha256(new_token_value))
      end
    end

    context 'token_digest does not exist, nor token' do
      let(:token) { nil }
      let(:token_digest) { nil }

      it 'creates new token_digest' do
        subject

        expect(personal_access_token.read_attribute('token')).to be_nil
        expect(personal_access_token.token).to eql(new_token_value)
        expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(new_token_value))
      end
    end
  end

  describe '#ensure_token' do
    subject { personal_access_token.ensure_token }

    context 'token_digest already exists' do
      let(:token) { nil }
      let(:token_digest) { Gitlab::CryptoHelper.sha256(token_value) }

      it 'does not change token fields' do
        subject

        expect(personal_access_token.read_attribute('token')).to be_nil
        expect(personal_access_token.token).to be_nil
        expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))
      end
    end

    context 'token_digest does not exist but token does' do
      let(:token) { token_value }
      let(:token_digest) { nil }

      it 'does not change token fields' do
        subject

        expect(personal_access_token.read_attribute('token')).to eql(token_value)
        expect(personal_access_token.token).to eql(token_value)
        expect(personal_access_token.token_digest).to be_nil
      end
    end

    context 'token_digest does not exist, nor token' do
      let(:token) { nil }
      let(:token_digest) { nil }

      it 'creates token_digest' do
        subject

        expect(personal_access_token.read_attribute('token')).to be_nil
        expect(personal_access_token.token).to eql(token_value)
        expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))
      end
    end
  end

  describe '#ensure_token!' do
    subject { personal_access_token.ensure_token! }

    context 'token_digest already exists' do
      let(:token) { nil }
      let(:token_digest) { Gitlab::CryptoHelper.sha256(token_value) }

      it 'does not change token fields' do
        subject

        expect(personal_access_token.read_attribute('token')).to be_nil
        expect(personal_access_token.token).to be_nil
        expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))
      end
    end

    context 'token_digest does not exist but token does' do
      let(:token) { token_value }
      let(:token_digest) { nil }

      it 'does not change token fields' do
        subject

        expect(personal_access_token.read_attribute('token')).to eql(token_value)
        expect(personal_access_token.token).to eql(token_value)
        expect(personal_access_token.token_digest).to be_nil
      end
    end

    context 'token_digest does not exist, nor token' do
      let(:token) { nil }
      let(:token_digest) { nil }

      it 'creates token_digest' do
        subject

        expect(personal_access_token.read_attribute('token')).to be_nil
        expect(personal_access_token.token).to eql(token_value)
        expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))
      end
    end
  end

  describe '#reset_token!' do
    subject { personal_access_token.reset_token! }

    context 'token_digest already exists' do
      let(:token) { nil }
      let(:token_digest) { Gitlab::CryptoHelper.sha256('old-token') }

      it 'creates new token_digest' do
        subject

        expect(personal_access_token.read_attribute('token')).to be_nil
        expect(personal_access_token.token).to eql(token_value)
        expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))
      end
    end

    context 'token_digest does not exist but token does' do
      let(:token) { 'old-token' }
      let(:token_digest) { nil }

      it 'creates new token_digest and clears token' do
        subject

        expect(personal_access_token.read_attribute('token')).to be_nil
        expect(personal_access_token.token).to eql(token_value)
        expect(personal_access_token.token_digest).to eql(Gitlab::CryptoHelper.sha256(token_value))
      end
    end

    context 'token_digest does not exist, nor token' do
      let(:token) { nil }
      let(:token_digest) { nil }

      it 'creates new token_digest' do
        subject

        expect(personal_access_token.read_attribute('token')).to be_nil
        expect(personal_access_token.token).to eql(token_value)
        expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))
      end
    end

    context 'token_digest exists and newly generated token would be the same' do
      let(:token) { nil }
      let(:token_digest) { Gitlab::CryptoHelper.sha256('old-token') }

      before do
        personal_access_token.save
        allow(Devise).to receive(:friendly_token).and_return(
          'old-token', token_value, 'boom!')
      end

      it 'regenerates a new token_digest' do
        subject

        expect(personal_access_token.read_attribute('token')).to be_nil
        expect(personal_access_token.token).to eql(token_value)
        expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))
      end
    end

    context 'token exists and newly generated token would be the same' do
      let(:token) { 'old-token' }
      let(:token_digest) { nil }

      before do
        personal_access_token.save
        allow(Devise).to receive(:friendly_token).and_return(
          'old-token', token_value, 'boom!')
      end

      it 'regenerates a new token_digest' do
        subject

        expect(personal_access_token.read_attribute('token')).to be_nil
        expect(personal_access_token.token).to eql(token_value)
        expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))
      end
    end
  end
end

describe Ci::Build, 'TokenAuthenticatable' do
  let(:token_field) { :token }
  let(:build) { FactoryBot.build(:ci_build) }

  it_behaves_like 'TokenAuthenticatable'

  describe 'generating new token' do
    context 'token is not generated yet' do
      describe 'token field accessor' do
        it 'makes it possible to access token' do
          expect(build.token).to be_nil

          build.save!

          expect(build.token).to be_present
        end
      end

      describe "ensure_token" do
        subject { build.ensure_token }

        it { is_expected.to be_a String }
        it { is_expected.not_to be_blank }

        it 'does not persist token' do
          expect(build).not_to be_persisted
        end
      end

      describe 'ensure_token!' do
        it 'persists a new token' do
          expect(build.ensure_token!).to eq build.reload.token
          expect(build).to be_persisted
        end

        it 'persists new token as an encrypted string' do
          build.ensure_token!

          encrypted = Gitlab::CryptoHelper.aes256_gcm_encrypt(build.token)

          expect(build.read_attribute('token_encrypted')).to eq encrypted
        end

        it 'does not persist a token in a clear text' do
          build.ensure_token!

          expect(build.read_attribute('token')).to be_nil
        end
      end
    end

    describe '#reset_token!' do
      it 'persists a new token' do
        build.save!

        build.token.yield_self do |previous_token|
          build.reset_token!

          expect(build.token).not_to eq previous_token
          expect(build.token).to be_a String
        end
      end
    end
  end

  describe 'setting a new token' do
    subject { build.set_token('0123456789') }

    it 'returns the token' do
      expect(subject).to eq '0123456789'
    end

    it 'writes a new encrypted token' do
      expect(build.read_attribute('token_encrypted')).to be_nil
      expect(subject).to eq '0123456789'
      expect(build.read_attribute('token_encrypted')).to be_present
    end

    it 'does not write a new cleartext token' do
      expect(build.read_attribute('token')).to be_nil
      expect(subject).to eq '0123456789'
      expect(build.read_attribute('token')).to be_nil
    end
  end
end
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`require 'spec_helper'`

			`shared_examples 'TokenAuthenticatable' do`
			`describe 'dynamically defined methods' do`
			`it { expect(described_class).to respond_to("find_by_#{token_field}") }`
			`it { is_expected.to respond_to("ensure_#{token_field}") }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`it { is_expected.to respond_to("set_#{token_field}") }`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`it { is_expected.to respond_to("reset_#{token_field}!") }`
			`end`
			`end`

			`describe User, 'TokenAuthenticatable' do`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`let(:token_field) { :feed_token }`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`it_behaves_like 'TokenAuthenticatable'`

			`describe 'ensures authentication token' do`
			`subject { create(:user).send(token_field) }`
			`it { is_expected.to be_a String }`
			`end`
			`end`

			`describe ApplicationSetting, 'TokenAuthenticatable' do`
			`let(:token_field) { :runners_registration_token }`
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`let(:settings) { described_class.new }`

Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`it_behaves_like 'TokenAuthenticatable'`

			`describe 'generating new token' do`
			`context 'token is not generated yet' do`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`describe 'token field accessor' do`
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`subject { settings.send(token_field) }`

Imported Upstream version 8.9.0+debian~rc4 2016-06-16 23:09:34 +05:30			`it { is_expected.not_to be_blank }`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`end`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`describe "ensure_runners_registration_token" do`
			`subject { settings.send("ensure_#{token_field}") }`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30
			`it { is_expected.to be_a String }`
Imported Upstream version 8.9.0+debian~rc4 2016-06-16 23:09:34 +05:30			`it { is_expected.not_to be_blank }`
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30
			`it 'does not persist token' do`
			`expect(settings).not_to be_persisted`
			`end`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`end`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`describe 'ensure_runners_registration_token!' do`
			`subject { settings.send("ensure_#{token_field}!") }`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`it 'persists new token as an encrypted string' do`
			`expect(subject).to eq settings.reload.runners_registration_token`
			`expect(settings.read_attribute('runners_registration_token_encrypted'))`
			`.to eq Gitlab::CryptoHelper.aes256_gcm_encrypt(subject)`
			`expect(settings).to be_persisted`
			`end`

			`it 'does not persist token in a clear text' do`
			`expect(subject).not_to eq settings.reload`
			`.read_attribute('runners_registration_token_encrypted')`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`end`
			`end`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`end`

			`context 'token is generated' do`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`before do`
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`settings.send("reset_#{token_field}!")`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`end`

Imported Upstream version 8.9.0+debian~rc4 2016-06-16 23:09:34 +05:30			`it 'persists a new token' do`
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`expect(settings.runners_registration_token).to be_a String`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`end`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`end`
			`end`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`describe 'setting new token' do`
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`subject { settings.send("set_#{token_field}", '0123456789') }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
			`it { is_expected.to eq '0123456789' }`
			`end`

Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`describe 'multiple token fields' do`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`before(:all) do`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`described_class.send(:add_authentication_token_field, :yet_another_token)`
			`end`

New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`it { is_expected.to respond_to(:ensure_runners_registration_token) }`
			`it { is_expected.to respond_to(:ensure_yet_another_token) }`
			`end`

			`describe 'setting same token field multiple times' do`
			`subject { described_class.send(:add_authentication_token_field, :runners_registration_token) }`

			`it 'raises error' do`
			`expect {subject}.to raise_error(ArgumentError)`
			`end`
			`end`
			`end`

			`describe PersonalAccessToken, 'TokenAuthenticatable' do`
New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`let(:personal_access_token_name) { 'test-pat-01' }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`let(:token_value) { 'token' }`
			`let(:user) { create(:user) }`
			`let(:personal_access_token) do`
New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`described_class.new(name: personal_access_token_name,`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`user_id: user.id,`
			`scopes: [:api],`
New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`token: token,`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`token_digest: token_digest)`
			`end`

			`before do`
			`allow(Devise).to receive(:friendly_token).and_return(token_value)`
			`end`

			`describe '.find_by_token' do`
			`subject { PersonalAccessToken.find_by_token(token_value) }`

New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`before do`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`personal_access_token.save`
New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`end`

			`context 'token_digest already exists' do`
			`let(:token) { nil }`
			`let(:token_digest) { Gitlab::CryptoHelper.sha256(token_value) }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30
New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`it 'finds the token' do`
			`expect(subject).not_to be_nil`
			`expect(subject.name).to eql(personal_access_token_name)`
			`end`
			`end`

			`context 'token_digest does not exist' do`
			`let(:token) { token_value }`
			`let(:token_digest) { nil }`

			`it 'finds the token' do`
			`expect(subject).not_to be_nil`
			`expect(subject.name).to eql(personal_access_token_name)`
			`end`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`end`
			`end`

			`describe '#set_token' do`
			`let(:new_token_value) { 'new-token' }`
New upstream version 11.10.4+dfsg 2019-05-18 00:54:41 +05:30			`subject { personal_access_token.set_token(new_token_value) }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30
New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`context 'token_digest already exists' do`
			`let(:token) { nil }`
			`let(:token_digest) { Gitlab::CryptoHelper.sha256(token_value) }`

			`it 'overwrites token_digest' do`
			`subject`

			`expect(personal_access_token.read_attribute('token')).to be_nil`
			`expect(personal_access_token.token).to eql(new_token_value)`
			`expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(new_token_value))`
			`end`
			`end`

			`context 'token_digest does not exist but token does' do`
			`let(:token) { token_value }`
			`let(:token_digest) { nil }`

			`it 'creates new token_digest and clears token' do`
			`subject`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30
New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`expect(personal_access_token.read_attribute('token')).to be_nil`
			`expect(personal_access_token.token).to eql(new_token_value)`
			`expect(personal_access_token.token_digest).to eql(Gitlab::CryptoHelper.sha256(new_token_value))`
			`end`
			`end`

			`context 'token_digest does not exist, nor token' do`
			`let(:token) { nil }`
			`let(:token_digest) { nil }`

			`it 'creates new token_digest' do`
			`subject`

			`expect(personal_access_token.read_attribute('token')).to be_nil`
			`expect(personal_access_token.token).to eql(new_token_value)`
			`expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(new_token_value))`
			`end`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`end`
			`end`

			`describe '#ensure_token' do`
			`subject { personal_access_token.ensure_token }`

New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`context 'token_digest already exists' do`
			`let(:token) { nil }`
			`let(:token_digest) { Gitlab::CryptoHelper.sha256(token_value) }`

			`it 'does not change token fields' do`
			`subject`

			`expect(personal_access_token.read_attribute('token')).to be_nil`
			`expect(personal_access_token.token).to be_nil`
			`expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))`
			`end`
			`end`

			`context 'token_digest does not exist but token does' do`
			`let(:token) { token_value }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`let(:token_digest) { nil }`

New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`it 'does not change token fields' do`
			`subject`

			`expect(personal_access_token.read_attribute('token')).to eql(token_value)`
			`expect(personal_access_token.token).to eql(token_value)`
			`expect(personal_access_token.token_digest).to be_nil`
			`end`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`end`

New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`context 'token_digest does not exist, nor token' do`
			`let(:token) { nil }`
			`let(:token_digest) { nil }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30
New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`it 'creates token_digest' do`
			`subject`

			`expect(personal_access_token.read_attribute('token')).to be_nil`
			`expect(personal_access_token.token).to eql(token_value)`
			`expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))`
			`end`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`end`
			`end`

			`describe '#ensure_token!' do`
			`subject { personal_access_token.ensure_token! }`

New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`context 'token_digest already exists' do`
			`let(:token) { nil }`
			`let(:token_digest) { Gitlab::CryptoHelper.sha256(token_value) }`

			`it 'does not change token fields' do`
			`subject`

			`expect(personal_access_token.read_attribute('token')).to be_nil`
			`expect(personal_access_token.token).to be_nil`
			`expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))`
			`end`
			`end`

			`context 'token_digest does not exist but token does' do`
			`let(:token) { token_value }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`let(:token_digest) { nil }`

New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`it 'does not change token fields' do`
			`subject`

			`expect(personal_access_token.read_attribute('token')).to eql(token_value)`
			`expect(personal_access_token.token).to eql(token_value)`
			`expect(personal_access_token.token_digest).to be_nil`
			`end`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`end`

New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`context 'token_digest does not exist, nor token' do`
			`let(:token) { nil }`
			`let(:token_digest) { nil }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30
New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`it 'creates token_digest' do`
			`subject`

			`expect(personal_access_token.read_attribute('token')).to be_nil`
			`expect(personal_access_token.token).to eql(token_value)`
			`expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))`
			`end`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`end`
			`end`

			`describe '#reset_token!' do`
			`subject { personal_access_token.reset_token! }`

New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`context 'token_digest already exists' do`
			`let(:token) { nil }`
			`let(:token_digest) { Gitlab::CryptoHelper.sha256('old-token') }`

			`it 'creates new token_digest' do`
			`subject`

			`expect(personal_access_token.read_attribute('token')).to be_nil`
			`expect(personal_access_token.token).to eql(token_value)`
			`expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))`
			`end`
			`end`

			`context 'token_digest does not exist but token does' do`
			`let(:token) { 'old-token' }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`let(:token_digest) { nil }`

New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`it 'creates new token_digest and clears token' do`
			`subject`

			`expect(personal_access_token.read_attribute('token')).to be_nil`
			`expect(personal_access_token.token).to eql(token_value)`
			`expect(personal_access_token.token_digest).to eql(Gitlab::CryptoHelper.sha256(token_value))`
			`end`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`end`

New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`context 'token_digest does not exist, nor token' do`
			`let(:token) { nil }`
			`let(:token_digest) { nil }`

			`it 'creates new token_digest' do`
			`subject`

			`expect(personal_access_token.read_attribute('token')).to be_nil`
			`expect(personal_access_token.token).to eql(token_value)`
			`expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))`
			`end`
			`end`

			`context 'token_digest exists and newly generated token would be the same' do`
			`let(:token) { nil }`
			`let(:token_digest) { Gitlab::CryptoHelper.sha256('old-token') }`

			`before do`
			`personal_access_token.save`
			`allow(Devise).to receive(:friendly_token).and_return(`
			`'old-token', token_value, 'boom!')`
			`end`

			`it 'regenerates a new token_digest' do`
			`subject`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30
New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`expect(personal_access_token.read_attribute('token')).to be_nil`
			`expect(personal_access_token.token).to eql(token_value)`
			`expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))`
			`end`
			`end`

			`context 'token exists and newly generated token would be the same' do`
			`let(:token) { 'old-token' }`
			`let(:token_digest) { nil }`

			`before do`
			`personal_access_token.save`
			`allow(Devise).to receive(:friendly_token).and_return(`
			`'old-token', token_value, 'boom!')`
			`end`

			`it 'regenerates a new token_digest' do`
			`subject`

			`expect(personal_access_token.read_attribute('token')).to be_nil`
			`expect(personal_access_token.token).to eql(token_value)`
			`expect(personal_access_token.token_digest).to eql( Gitlab::CryptoHelper.sha256(token_value))`
			`end`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`end`
			`end`
			`end`
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30
			`describe Ci::Build, 'TokenAuthenticatable' do`
			`let(:token_field) { :token }`
			`let(:build) { FactoryBot.build(:ci_build) }`

			`it_behaves_like 'TokenAuthenticatable'`

			`describe 'generating new token' do`
			`context 'token is not generated yet' do`
			`describe 'token field accessor' do`
			`it 'makes it possible to access token' do`
			`expect(build.token).to be_nil`

			`build.save!`

			`expect(build.token).to be_present`
			`end`
			`end`

			`describe "ensure_token" do`
			`subject { build.ensure_token }`

			`it { is_expected.to be_a String }`
			`it { is_expected.not_to be_blank }`

			`it 'does not persist token' do`
			`expect(build).not_to be_persisted`
			`end`
			`end`

			`describe 'ensure_token!' do`
			`it 'persists a new token' do`
			`expect(build.ensure_token!).to eq build.reload.token`
			`expect(build).to be_persisted`
			`end`

			`it 'persists new token as an encrypted string' do`
			`build.ensure_token!`

			`encrypted = Gitlab::CryptoHelper.aes256_gcm_encrypt(build.token)`

			`expect(build.read_attribute('token_encrypted')).to eq encrypted`
			`end`

			`it 'does not persist a token in a clear text' do`
			`build.ensure_token!`

			`expect(build.read_attribute('token')).to be_nil`
			`end`
			`end`
			`end`

			`describe '#reset_token!' do`
			`it 'persists a new token' do`
			`build.save!`

			`build.token.yield_self do \|previous_token\|`
			`build.reset_token!`

			`expect(build.token).not_to eq previous_token`
			`expect(build.token).to be_a String`
			`end`
			`end`
			`end`
			`end`

			`describe 'setting a new token' do`
			`subject { build.set_token('0123456789') }`

			`it 'returns the token' do`
			`expect(subject).to eq '0123456789'`
			`end`

			`it 'writes a new encrypted token' do`
			`expect(build.read_attribute('token_encrypted')).to be_nil`
			`expect(subject).to eq '0123456789'`
			`expect(build.read_attribute('token_encrypted')).to be_present`
			`end`

			`it 'does not write a new cleartext token' do`
			`expect(build.read_attribute('token')).to be_nil`
			`expect(subject).to eq '0123456789'`
			`expect(build.read_attribute('token')).to be_nil`
			`end`
			`end`
			`end`