debian-mirror-gitlab/spec/features/profiles/personal_access_tokens_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe 'Profile > Personal Access Tokens', :js do
  let(:user) { create(:user) }
  let(:pat_create_service) { double('PersonalAccessTokens::CreateService', execute: ServiceResponse.error(message: 'error', payload: { personal_access_token: PersonalAccessToken.new })) }

  def active_personal_access_tokens
    find(".table.active-tokens")
  end

  def no_personal_access_tokens_message
    find(".settings-message")
  end

  def created_personal_access_token
    find("#created-personal-access-token").value
  end

  def feed_token
    find("#feed_token").value
  end

  def disallow_personal_access_token_saves!
    allow(PersonalAccessTokens::CreateService).to receive(:new).and_return(pat_create_service)

    errors = ActiveModel::Errors.new(PersonalAccessToken.new).tap { |e| e.add(:name, "cannot be nil") }
    allow_any_instance_of(PersonalAccessToken).to receive(:errors).and_return(errors)
  end

  before do
    sign_in(user)
  end

  describe "token creation" do
    it "allows creation of a personal access token" do
      name = 'My PAT'

      visit profile_personal_access_tokens_path
      fill_in "Name", with: name

      # Set date to 1st of next month
      find_field("Expires at").click
      find(".pika-next").click
      click_on "1"

      # Scopes
      check "api"
      check "read_user"

      click_on "Create personal access token"

      expect(active_personal_access_tokens).to have_text(name)
      expect(active_personal_access_tokens).to have_text('In')
      expect(active_personal_access_tokens).to have_text('api')
      expect(active_personal_access_tokens).to have_text('read_user')
      expect(created_personal_access_token).not_to be_empty
    end

    context "when creation fails" do
      it "displays an error message" do
        disallow_personal_access_token_saves!
        visit profile_personal_access_tokens_path
        fill_in "Name", with: 'My PAT'

        expect { click_on "Create personal access token" }.not_to change { PersonalAccessToken.count }
        expect(page).to have_content("Name cannot be nil")
        expect(page).not_to have_selector("#created-personal-access-token")
      end
    end
  end

  describe 'active tokens' do
    let!(:impersonation_token) { create(:personal_access_token, :impersonation, user: user) }
    let!(:personal_access_token) { create(:personal_access_token, user: user) }

    it 'only shows personal access tokens' do
      visit profile_personal_access_tokens_path

      expect(active_personal_access_tokens).to have_text(personal_access_token.name)
      expect(active_personal_access_tokens).not_to have_text(impersonation_token.name)
    end
  end

  describe "inactive tokens" do
    let!(:personal_access_token) { create(:personal_access_token, user: user) }

    it "allows revocation of an active token" do
      visit profile_personal_access_tokens_path
      accept_confirm { click_on "Revoke" }

      expect(page).to have_selector(".settings-message")
      expect(no_personal_access_tokens_message).to have_text("This user has no active personal access tokens.")
    end

    it "removes expired tokens from 'active' section" do
      personal_access_token.update(expires_at: 5.days.ago)
      visit profile_personal_access_tokens_path

      expect(page).to have_selector(".settings-message")
      expect(no_personal_access_tokens_message).to have_text("This user has no active personal access tokens.")
    end

    context "when revocation fails" do
      it "displays an error message" do
        visit profile_personal_access_tokens_path

        allow_next_instance_of(PersonalAccessTokens::RevokeService) do |instance|
          allow(instance).to receive(:revocation_permitted?).and_return(false)
        end

        accept_confirm { click_on "Revoke" }
        expect(active_personal_access_tokens).to have_text(personal_access_token.name)
        expect(page).to have_content("Not permitted to revoke")
      end
    end
  end

  describe "feed token" do
    context "when enabled" do
      it "displays feed token" do
        allow(Gitlab::CurrentSettings).to receive(:disable_feed_token).and_return(false)
        visit profile_personal_access_tokens_path

        expect(page).to have_content("Your feed token is used to authenticate you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar, and is included in those feed URLs.")
        expect(feed_token).to eq(user.feed_token)
      end
    end

    context "when disabled" do
      it "does not display feed token" do
        allow(Gitlab::CurrentSettings).to receive(:disable_feed_token).and_return(true)
        visit profile_personal_access_tokens_path

        expect(page).not_to have_content("Your feed token is used to authenticate you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar, and is included in those feed URLs.")
        expect(page).not_to have_css("#feed_token")
      end
    end
  end
end
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`# frozen_string_literal: true`

Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`require 'spec_helper'`

New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`RSpec.describe 'Profile > Personal Access Tokens', :js do`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`let(:user) { create(:user) }`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`let(:pat_create_service) { double('PersonalAccessTokens::CreateService', execute: ServiceResponse.error(message: 'error', payload: { personal_access_token: PersonalAccessToken.new })) }`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30
			`def active_personal_access_tokens`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`find(".table.active-tokens")`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`end`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`def no_personal_access_tokens_message`
			`find(".settings-message")`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`end`

			`def created_personal_access_token`
			`find("#created-personal-access-token").value`
			`end`

New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`def feed_token`
			`find("#feed_token").value`
			`end`

Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`def disallow_personal_access_token_saves!`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`allow(PersonalAccessTokens::CreateService).to receive(:new).and_return(pat_create_service)`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`errors = ActiveModel::Errors.new(PersonalAccessToken.new).tap { \|e\| e.add(:name, "cannot be nil") }`
			`allow_any_instance_of(PersonalAccessToken).to receive(:errors).and_return(errors)`
			`end`

			`before do`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`sign_in(user)`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`end`

			`describe "token creation" do`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`it "allows creation of a personal access token" do`
			`name = 'My PAT'`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30
			`visit profile_personal_access_tokens_path`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`fill_in "Name", with: name`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30
			`# Set date to 1st of next month`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`find_field("Expires at").click`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`find(".pika-next").click`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`click_on "1"`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`# Scopes`
			`check "api"`
			`check "read_user"`

			`click_on "Create personal access token"`
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`expect(active_personal_access_tokens).to have_text(name)`
			`expect(active_personal_access_tokens).to have_text('In')`
			`expect(active_personal_access_tokens).to have_text('api')`
			`expect(active_personal_access_tokens).to have_text('read_user')`
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`expect(created_personal_access_token).not_to be_empty`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`end`

			`context "when creation fails" do`
			`it "displays an error message" do`
			`disallow_personal_access_token_saves!`
			`visit profile_personal_access_tokens_path`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`fill_in "Name", with: 'My PAT'`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`expect { click_on "Create personal access token" }.not_to change { PersonalAccessToken.count }`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`expect(page).to have_content("Name cannot be nil")`
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`expect(page).not_to have_selector("#created-personal-access-token")`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`end`
			`end`
			`end`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`describe 'active tokens' do`
			`let!(:impersonation_token) { create(:personal_access_token, :impersonation, user: user) }`
			`let!(:personal_access_token) { create(:personal_access_token, user: user) }`

			`it 'only shows personal access tokens' do`
			`visit profile_personal_access_tokens_path`

			`expect(active_personal_access_tokens).to have_text(personal_access_token.name)`
			`expect(active_personal_access_tokens).not_to have_text(impersonation_token.name)`
			`end`
			`end`

Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`describe "inactive tokens" do`
			`let!(:personal_access_token) { create(:personal_access_token, user: user) }`

			`it "allows revocation of an active token" do`
			`visit profile_personal_access_tokens_path`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`accept_confirm { click_on "Revoke" }`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`expect(page).to have_selector(".settings-message")`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`expect(no_personal_access_tokens_message).to have_text("This user has no active personal access tokens.")`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`end`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`it "removes expired tokens from 'active' section" do`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`personal_access_token.update(expires_at: 5.days.ago)`
			`visit profile_personal_access_tokens_path`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`expect(page).to have_selector(".settings-message")`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`expect(no_personal_access_tokens_message).to have_text("This user has no active personal access tokens.")`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`end`

			`context "when revocation fails" do`
			`it "displays an error message" do`
			`visit profile_personal_access_tokens_path`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30
			`allow_next_instance_of(PersonalAccessTokens::RevokeService) do \|instance\|`
			`allow(instance).to receive(:revocation_permitted?).and_return(false)`
			`end`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`accept_confirm { click_on "Revoke" }`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`expect(active_personal_access_tokens).to have_text(personal_access_token.name)`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`expect(page).to have_content("Not permitted to revoke")`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`end`
			`end`
			`end`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
			`describe "feed token" do`
			`context "when enabled" do`
			`it "displays feed token" do`
			`allow(Gitlab::CurrentSettings).to receive(:disable_feed_token).and_return(false)`
			`visit profile_personal_access_tokens_path`

			`expect(page).to have_content("Your feed token is used to authenticate you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar, and is included in those feed URLs.")`
			`expect(feed_token).to eq(user.feed_token)`
			`end`
			`end`

			`context "when disabled" do`
			`it "does not display feed token" do`
			`allow(Gitlab::CurrentSettings).to receive(:disable_feed_token).and_return(true)`
			`visit profile_personal_access_tokens_path`

			`expect(page).not_to have_content("Your feed token is used to authenticate you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar, and is included in those feed URLs.")`
			`expect(page).not_to have_css("#feed_token")`
			`end`
			`end`
			`end`
Imported Upstream version 8.9.0+dfsg 2016-06-22 15:30:34 +05:30			`end`