2019-10-12 21:52:04 +05:30
# frozen_string_literal: true
2016-06-22 15:30:34 +05:30
require 'spec_helper'
2020-06-23 00:09:42 +05:30
RSpec . describe 'Profile > Personal Access Tokens' , :js do
2016-06-22 15:30:34 +05:30
let ( :user ) { create ( :user ) }
2021-01-29 00:20:46 +05:30
let ( :pat_create_service ) { double ( 'PersonalAccessTokens::CreateService' , execute : ServiceResponse . error ( message : 'error' , payload : { personal_access_token : PersonalAccessToken . new } ) ) }
2016-06-22 15:30:34 +05:30
def active_personal_access_tokens
2017-08-17 22:00:37 +05:30
find ( " .table.active-tokens " )
2016-06-22 15:30:34 +05:30
end
2017-09-10 17:25:29 +05:30
def no_personal_access_tokens_message
find ( " .settings-message " )
2016-06-22 15:30:34 +05:30
end
def created_personal_access_token
find ( " # created-personal-access-token " ) . value
end
2021-09-04 01:27:46 +05:30
def feed_token_description
" Your feed token authenticates you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar. It is visible in those feed URLs. "
end
2016-06-22 15:30:34 +05:30
def disallow_personal_access_token_saves!
2021-01-29 00:20:46 +05:30
allow ( PersonalAccessTokens :: CreateService ) . to receive ( :new ) . and_return ( pat_create_service )
2017-09-10 17:25:29 +05:30
2016-06-22 15:30:34 +05:30
errors = ActiveModel :: Errors . new ( PersonalAccessToken . new ) . tap { | e | e . add ( :name , " cannot be nil " ) }
allow_any_instance_of ( PersonalAccessToken ) . to receive ( :errors ) . and_return ( errors )
end
before do
2021-12-11 22:18:48 +05:30
stub_feature_flags ( bootstrap_confirmation_modals : false )
2017-09-10 17:25:29 +05:30
sign_in ( user )
2016-06-22 15:30:34 +05:30
end
describe " token creation " do
2017-08-17 22:00:37 +05:30
it " allows creation of a personal access token " do
name = 'My PAT'
2016-06-22 15:30:34 +05:30
visit profile_personal_access_tokens_path
2021-09-30 23:02:18 +05:30
fill_in " Token name " , with : name
2016-06-22 15:30:34 +05:30
# Set date to 1st of next month
2021-09-30 23:02:18 +05:30
find_field ( " Expiration date " ) . click
2017-08-17 22:00:37 +05:30
find ( " .pika-next " ) . click
2016-06-22 15:30:34 +05:30
click_on " 1 "
2017-08-17 22:00:37 +05:30
# Scopes
2022-06-21 17:19:12 +05:30
check " read_api "
2017-08-17 22:00:37 +05:30
check " read_user "
click_on " Create personal access token "
2018-12-05 23:21:45 +05:30
2017-08-17 22:00:37 +05:30
expect ( active_personal_access_tokens ) . to have_text ( name )
2021-11-11 11:23:49 +05:30
expect ( active_personal_access_tokens ) . to have_text ( 'in' )
2022-06-21 17:19:12 +05:30
expect ( active_personal_access_tokens ) . to have_text ( 'read_api' )
2017-08-17 22:00:37 +05:30
expect ( active_personal_access_tokens ) . to have_text ( 'read_user' )
2018-12-05 23:21:45 +05:30
expect ( created_personal_access_token ) . not_to be_empty
2016-06-22 15:30:34 +05:30
end
context " when creation fails " do
it " displays an error message " do
disallow_personal_access_token_saves!
visit profile_personal_access_tokens_path
2021-09-30 23:02:18 +05:30
fill_in " Token name " , with : 'My PAT'
2016-06-22 15:30:34 +05:30
2017-08-17 22:00:37 +05:30
expect { click_on " Create personal access token " } . not_to change { PersonalAccessToken . count }
2016-06-22 15:30:34 +05:30
expect ( page ) . to have_content ( " Name cannot be nil " )
2018-12-05 23:21:45 +05:30
expect ( page ) . not_to have_selector ( " # created-personal-access-token " )
2016-06-22 15:30:34 +05:30
end
end
end
2017-08-17 22:00:37 +05:30
describe 'active tokens' do
let! ( :impersonation_token ) { create ( :personal_access_token , :impersonation , user : user ) }
let! ( :personal_access_token ) { create ( :personal_access_token , user : user ) }
it 'only shows personal access tokens' do
visit profile_personal_access_tokens_path
expect ( active_personal_access_tokens ) . to have_text ( personal_access_token . name )
expect ( active_personal_access_tokens ) . not_to have_text ( impersonation_token . name )
end
2021-11-11 11:23:49 +05:30
context 'when User#time_display_relative is false' do
before do
user . update! ( time_display_relative : false )
end
it 'shows absolute times for expires_at' do
visit profile_personal_access_tokens_path
expect ( active_personal_access_tokens ) . to have_text ( PersonalAccessToken . last . expires_at . strftime ( '%b %-d' ) )
end
end
2017-08-17 22:00:37 +05:30
end
2016-06-22 15:30:34 +05:30
describe " inactive tokens " do
let! ( :personal_access_token ) { create ( :personal_access_token , user : user ) }
it " allows revocation of an active token " do
visit profile_personal_access_tokens_path
2018-03-17 18:26:18 +05:30
accept_confirm { click_on " Revoke " }
2016-06-22 15:30:34 +05:30
2017-09-10 17:25:29 +05:30
expect ( page ) . to have_selector ( " .settings-message " )
2020-05-24 23:13:21 +05:30
expect ( no_personal_access_tokens_message ) . to have_text ( " This user has no active personal access tokens. " )
2016-06-22 15:30:34 +05:30
end
2017-09-10 17:25:29 +05:30
it " removes expired tokens from 'active' section " do
2021-04-29 21:17:54 +05:30
personal_access_token . update! ( expires_at : 5 . days . ago )
2016-06-22 15:30:34 +05:30
visit profile_personal_access_tokens_path
2017-09-10 17:25:29 +05:30
expect ( page ) . to have_selector ( " .settings-message " )
2020-05-24 23:13:21 +05:30
expect ( no_personal_access_tokens_message ) . to have_text ( " This user has no active personal access tokens. " )
2016-06-22 15:30:34 +05:30
end
context " when revocation fails " do
it " displays an error message " do
visit profile_personal_access_tokens_path
2021-01-29 00:20:46 +05:30
allow_next_instance_of ( PersonalAccessTokens :: RevokeService ) do | instance |
allow ( instance ) . to receive ( :revocation_permitted? ) . and_return ( false )
end
2016-06-22 15:30:34 +05:30
2018-03-17 18:26:18 +05:30
accept_confirm { click_on " Revoke " }
2016-06-22 15:30:34 +05:30
expect ( active_personal_access_tokens ) . to have_text ( personal_access_token . name )
2020-10-24 23:57:45 +05:30
expect ( page ) . to have_content ( " Not permitted to revoke " )
2016-06-22 15:30:34 +05:30
end
end
end
2021-02-22 17:27:13 +05:30
describe " feed token " do
context " when enabled " do
2022-03-02 08:16:31 +05:30
it " displays feed token " do
2021-02-22 17:27:13 +05:30
allow ( Gitlab :: CurrentSettings ) . to receive ( :disable_feed_token ) . and_return ( false )
visit profile_personal_access_tokens_path
2022-01-26 12:08:38 +05:30
within ( '[data-testid="feed-token-container"]' ) do
click_button ( 'Click to reveal' )
expect ( page ) . to have_field ( 'Feed token' , with : user . feed_token )
expect ( page ) . to have_content ( feed_token_description )
end
end
2021-02-22 17:27:13 +05:30
end
context " when disabled " do
it " does not display feed token " do
allow ( Gitlab :: CurrentSettings ) . to receive ( :disable_feed_token ) . and_return ( true )
visit profile_personal_access_tokens_path
2022-01-26 12:08:38 +05:30
expect ( page ) . not_to have_content ( feed_token_description )
expect ( page ) . not_to have_field ( 'Feed token' )
2021-02-22 17:27:13 +05:30
end
end
end
2021-04-17 20:07:23 +05:30
it 'pushes `personal_access_tokens_scoped_to_projects` feature flag to the frontend' do
visit profile_personal_access_tokens_path
expect ( page ) . to have_pushed_frontend_feature_flags ( personalAccessTokensScopedToProjects : true )
end
2021-09-30 23:02:18 +05:30
it " prefills token details " do
name = 'My PAT'
scopes = 'api,read_user'
visit profile_personal_access_tokens_path ( { name : name , scopes : scopes } )
expect ( page ) . to have_field ( " Token name " , with : name )
expect ( find ( " # personal_access_token_scopes_api " ) ) . to be_checked
expect ( find ( " # personal_access_token_scopes_read_user " ) ) . to be_checked
end
2016-06-22 15:30:34 +05:30
end