2019-12-21 20:55:43 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
RSpec.describe PersonalAccessTokensFinder do
|
2020-10-24 23:57:45 +05:30
|
|
|
def finder(options = {}, current_user = nil)
|
|
|
|
described_class.new(options, current_user)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe '#execute' do
|
|
|
|
let(:user) { create(:user) }
|
|
|
|
let(:params) { {} }
|
2020-10-24 23:57:45 +05:30
|
|
|
let(:current_user) { nil }
|
2017-08-17 22:00:37 +05:30
|
|
|
let!(:active_personal_access_token) { create(:personal_access_token, user: user) }
|
|
|
|
let!(:expired_personal_access_token) { create(:personal_access_token, :expired, user: user) }
|
|
|
|
let!(:revoked_personal_access_token) { create(:personal_access_token, :revoked, user: user) }
|
|
|
|
let!(:active_impersonation_token) { create(:personal_access_token, :impersonation, user: user) }
|
|
|
|
let!(:expired_impersonation_token) { create(:personal_access_token, :expired, :impersonation, user: user) }
|
|
|
|
let!(:revoked_impersonation_token) { create(:personal_access_token, :revoked, :impersonation, user: user) }
|
2022-05-07 20:08:51 +05:30
|
|
|
let!(:project_bot) { create(:user, :project_bot) }
|
|
|
|
let!(:project_member) { create(:project_member, user: project_bot) }
|
|
|
|
let!(:project_access_token) { create(:personal_access_token, user: project_bot) }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2020-10-24 23:57:45 +05:30
|
|
|
subject { finder(params, current_user).execute }
|
|
|
|
|
|
|
|
context 'when current_user is defined' do
|
|
|
|
let(:current_user) { create(:admin) }
|
|
|
|
let(:params) { { user: user } }
|
|
|
|
|
|
|
|
context 'current_user is allowed to read PATs' do
|
|
|
|
it do
|
|
|
|
is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token,
|
|
|
|
revoked_personal_access_token, expired_personal_access_token,
|
|
|
|
revoked_impersonation_token, expired_impersonation_token)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'current_user is not allowed to read PATs' do
|
|
|
|
let(:current_user) { create(:user) }
|
|
|
|
|
|
|
|
it { is_expected.to be_empty }
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user param is not set' do
|
|
|
|
let(:params) { {} }
|
|
|
|
|
|
|
|
it do
|
|
|
|
is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token,
|
|
|
|
revoked_personal_access_token, expired_personal_access_token,
|
2022-05-07 20:08:51 +05:30
|
|
|
revoked_impersonation_token, expired_impersonation_token, project_access_token)
|
2020-10-24 23:57:45 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'when current_user is not an administrator' do
|
|
|
|
let(:current_user) { create(:user) }
|
|
|
|
|
|
|
|
it { is_expected.to be_empty }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
describe 'without user' do
|
|
|
|
it do
|
|
|
|
is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token,
|
|
|
|
revoked_personal_access_token, expired_personal_access_token,
|
2022-05-07 20:08:51 +05:30
|
|
|
revoked_impersonation_token, expired_impersonation_token, project_access_token)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
2021-01-29 00:20:46 +05:30
|
|
|
describe 'with users' do
|
|
|
|
let(:user2) { create(:user) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
create(:personal_access_token, user: user2)
|
|
|
|
create(:personal_access_token, :expired, user: user2)
|
|
|
|
create(:personal_access_token, :revoked, user: user2)
|
|
|
|
create(:personal_access_token, :impersonation, user: user2)
|
|
|
|
create(:personal_access_token, :expired, :impersonation, user: user2)
|
|
|
|
create(:personal_access_token, :revoked, :impersonation, user: user2)
|
|
|
|
|
|
|
|
params[:users] = [user]
|
|
|
|
end
|
|
|
|
|
|
|
|
it {
|
|
|
|
is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token,
|
|
|
|
revoked_personal_access_token, expired_personal_access_token,
|
|
|
|
revoked_impersonation_token, expired_impersonation_token)
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2020-01-01 13:55:28 +05:30
|
|
|
describe 'with sort order' do
|
|
|
|
before do
|
|
|
|
params[:sort] = 'id_asc'
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'sorts records as per the specified sort order' do
|
|
|
|
expect(subject).to match_array(PersonalAccessToken.all.order(id: :asc))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
describe 'without impersonation' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:impersonation] = false
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
it { is_expected.to contain_exactly(active_personal_access_token, revoked_personal_access_token, expired_personal_access_token, project_access_token) }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
describe 'with active state' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:state] = 'active'
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
it { is_expected.to contain_exactly(active_personal_access_token, project_access_token) }
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with inactive state' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:state] = 'inactive'
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to contain_exactly(revoked_personal_access_token, expired_personal_access_token) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with impersonation' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:impersonation] = true
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to contain_exactly(active_impersonation_token, revoked_impersonation_token, expired_impersonation_token) }
|
|
|
|
|
|
|
|
describe 'with active state' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:state] = 'active'
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to contain_exactly(active_impersonation_token) }
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with inactive state' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:state] = 'inactive'
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to contain_exactly(revoked_impersonation_token, expired_impersonation_token) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with active state' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:state] = 'active'
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
it { is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token, project_access_token) }
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with inactive state' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:state] = 'inactive'
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it do
|
|
|
|
is_expected.to contain_exactly(expired_personal_access_token, revoked_personal_access_token,
|
|
|
|
expired_impersonation_token, revoked_impersonation_token)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with id' do
|
2018-12-13 13:39:08 +05:30
|
|
|
subject { finder(params).find_by_id(active_personal_access_token.id) }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to eq(active_personal_access_token) }
|
|
|
|
|
|
|
|
describe 'with impersonation' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:impersonation] = true
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to be_nil }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with token' do
|
2018-12-13 13:39:08 +05:30
|
|
|
subject { finder(params).find_by_token(active_personal_access_token.token) }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to eq(active_personal_access_token) }
|
|
|
|
|
|
|
|
describe 'with impersonation' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:impersonation] = true
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to be_nil }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with user' do
|
|
|
|
let(:user2) { create(:user) }
|
|
|
|
let!(:other_user_active_personal_access_token) { create(:personal_access_token, user: user2) }
|
|
|
|
let!(:other_user_expired_personal_access_token) { create(:personal_access_token, :expired, user: user2) }
|
|
|
|
let!(:other_user_revoked_personal_access_token) { create(:personal_access_token, :revoked, user: user2) }
|
|
|
|
let!(:other_user_active_impersonation_token) { create(:personal_access_token, :impersonation, user: user2) }
|
|
|
|
let!(:other_user_expired_impersonation_token) { create(:personal_access_token, :expired, :impersonation, user: user2) }
|
|
|
|
let!(:other_user_revoked_impersonation_token) { create(:personal_access_token, :revoked, :impersonation, user: user2) }
|
|
|
|
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:user] = user
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it do
|
|
|
|
is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token,
|
|
|
|
revoked_personal_access_token, expired_personal_access_token,
|
|
|
|
revoked_impersonation_token, expired_impersonation_token)
|
|
|
|
end
|
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
describe 'filtering human tokens' do
|
|
|
|
before do
|
|
|
|
params[:owner_type] = 'human'
|
|
|
|
end
|
|
|
|
|
|
|
|
it { is_expected.not_to include(project_access_token) }
|
|
|
|
end
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
describe 'without impersonation' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:impersonation] = false
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to contain_exactly(active_personal_access_token, revoked_personal_access_token, expired_personal_access_token) }
|
|
|
|
|
|
|
|
describe 'with active state' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:state] = 'active'
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to contain_exactly(active_personal_access_token) }
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with inactive state' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:state] = 'inactive'
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to contain_exactly(revoked_personal_access_token, expired_personal_access_token) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with impersonation' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:impersonation] = true
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to contain_exactly(active_impersonation_token, revoked_impersonation_token, expired_impersonation_token) }
|
|
|
|
|
|
|
|
describe 'with active state' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:state] = 'active'
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to contain_exactly(active_impersonation_token) }
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with inactive state' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:state] = 'inactive'
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to contain_exactly(revoked_impersonation_token, expired_impersonation_token) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with active state' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:state] = 'active'
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token) }
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with inactive state' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:state] = 'inactive'
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it do
|
|
|
|
is_expected.to contain_exactly(expired_personal_access_token, revoked_personal_access_token,
|
|
|
|
expired_impersonation_token, revoked_impersonation_token)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-07-28 23:09:34 +05:30
|
|
|
describe 'with active or expired state' do
|
|
|
|
before do
|
|
|
|
params[:state] = 'active_or_expired'
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'includes active tokens' do
|
|
|
|
is_expected.to include(active_personal_access_token, active_impersonation_token)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'includes expired tokens' do
|
|
|
|
is_expected.to include(expired_personal_access_token, expired_impersonation_token)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not include revoked tokens' do
|
|
|
|
is_expected.not_to include(revoked_personal_access_token, revoked_impersonation_token)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
describe 'with id' do
|
2018-12-13 13:39:08 +05:30
|
|
|
subject { finder(params).find_by_id(active_personal_access_token.id) }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to eq(active_personal_access_token) }
|
|
|
|
|
|
|
|
describe 'with impersonation' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:impersonation] = true
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to be_nil }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'with token' do
|
2018-12-13 13:39:08 +05:30
|
|
|
subject { finder(params).find_by_token(active_personal_access_token.token) }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to eq(active_personal_access_token) }
|
|
|
|
|
|
|
|
describe 'with impersonation' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
|
|
|
params[:impersonation] = true
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
it { is_expected.to be_nil }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|