debian-mirror-gitlab/spec/requests/api/doorkeeper_access_spec.rb

75 lines
1.8 KiB
Ruby
Raw Normal View History

2019-12-26 22:10:19 +05:30
# frozen_string_literal: true
2015-04-26 12:48:37 +05:30
require 'spec_helper'
2017-08-17 22:00:37 +05:30
describe 'doorkeeper access' do
2015-04-26 12:48:37 +05:30
let!(:user) { create(:user) }
2015-09-11 14:41:01 +05:30
let!(:application) { Doorkeeper::Application.create!(name: "MyApp", redirect_uri: "https://app.com", owner: user) }
2017-08-17 22:00:37 +05:30
let!(:token) { Doorkeeper::AccessToken.create! application_id: application.id, resource_owner_id: user.id, scopes: "api" }
2015-09-11 14:41:01 +05:30
2017-08-17 22:00:37 +05:30
describe "unauthenticated" do
2015-04-26 12:48:37 +05:30
it "returns authentication success" do
2019-02-15 15:39:39 +05:30
get api("/user"), params: { access_token: token.token }
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2015-04-26 12:48:37 +05:30
end
2017-08-17 22:00:37 +05:30
include_examples 'user login request with unique ip limit' do
def request
2019-02-15 15:39:39 +05:30
get api('/user'), params: { access_token: token.token }
2017-08-17 22:00:37 +05:30
end
end
2015-04-26 12:48:37 +05:30
end
describe "when token invalid" do
it "returns authentication error" do
2019-02-15 15:39:39 +05:30
get api("/user"), params: { access_token: "123a" }
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(401)
2015-04-26 12:48:37 +05:30
end
end
2018-03-17 18:26:18 +05:30
describe "authorization by OAuth token" do
2015-04-26 12:48:37 +05:30
it "returns authentication success" do
get api("/user", user)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2015-04-26 12:48:37 +05:30
end
2017-08-17 22:00:37 +05:30
include_examples 'user login request with unique ip limit' do
def request
get api('/user', user)
end
end
end
2019-12-21 20:55:43 +05:30
shared_examples 'forbidden request' do
it 'returns 403 response' do
2019-02-15 15:39:39 +05:30
get api("/user"), params: { access_token: token.token }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(403)
2017-08-17 22:00:37 +05:30
end
end
2019-12-21 20:55:43 +05:30
context "when user is blocked" do
before do
user.block
end
it_behaves_like 'forbidden request'
end
context "when user is ldap_blocked" do
before do
2017-08-17 22:00:37 +05:30
user.ldap_block
2019-12-21 20:55:43 +05:30
end
2017-08-17 22:00:37 +05:30
2019-12-21 20:55:43 +05:30
it_behaves_like 'forbidden request'
end
context "when user is deactivated" do
before do
user.deactivate
2017-08-17 22:00:37 +05:30
end
2019-12-21 20:55:43 +05:30
it_behaves_like 'forbidden request'
2015-04-26 12:48:37 +05:30
end
end