debian-mirror-gitlab/spec/services/access_token_validation_service_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe AccessTokenValidationService do
  describe ".include_any_scope?" do
    let(:request) { double("request") }

    it "returns true if the required scope is present in the token's scopes" do
      token = double("token", scopes: [:api, :read_user])
      scopes = [:api]

      expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
    end

    it "returns true if more than one of the required scopes is present in the token's scopes" do
      token = double("token", scopes: [:api, :read_user, :other_scope])
      scopes = [:api, :other_scope]

      expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
    end

    it "returns true if the list of required scopes is an exact match for the token's scopes" do
      token = double("token", scopes: [:api, :read_user, :other_scope])
      scopes = [:api, :read_user, :other_scope]

      expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
    end

    it "returns true if the list of required scopes contains all of the token's scopes, in addition to others" do
      token = double("token", scopes: [:api, :read_user])
      scopes = [:api, :read_user, :other_scope]

      expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
    end

    it 'returns true if the list of required scopes is blank' do
      token = double("token", scopes: [])
      scopes = []

      expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
    end

    it "returns false if there are no scopes in common between the required scopes and the token scopes" do
      token = double("token", scopes: [:api, :read_user])
      scopes = [:other_scope]

      expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(false)
    end

    context "conditions" do
      it "ignores any scopes whose `if` condition returns false" do
        token = double("token", scopes: [:api, :read_user])
        scopes = [API::Scope.new(:api, if: ->(_) { false })]

        expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(false)
      end

      it "does not ignore scopes whose `if` condition is not set" do
        token = double("token", scopes: [:api, :read_user])
        scopes = [API::Scope.new(:api, if: ->(_) { false }), :read_user]

        expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
      end

      it "does not ignore scopes whose `if` condition returns true" do
        token = double("token", scopes: [:api, :read_user])
        scopes = [API::Scope.new(:api, if: ->(_) { true }), API::Scope.new(:read_user, if: ->(_) { false })]

        expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)
      end
    end
  end
end
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`# frozen_string_literal: true`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`require 'spec_helper'`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`RSpec.describe AccessTokenValidationService do`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`describe ".include_any_scope?" do`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`let(:request) { double("request") }`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`it "returns true if the required scope is present in the token's scopes" do`
			`token = double("token", scopes: [:api, :read_user])`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`scopes = [:api]`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

			`it "returns true if more than one of the required scopes is present in the token's scopes" do`
			`token = double("token", scopes: [:api, :read_user, :other_scope])`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`scopes = [:api, :other_scope]`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

			`it "returns true if the list of required scopes is an exact match for the token's scopes" do`
			`token = double("token", scopes: [:api, :read_user, :other_scope])`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`scopes = [:api, :read_user, :other_scope]`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

			`it "returns true if the list of required scopes contains all of the token's scopes, in addition to others" do`
			`token = double("token", scopes: [:api, :read_user])`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`scopes = [:api, :read_user, :other_scope]`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

			`it 'returns true if the list of required scopes is blank' do`
			`token = double("token", scopes: [])`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`scopes = []`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

			`it "returns false if there are no scopes in common between the required scopes and the token scopes" do`
			`token = double("token", scopes: [:api, :read_user])`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`scopes = [:other_scope]`

			`expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(false)`
			`end`

			`context "conditions" do`
			it "ignores any scopes whose `if` condition returns false" do
			`token = double("token", scopes: [:api, :read_user])`
			`scopes = [API::Scope.new(:api, if: ->(_) { false })]`

			`expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(false)`
			`end`

			it "does not ignore scopes whose `if` condition is not set" do
			`token = double("token", scopes: [:api, :read_user])`
			`scopes = [API::Scope.new(:api, if: ->(_) { false }), :read_user]`

			`expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)`
			`end`

			it "does not ignore scopes whose `if` condition returns true" do
			`token = double("token", scopes: [:api, :read_user])`
			`scopes = [API::Scope.new(:api, if: ->(_) { true }), API::Scope.new(:read_user, if: ->(_) { false })]`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`expect(described_class.new(token, request: request).include_any_scope?(scopes)).to be(true)`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
			`end`
			`end`