debian-mirror-gitlab/spec/services/access_token_validation_service_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

75 lines
2.9 KiB
Ruby
Raw Normal View History

2019-07-31 22:56:46 +05:30
# frozen_string_literal: true
2017-08-17 22:00:37 +05:30
require 'spec_helper'
2023-05-27 22:25:52 +05:30
RSpec.describe AccessTokenValidationService, feature_category: :system_access do
2017-08-17 22:00:37 +05:30
describe ".include_any_scope?" do
2017-09-10 17:25:29 +05:30
let(:request) { double("request") }
2017-08-17 22:00:37 +05:30
it "returns true if the required scope is present in the token's scopes" do
token = double("token", scopes: [:api, :read_user])
2017-09-10 17:25:29 +05:30
scopes = [:api]
2017-08-17 22:00:37 +05:30
2017-09-10 17:25:29 +05:30
expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
2017-08-17 22:00:37 +05:30
end
it "returns true if more than one of the required scopes is present in the token's scopes" do
token = double("token", scopes: [:api, :read_user, :other_scope])
2017-09-10 17:25:29 +05:30
scopes = [:api, :other_scope]
2017-08-17 22:00:37 +05:30
2017-09-10 17:25:29 +05:30
expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
2017-08-17 22:00:37 +05:30
end
it "returns true if the list of required scopes is an exact match for the token's scopes" do
token = double("token", scopes: [:api, :read_user, :other_scope])
2017-09-10 17:25:29 +05:30
scopes = [:api, :read_user, :other_scope]
2017-08-17 22:00:37 +05:30
2017-09-10 17:25:29 +05:30
expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
2017-08-17 22:00:37 +05:30
end
it "returns true if the list of required scopes contains all of the token's scopes, in addition to others" do
token = double("token", scopes: [:api, :read_user])
2017-09-10 17:25:29 +05:30
scopes = [:api, :read_user, :other_scope]
2017-08-17 22:00:37 +05:30
2017-09-10 17:25:29 +05:30
expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
2017-08-17 22:00:37 +05:30
end
it 'returns true if the list of required scopes is blank' do
token = double("token", scopes: [])
2017-09-10 17:25:29 +05:30
scopes = []
2017-08-17 22:00:37 +05:30
2017-09-10 17:25:29 +05:30
expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
2017-08-17 22:00:37 +05:30
end
it "returns false if there are no scopes in common between the required scopes and the token scopes" do
token = double("token", scopes: [:api, :read_user])
2017-09-10 17:25:29 +05:30
scopes = [:other_scope]
expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(false)
end
context "conditions" do
it "ignores any scopes whose `if` condition returns false" do
token = double("token", scopes: [:api, :read_user])
scopes = [API::Scope.new(:api, if: ->(_) { false })]
expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(false)
end
it "does not ignore scopes whose `if` condition is not set" do
token = double("token", scopes: [:api, :read_user])
scopes = [API::Scope.new(:api, if: ->(_) { false }), :read_user]
expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
end
it "does not ignore scopes whose `if` condition returns true" do
token = double("token", scopes: [:api, :read_user])
scopes = [API::Scope.new(:api, if: ->(_) { true }), API::Scope.new(:read_user, if: ->(_) { false })]
2017-08-17 22:00:37 +05:30
2017-09-10 17:25:29 +05:30
expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
end
2017-08-17 22:00:37 +05:30
end
end
end