2019-11-07 22:06:48 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2019-04-09 11:38:58 -04:00
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
describe Gitlab::ExternalAuthorization, :request_store do
|
|
|
|
include ExternalAuthorizationServiceHelpers
|
|
|
|
|
|
|
|
let(:user) { build(:user) }
|
|
|
|
let(:label) { 'dummy_label' }
|
|
|
|
|
|
|
|
describe '#access_allowed?' do
|
|
|
|
it 'is always true when the feature is disabled' do
|
|
|
|
# Not using `stub_application_setting` because the method is prepended in
|
|
|
|
# `EE::ApplicationSetting` which breaks when using `any_instance`
|
2019-09-18 10:02:45 -04:00
|
|
|
# https://gitlab.com/gitlab-org/gitlab-foss/issues/33587
|
2019-04-09 11:38:58 -04:00
|
|
|
expect(::Gitlab::CurrentSettings.current_application_settings)
|
|
|
|
.to receive(:external_authorization_service_enabled) { false }
|
|
|
|
|
|
|
|
expect(described_class).not_to receive(:access_for_user_to_label)
|
|
|
|
|
|
|
|
expect(described_class.access_allowed?(user, label)).to be_truthy
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#rejection_reason' do
|
|
|
|
it 'is always nil when the feature is disabled' do
|
|
|
|
expect(::Gitlab::CurrentSettings.current_application_settings)
|
|
|
|
.to receive(:external_authorization_service_enabled) { false }
|
|
|
|
|
|
|
|
expect(described_class).not_to receive(:access_for_user_to_label)
|
|
|
|
|
|
|
|
expect(described_class.rejection_reason(user, label)).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#access_for_user_to_label' do
|
|
|
|
it 'only loads the access once per request' do
|
|
|
|
enable_external_authorization_service_check
|
|
|
|
|
|
|
|
expect(::Gitlab::ExternalAuthorization::Access)
|
|
|
|
.to receive(:new).with(user, label).once.and_call_original
|
|
|
|
|
|
|
|
2.times { described_class.access_for_user_to_label(user, label, nil) }
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'logs the access request once per request' do
|
|
|
|
expect(::Gitlab::ExternalAuthorization::Logger)
|
|
|
|
.to receive(:log_access)
|
|
|
|
.with(an_instance_of(::Gitlab::ExternalAuthorization::Access),
|
|
|
|
'the/project/path')
|
|
|
|
.once
|
|
|
|
|
|
|
|
2.times { described_class.access_for_user_to_label(user, label, 'the/project/path') }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|