debian-mirror-gitlab/spec/services/resources/create_access_token_service_spec.rb

# frozen_string_literal: true

require 'spec_helper'

describe Resources::CreateAccessTokenService do
  subject { described_class.new(resource_type, resource, user, params).execute }

  let_it_be(:user) { create(:user) }
  let_it_be(:project) { create(:project, :private) }
  let_it_be(:params) { {} }

  describe '#execute' do
    # Created shared_examples as it will easy to include specs for group bots in https://gitlab.com/gitlab-org/gitlab/-/issues/214046
    shared_examples 'fails when user does not have the permission to create a Resource Bot' do
      before do
        resource.add_developer(user)
      end

      it 'returns error' do
        response = subject

        expect(response.error?).to be true
        expect(response.message).to eq("User does not have permission to create #{resource_type} Access Token")
      end
    end

    shared_examples 'fails when flag is disabled' do
      before do
        stub_feature_flags(resource_access_token: false)
      end

      it 'returns nil' do
        expect(subject).to be nil
      end
    end

    shared_examples 'allows creation of bot with valid params' do
      it { expect { subject }.to change { User.count }.by(1) }

      it 'creates resource bot user' do
        response = subject

        access_token = response.payload[:access_token]

        expect(access_token.user.reload.user_type).to eq("#{resource_type}_bot")
      end

      context 'bot name' do
        context 'when no value is passed' do
          it 'uses default value' do
            response = subject
            access_token = response.payload[:access_token]

            expect(access_token.user.name).to eq("#{resource.name.to_s.humanize} bot")
          end
        end

        context 'when user provides value' do
          let(:params) { { name: 'Random bot' } }

          it 'overrides the default value' do
            response = subject
            access_token = response.payload[:access_token]

            expect(access_token.user.name).to eq(params[:name])
          end
        end
      end

      it 'adds the bot user as a maintainer in the resource' do
        response = subject
        access_token = response.payload[:access_token]
        bot_user = access_token.user

        expect(resource.members.maintainers.map(&:user_id)).to include(bot_user.id)
      end

      context 'personal access token' do
        it { expect { subject }.to change { PersonalAccessToken.count }.by(1) }

        context 'when user does not provide scope' do
          it 'has default scopes' do
            response = subject
            access_token = response.payload[:access_token]

            expect(access_token.scopes).to eq(Gitlab::Auth::API_SCOPES + Gitlab::Auth::REPOSITORY_SCOPES + Gitlab::Auth.registry_scopes - [:read_user])
          end
        end

        context 'when user provides scope explicitly' do
          let(:params) { { scopes: Gitlab::Auth::REPOSITORY_SCOPES } }

          it 'overrides the default value' do
            response = subject
            access_token = response.payload[:access_token]

            expect(access_token.scopes).to eq(Gitlab::Auth::REPOSITORY_SCOPES)
          end
        end

        context 'expires_at' do
          context 'when no value is passed' do
            it 'uses default value' do
              response = subject
              access_token = response.payload[:access_token]

              expect(access_token.expires_at).to eq(nil)
            end
          end

          context 'when user provides value' do
            let(:params) { { expires_at: Date.today + 1.month } }

            it 'overrides the default value' do
              response = subject
              access_token = response.payload[:access_token]

              expect(access_token.expires_at).to eq(params[:expires_at])
            end
          end

          context 'when invalid scope is passed' do
            let(:params) { { scopes: [:invalid_scope] } }

            it 'returns error' do
              response = subject

              expect(response.error?).to be true
            end
          end
        end
      end

      context 'when access provisioning fails' do
        before do
          allow(resource).to receive(:add_maintainer).and_return(nil)
        end

        it 'returns error' do
          response = subject

          expect(response.error?).to be true
        end
      end
    end

    context 'when resource is a project' do
      let(:resource_type) { 'project' }
      let(:resource) { project }

      it_behaves_like 'fails when user does not have the permission to create a Resource Bot'
      it_behaves_like 'fails when flag is disabled'

      context 'user with valid permission' do
        before do
          resource.add_maintainer(user)
        end

        it_behaves_like 'allows creation of bot with valid params'
      end
    end
  end
end
New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`# frozen_string_literal: true`

			`require 'spec_helper'`

			`describe Resources::CreateAccessTokenService do`
			`subject { described_class.new(resource_type, resource, user, params).execute }`

			`let_it_be(:user) { create(:user) }`
			`let_it_be(:project) { create(:project, :private) }`
			`let_it_be(:params) { {} }`

			`describe '#execute' do`
			`# Created shared_examples as it will easy to include specs for group bots in https://gitlab.com/gitlab-org/gitlab/-/issues/214046`
			`shared_examples 'fails when user does not have the permission to create a Resource Bot' do`
			`before do`
			`resource.add_developer(user)`
			`end`

			`it 'returns error' do`
			`response = subject`

			`expect(response.error?).to be true`
			`expect(response.message).to eq("User does not have permission to create #{resource_type} Access Token")`
			`end`
			`end`

			`shared_examples 'fails when flag is disabled' do`
			`before do`
			`stub_feature_flags(resource_access_token: false)`
			`end`

			`it 'returns nil' do`
			`expect(subject).to be nil`
			`end`
			`end`

			`shared_examples 'allows creation of bot with valid params' do`
			`it { expect { subject }.to change { User.count }.by(1) }`

			`it 'creates resource bot user' do`
			`response = subject`

			`access_token = response.payload[:access_token]`

			`expect(access_token.user.reload.user_type).to eq("#{resource_type}_bot")`
			`end`

			`context 'bot name' do`
			`context 'when no value is passed' do`
			`it 'uses default value' do`
			`response = subject`
			`access_token = response.payload[:access_token]`

			`expect(access_token.user.name).to eq("#{resource.name.to_s.humanize} bot")`
			`end`
			`end`

			`context 'when user provides value' do`
			`let(:params) { { name: 'Random bot' } }`

			`it 'overrides the default value' do`
			`response = subject`
			`access_token = response.payload[:access_token]`

			`expect(access_token.user.name).to eq(params[:name])`
			`end`
			`end`
			`end`

			`it 'adds the bot user as a maintainer in the resource' do`
			`response = subject`
			`access_token = response.payload[:access_token]`
			`bot_user = access_token.user`

			`expect(resource.members.maintainers.map(&:user_id)).to include(bot_user.id)`
			`end`

			`context 'personal access token' do`
			`it { expect { subject }.to change { PersonalAccessToken.count }.by(1) }`

			`context 'when user does not provide scope' do`
			`it 'has default scopes' do`
			`response = subject`
			`access_token = response.payload[:access_token]`

			`expect(access_token.scopes).to eq(Gitlab::Auth::API_SCOPES + Gitlab::Auth::REPOSITORY_SCOPES + Gitlab::Auth.registry_scopes - [:read_user])`
			`end`
			`end`

			`context 'when user provides scope explicitly' do`
			`let(:params) { { scopes: Gitlab::Auth::REPOSITORY_SCOPES } }`

			`it 'overrides the default value' do`
			`response = subject`
			`access_token = response.payload[:access_token]`

			`expect(access_token.scopes).to eq(Gitlab::Auth::REPOSITORY_SCOPES)`
			`end`
			`end`

			`context 'expires_at' do`
			`context 'when no value is passed' do`
			`it 'uses default value' do`
			`response = subject`
			`access_token = response.payload[:access_token]`

			`expect(access_token.expires_at).to eq(nil)`
			`end`
			`end`

			`context 'when user provides value' do`
			`let(:params) { { expires_at: Date.today + 1.month } }`

			`it 'overrides the default value' do`
			`response = subject`
			`access_token = response.payload[:access_token]`

			`expect(access_token.expires_at).to eq(params[:expires_at])`
			`end`
			`end`

			`context 'when invalid scope is passed' do`
			`let(:params) { { scopes: [:invalid_scope] } }`

			`it 'returns error' do`
			`response = subject`

			`expect(response.error?).to be true`
			`end`
			`end`
			`end`
			`end`

			`context 'when access provisioning fails' do`
			`before do`
			`allow(resource).to receive(:add_maintainer).and_return(nil)`
			`end`

			`it 'returns error' do`
			`response = subject`

			`expect(response.error?).to be true`
			`end`
			`end`
			`end`

			`context 'when resource is a project' do`
			`let(:resource_type) { 'project' }`
			`let(:resource) { project }`

			`it_behaves_like 'fails when user does not have the permission to create a Resource Bot'`
			`it_behaves_like 'fails when flag is disabled'`

			`context 'user with valid permission' do`
			`before do`
			`resource.add_maintainer(user)`
			`end`

			`it_behaves_like 'allows creation of bot with valid params'`
			`end`
			`end`
			`end`
			`end`