2019-10-12 21:52:04 +05:30
# frozen_string_literal: true
2016-06-22 15:30:34 +05:30
require 'spec_helper'
2023-04-23 21:23:45 +05:30
RSpec . describe 'Profile > Personal Access Tokens' , :js , feature_category : :user_profile do
2022-07-23 23:45:48 +05:30
include Spec :: Support :: Helpers :: ModalHelpers
2023-06-20 00:43:36 +05:30
include Features :: AccessTokenHelpers
2022-07-23 23:45:48 +05:30
2016-06-22 15:30:34 +05:30
let ( :user ) { create ( :user ) }
2021-01-29 00:20:46 +05:30
let ( :pat_create_service ) { double ( 'PersonalAccessTokens::CreateService' , execute : ServiceResponse . error ( message : 'error' , payload : { personal_access_token : PersonalAccessToken . new } ) ) }
2016-06-22 15:30:34 +05:30
before do
2017-09-10 17:25:29 +05:30
sign_in ( user )
2016-06-22 15:30:34 +05:30
end
describe " token creation " do
2017-08-17 22:00:37 +05:30
it " allows creation of a personal access token " do
name = 'My PAT'
2016-06-22 15:30:34 +05:30
visit profile_personal_access_tokens_path
2021-09-30 23:02:18 +05:30
fill_in " Token name " , with : name
2016-06-22 15:30:34 +05:30
# Set date to 1st of next month
2021-09-30 23:02:18 +05:30
find_field ( " Expiration date " ) . click
2017-08-17 22:00:37 +05:30
find ( " .pika-next " ) . click
2016-06-22 15:30:34 +05:30
click_on " 1 "
2017-08-17 22:00:37 +05:30
# Scopes
2022-06-21 17:19:12 +05:30
check " read_api "
2017-08-17 22:00:37 +05:30
check " read_user "
click_on " Create personal access token "
2022-07-23 23:45:48 +05:30
wait_for_all_requests
2018-12-05 23:21:45 +05:30
2023-01-13 00:05:48 +05:30
expect ( active_access_tokens ) . to have_text ( name )
expect ( active_access_tokens ) . to have_text ( 'in' )
expect ( active_access_tokens ) . to have_text ( 'read_api' )
expect ( active_access_tokens ) . to have_text ( 'read_user' )
expect ( created_access_token ) . to match ( / [ \ w-]{20} / )
2016-06-22 15:30:34 +05:30
end
context " when creation fails " do
it " displays an error message " do
2022-07-23 23:45:48 +05:30
number_tokens_before = PersonalAccessToken . count
2016-06-22 15:30:34 +05:30
visit profile_personal_access_tokens_path
2021-09-30 23:02:18 +05:30
fill_in " Token name " , with : 'My PAT'
2016-06-22 15:30:34 +05:30
2022-07-23 23:45:48 +05:30
click_on " Create personal access token "
wait_for_all_requests
expect ( number_tokens_before ) . to equal ( PersonalAccessToken . count )
expect ( page ) . to have_content ( _ ( " Scopes can't be blank " ) )
expect ( page ) . not_to have_selector ( " [data-testid='new-access-tokens'] " )
2016-06-22 15:30:34 +05:30
end
end
end
2017-08-17 22:00:37 +05:30
describe 'active tokens' do
let! ( :impersonation_token ) { create ( :personal_access_token , :impersonation , user : user ) }
let! ( :personal_access_token ) { create ( :personal_access_token , user : user ) }
it 'only shows personal access tokens' do
visit profile_personal_access_tokens_path
2023-01-13 00:05:48 +05:30
expect ( active_access_tokens ) . to have_text ( personal_access_token . name )
expect ( active_access_tokens ) . not_to have_text ( impersonation_token . name )
2017-08-17 22:00:37 +05:30
end
2021-11-11 11:23:49 +05:30
context 'when User#time_display_relative is false' do
before do
user . update! ( time_display_relative : false )
end
it 'shows absolute times for expires_at' do
visit profile_personal_access_tokens_path
2023-01-13 00:05:48 +05:30
expect ( active_access_tokens ) . to have_text ( PersonalAccessToken . last . expires_at . strftime ( '%b %-d' ) )
2021-11-11 11:23:49 +05:30
end
end
2017-08-17 22:00:37 +05:30
end
2016-06-22 15:30:34 +05:30
describe " inactive tokens " do
let! ( :personal_access_token ) { create ( :personal_access_token , user : user ) }
it " allows revocation of an active token " do
visit profile_personal_access_tokens_path
2022-07-23 23:45:48 +05:30
accept_gl_confirm ( button_text : 'Revoke' ) { click_on " Revoke " }
2016-06-22 15:30:34 +05:30
2023-01-13 00:05:48 +05:30
expect ( active_access_tokens ) . to have_text ( " This user has no active personal access tokens. " )
2016-06-22 15:30:34 +05:30
end
2017-09-10 17:25:29 +05:30
it " removes expired tokens from 'active' section " do
2021-04-29 21:17:54 +05:30
personal_access_token . update! ( expires_at : 5 . days . ago )
2016-06-22 15:30:34 +05:30
visit profile_personal_access_tokens_path
2023-01-13 00:05:48 +05:30
expect ( active_access_tokens ) . to have_text ( " This user has no active personal access tokens. " )
2016-06-22 15:30:34 +05:30
end
context " when revocation fails " do
it " displays an error message " do
2021-01-29 00:20:46 +05:30
allow_next_instance_of ( PersonalAccessTokens :: RevokeService ) do | instance |
allow ( instance ) . to receive ( :revocation_permitted? ) . and_return ( false )
end
2022-07-23 23:45:48 +05:30
visit profile_personal_access_tokens_path
2016-06-22 15:30:34 +05:30
2022-07-23 23:45:48 +05:30
accept_gl_confirm ( button_text : " Revoke " ) { click_on " Revoke " }
2023-01-13 00:05:48 +05:30
expect ( active_access_tokens ) . to have_text ( personal_access_token . name )
2016-06-22 15:30:34 +05:30
end
end
end
2021-02-22 17:27:13 +05:30
describe " feed token " do
2023-01-13 00:05:48 +05:30
def feed_token_description
" Your feed token authenticates you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar. It is visible in those feed URLs. "
end
2021-02-22 17:27:13 +05:30
context " when enabled " do
2022-03-02 08:16:31 +05:30
it " displays feed token " do
2021-02-22 17:27:13 +05:30
allow ( Gitlab :: CurrentSettings ) . to receive ( :disable_feed_token ) . and_return ( false )
visit profile_personal_access_tokens_path
2022-01-26 12:08:38 +05:30
within ( '[data-testid="feed-token-container"]' ) do
click_button ( 'Click to reveal' )
expect ( page ) . to have_field ( 'Feed token' , with : user . feed_token )
expect ( page ) . to have_content ( feed_token_description )
end
end
2021-02-22 17:27:13 +05:30
end
context " when disabled " do
it " does not display feed token " do
allow ( Gitlab :: CurrentSettings ) . to receive ( :disable_feed_token ) . and_return ( true )
visit profile_personal_access_tokens_path
2022-01-26 12:08:38 +05:30
expect ( page ) . not_to have_content ( feed_token_description )
expect ( page ) . not_to have_field ( 'Feed token' )
2021-02-22 17:27:13 +05:30
end
end
end
2021-04-17 20:07:23 +05:30
2021-09-30 23:02:18 +05:30
it " prefills token details " do
name = 'My PAT'
scopes = 'api,read_user'
visit profile_personal_access_tokens_path ( { name : name , scopes : scopes } )
expect ( page ) . to have_field ( " Token name " , with : name )
expect ( find ( " # personal_access_token_scopes_api " ) ) . to be_checked
expect ( find ( " # personal_access_token_scopes_read_user " ) ) . to be_checked
end
2016-06-22 15:30:34 +05:30
end