2019-07-25 01:21:37 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-11-09 16:39:32 -05:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-24 05:08:32 -04:00
|
|
|
RSpec.describe Gitlab::Auth::RequestAuthenticator do
|
2017-11-09 16:39:32 -05:00
|
|
|
let(:env) do
|
|
|
|
{
|
|
|
|
'rack.input' => '',
|
|
|
|
'REQUEST_METHOD' => 'GET'
|
|
|
|
}
|
|
|
|
end
|
2020-08-10 23:11:00 -04:00
|
|
|
|
2017-11-09 16:39:32 -05:00
|
|
|
let(:request) { ActionDispatch::Request.new(env) }
|
|
|
|
|
|
|
|
subject { described_class.new(request) }
|
|
|
|
|
2017-11-09 18:39:20 -05:00
|
|
|
describe '#user' do
|
2017-11-09 16:39:32 -05:00
|
|
|
let!(:sessionless_user) { build(:user) }
|
|
|
|
let!(:session_user) { build(:user) }
|
|
|
|
|
|
|
|
it 'returns sessionless user first' do
|
|
|
|
allow_any_instance_of(described_class).to receive(:find_sessionless_user).and_return(sessionless_user)
|
|
|
|
allow_any_instance_of(described_class).to receive(:find_user_from_warden).and_return(session_user)
|
|
|
|
|
2018-11-28 14:06:02 -05:00
|
|
|
expect(subject.user([:api])).to eq sessionless_user
|
2017-11-09 16:39:32 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns session user if no sessionless user found' do
|
|
|
|
allow_any_instance_of(described_class).to receive(:find_user_from_warden).and_return(session_user)
|
|
|
|
|
2018-11-28 14:06:02 -05:00
|
|
|
expect(subject.user([:api])).to eq session_user
|
2017-11-09 16:39:32 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns nil if no user found' do
|
2018-11-28 14:06:02 -05:00
|
|
|
expect(subject.user([:api])).to be_blank
|
2017-11-09 16:39:32 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'bubbles up exceptions' do
|
2017-11-16 11:03:19 -05:00
|
|
|
allow_any_instance_of(described_class).to receive(:find_user_from_warden).and_raise(Gitlab::Auth::UnauthorizedError)
|
2017-11-09 16:39:32 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-11-09 18:39:20 -05:00
|
|
|
describe '#find_sessionless_user' do
|
2017-11-09 16:39:32 -05:00
|
|
|
let!(:access_token_user) { build(:user) }
|
2018-05-31 10:01:04 -04:00
|
|
|
let!(:feed_token_user) { build(:user) }
|
2020-01-09 07:08:03 -05:00
|
|
|
let!(:static_object_token_user) { build(:user) }
|
|
|
|
let!(:job_token_user) { build(:user) }
|
2017-11-09 16:39:32 -05:00
|
|
|
|
|
|
|
it 'returns access_token user first' do
|
2018-11-28 14:06:02 -05:00
|
|
|
allow_any_instance_of(described_class).to receive(:find_user_from_web_access_token).and_return(access_token_user)
|
2018-05-31 10:01:04 -04:00
|
|
|
allow_any_instance_of(described_class).to receive(:find_user_from_feed_token).and_return(feed_token_user)
|
2017-11-09 16:39:32 -05:00
|
|
|
|
2018-11-28 14:06:02 -05:00
|
|
|
expect(subject.find_sessionless_user([:api])).to eq access_token_user
|
2017-11-09 16:39:32 -05:00
|
|
|
end
|
|
|
|
|
2018-05-31 10:01:04 -04:00
|
|
|
it 'returns feed_token user if no access_token user found' do
|
|
|
|
allow_any_instance_of(described_class).to receive(:find_user_from_feed_token).and_return(feed_token_user)
|
2017-11-09 16:39:32 -05:00
|
|
|
|
2018-11-28 14:06:02 -05:00
|
|
|
expect(subject.find_sessionless_user([:api])).to eq feed_token_user
|
2017-11-09 16:39:32 -05:00
|
|
|
end
|
|
|
|
|
2020-01-09 07:08:03 -05:00
|
|
|
it 'returns static_object_token user if no feed_token user found' do
|
|
|
|
allow_any_instance_of(described_class)
|
|
|
|
.to receive(:find_user_from_static_object_token)
|
|
|
|
.and_return(static_object_token_user)
|
|
|
|
|
|
|
|
expect(subject.find_sessionless_user([:api])).to eq static_object_token_user
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns job_token user if no static_object_token user found' do
|
|
|
|
allow_any_instance_of(described_class)
|
|
|
|
.to receive(:find_user_from_job_token)
|
|
|
|
.and_return(job_token_user)
|
|
|
|
|
|
|
|
expect(subject.find_sessionless_user([:api])).to eq job_token_user
|
|
|
|
end
|
|
|
|
|
2017-11-09 16:39:32 -05:00
|
|
|
it 'returns nil if no user found' do
|
2018-11-28 14:06:02 -05:00
|
|
|
expect(subject.find_sessionless_user([:api])).to be_blank
|
2017-11-09 16:39:32 -05:00
|
|
|
end
|
|
|
|
|
2017-11-17 07:33:21 -05:00
|
|
|
it 'rescue Gitlab::Auth::AuthenticationError exceptions' do
|
2018-11-28 14:06:02 -05:00
|
|
|
allow_any_instance_of(described_class).to receive(:find_user_from_web_access_token).and_raise(Gitlab::Auth::UnauthorizedError)
|
2017-11-09 16:39:32 -05:00
|
|
|
|
2018-11-28 14:06:02 -05:00
|
|
|
expect(subject.find_sessionless_user([:api])).to be_blank
|
2017-11-09 16:39:32 -05:00
|
|
|
end
|
|
|
|
end
|
2019-12-11 07:08:10 -05:00
|
|
|
|
2020-01-09 07:08:03 -05:00
|
|
|
describe '#find_user_from_job_token' do
|
|
|
|
let!(:user) { build(:user) }
|
2020-09-02 11:10:54 -04:00
|
|
|
let!(:job) { build(:ci_build, user: user, status: :running) }
|
2020-01-09 07:08:03 -05:00
|
|
|
|
|
|
|
before do
|
|
|
|
env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = 'token'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with API requests' do
|
|
|
|
before do
|
|
|
|
env['SCRIPT_NAME'] = '/api/endpoint'
|
2020-09-02 11:10:54 -04:00
|
|
|
expect(::Ci::Build).to receive(:find_by_token).with('token').and_return(job)
|
2020-01-09 07:08:03 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'tries to find the user' do
|
|
|
|
expect(subject.find_sessionless_user([:api])).to eq user
|
|
|
|
end
|
2020-09-02 11:10:54 -04:00
|
|
|
|
|
|
|
it 'returns nil if the job is not running' do
|
|
|
|
job.status = :success
|
|
|
|
|
|
|
|
expect(subject.find_sessionless_user([:api])).to be_blank
|
|
|
|
end
|
2020-01-09 07:08:03 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'without API requests' do
|
|
|
|
before do
|
|
|
|
env['SCRIPT_NAME'] = '/web/endpoint'
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not search for job users' do
|
|
|
|
expect(::Ci::Build).not_to receive(:find_by_token)
|
|
|
|
|
|
|
|
expect(subject.find_sessionless_user([:api])).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-12-11 07:08:10 -05:00
|
|
|
describe '#runner' do
|
|
|
|
let!(:runner) { build(:ci_runner) }
|
|
|
|
|
|
|
|
it 'returns the runner using #find_runner_from_token' do
|
|
|
|
expect_any_instance_of(described_class)
|
|
|
|
.to receive(:find_runner_from_token)
|
|
|
|
.and_return(runner)
|
|
|
|
|
|
|
|
expect(subject.runner).to eq runner
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns nil if no runner is found' do
|
|
|
|
expect(subject.runner).to be_blank
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'rescue Gitlab::Auth::AuthenticationError exceptions' do
|
|
|
|
expect_any_instance_of(described_class)
|
|
|
|
.to receive(:find_runner_from_token)
|
|
|
|
.and_raise(Gitlab::Auth::UnauthorizedError)
|
|
|
|
|
|
|
|
expect(subject.runner).to be_blank
|
|
|
|
end
|
|
|
|
end
|
2017-11-09 16:39:32 -05:00
|
|
|
end
|