debian-mirror-gitlab/spec/controllers/oauth/token_info_controller_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

76 lines
2.6 KiB
Ruby
Raw Normal View History

2020-03-13 15:44:24 +05:30
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Oauth::TokenInfoController do
describe '#show' do
context 'when the user is not authenticated' do
2022-03-02 08:16:31 +05:30
it 'responds with a 401' do
2020-03-13 15:44:24 +05:30
get :show
2022-03-02 08:16:31 +05:30
expect(response).to have_gitlab_http_status(:unauthorized)
expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_token')
2020-03-13 15:44:24 +05:30
end
end
context 'when the request is valid' do
let(:application) { create(:oauth_application, scopes: 'api') }
let(:access_token) do
create(:oauth_access_token, expires_in: 5.minutes, application: application)
end
it 'responds with the token info' do
get :show, params: { access_token: access_token.token }
2020-04-22 19:07:51 +05:30
expect(response).to have_gitlab_http_status(:ok)
2020-05-24 23:13:21 +05:30
expect(Gitlab::Json.parse(response.body)).to eq(
2020-03-13 15:44:24 +05:30
'scope' => %w[api],
'scopes' => %w[api],
'created_at' => access_token.created_at.to_i,
'expires_in' => access_token.expires_in,
'application' => { 'uid' => application.uid },
'resource_owner_id' => access_token.resource_owner_id,
'expires_in_seconds' => access_token.expires_in
)
end
end
context 'when the doorkeeper_token is not recognised' do
2022-03-02 08:16:31 +05:30
it 'responds with a 401' do
2020-03-13 15:44:24 +05:30
get :show, params: { access_token: 'unknown_token' }
2022-03-02 08:16:31 +05:30
expect(response).to have_gitlab_http_status(:unauthorized)
expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_token')
2020-03-13 15:44:24 +05:30
end
end
context 'when the token is expired' do
let(:access_token) do
create(:oauth_access_token, created_at: 2.days.ago, expires_in: 10.minutes)
end
2022-03-02 08:16:31 +05:30
it 'responds with a 401' do
2020-03-13 15:44:24 +05:30
get :show, params: { access_token: access_token.token }
2022-03-02 08:16:31 +05:30
expect(response).to have_gitlab_http_status(:unauthorized)
expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_token')
2020-03-13 15:44:24 +05:30
end
end
context 'when the token is revoked' do
let(:access_token) { create(:oauth_access_token, revoked_at: 2.days.ago) }
2022-03-02 08:16:31 +05:30
it 'responds with a 401' do
2020-03-13 15:44:24 +05:30
get :show, params: { access_token: access_token.token }
2022-03-02 08:16:31 +05:30
expect(response).to have_gitlab_http_status(:unauthorized)
expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_token')
2020-03-13 15:44:24 +05:30
end
end
end
2020-08-18 19:51:02 +05:30
it 'includes Two-factor enforcement concern' do
expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true)
end
2020-03-13 15:44:24 +05:30
end