59 lines
2.1 KiB
Ruby
59 lines
2.1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'spec_helper'
|
|
require_migration!
|
|
|
|
RSpec.describe RemoveScimTokenAndScimIdentityNonRootGroup, feature_category: :system_access do
|
|
let(:namespaces) { table(:namespaces) }
|
|
let(:scim_oauth_access_tokens) { table(:scim_oauth_access_tokens) }
|
|
let(:scim_identities) { table(:scim_identities) }
|
|
let(:users) { table(:users) }
|
|
let(:root_group) do
|
|
namespaces.create!(name: 'root_group', path: 'foo', parent_id: nil, type: 'Group')
|
|
end
|
|
|
|
let(:non_root_group) do
|
|
namespaces.create!(name: 'non_root_group', path: 'non_root', parent_id: root_group.id, type: 'Group')
|
|
end
|
|
|
|
let(:root_group_user) do
|
|
users.create!(name: 'Example User', email: 'user@example.com', projects_limit: 0)
|
|
end
|
|
|
|
let(:non_root_group_user) do
|
|
users.create!(username: 'user2', email: 'user2@example.com', projects_limit: 10)
|
|
end
|
|
|
|
it 'removes scim_oauth_access_tokens that belong to non-root group and related scim_identities' do
|
|
scim_oauth_access_token_root_group = scim_oauth_access_tokens.create!(
|
|
group_id: root_group.id,
|
|
token_encrypted: Gitlab::CryptoHelper.aes256_gcm_encrypt(SecureRandom.hex(50))
|
|
)
|
|
scim_oauth_access_token_non_root_group = scim_oauth_access_tokens.create!(
|
|
group_id: non_root_group.id,
|
|
token_encrypted: Gitlab::CryptoHelper.aes256_gcm_encrypt(SecureRandom.hex(50))
|
|
)
|
|
|
|
scim_identity_root_group = scim_identities.create!(
|
|
group_id: root_group.id,
|
|
extern_uid: "12345",
|
|
user_id: root_group_user.id,
|
|
active: true
|
|
)
|
|
|
|
scim_identity_non_root_group = scim_identities.create!(
|
|
group_id: non_root_group.id,
|
|
extern_uid: "12345",
|
|
user_id: non_root_group_user.id,
|
|
active: true
|
|
)
|
|
|
|
expect { migrate! }.to change { scim_oauth_access_tokens.count }.from(2).to(1)
|
|
expect(scim_oauth_access_tokens.find_by_id(scim_oauth_access_token_non_root_group.id)).to be_nil
|
|
expect(scim_identities.find_by_id(scim_identity_non_root_group.id)).to be_nil
|
|
|
|
expect(scim_oauth_access_tokens.find_by_id(scim_oauth_access_token_root_group.id)).not_to be_nil
|
|
expect(scim_identities.find_by_id(scim_identity_root_group.id)).not_to be_nil
|
|
end
|
|
end
|