2019-07-25 05:24:42 +00:00
# frozen_string_literal: true
2016-04-20 06:28:48 +00:00
require 'spec_helper'
2020-06-16 18:09:01 +00:00
RSpec . describe 'Profile > Personal Access Tokens' , :js do
2016-04-20 06:28:48 +00:00
let ( :user ) { create ( :user ) }
2020-11-09 12:09:24 +00:00
let ( :pat_create_service ) { double ( 'PersonalAccessTokens::CreateService' , execute : ServiceResponse . error ( message : 'error' , payload : { personal_access_token : PersonalAccessToken . new } ) ) }
2016-04-20 06:28:48 +00:00
2016-06-02 02:57:47 +00:00
def active_personal_access_tokens
2022-05-23 09:08:01 +00:00
find ( " [data-testid='active-tokens'] " )
2016-06-02 02:57:47 +00:00
end
def created_personal_access_token
2022-06-07 15:08:12 +00:00
find_field ( 'new-access-token' ) . value
2016-06-02 02:57:47 +00:00
end
2021-06-11 03:10:14 +00:00
def feed_token_description
" Your feed token authenticates you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar. It is visible in those feed URLs. "
end
2016-04-20 06:28:48 +00:00
before do
2021-11-11 12:10:41 +00:00
stub_feature_flags ( bootstrap_confirmation_modals : false )
2017-06-21 23:44:10 +00:00
sign_in ( user )
2016-04-20 06:28:48 +00:00
end
describe " token creation " do
2017-03-01 16:59:03 +00:00
it " allows creation of a personal access token " do
2017-03-23 13:08:39 +00:00
name = 'My PAT'
2016-04-20 06:28:48 +00:00
2016-06-02 02:57:47 +00:00
visit profile_personal_access_tokens_path
2021-06-17 12:10:02 +00:00
fill_in " Token name " , with : name
2016-04-25 09:00:59 +00:00
# Set date to 1st of next month
2021-06-17 12:10:02 +00:00
find_field ( " Expiration date " ) . click
2017-01-06 14:43:21 +00:00
find ( " .pika-next " ) . click
2016-04-25 09:00:59 +00:00
click_on " 1 "
2016-11-28 07:43:53 +00:00
# Scopes
2022-04-14 18:08:29 +00:00
check " read_api "
2016-11-28 07:43:53 +00:00
check " read_user "
2016-11-22 08:57:31 +00:00
2017-04-03 23:10:06 +00:00
click_on " Create personal access token "
2022-05-23 09:08:01 +00:00
wait_for_all_requests
2018-11-08 15:03:56 +00:00
2016-11-28 07:43:53 +00:00
expect ( active_personal_access_tokens ) . to have_text ( name )
2021-09-15 18:11:29 +00:00
expect ( active_personal_access_tokens ) . to have_text ( 'in' )
2022-04-14 18:08:29 +00:00
expect ( active_personal_access_tokens ) . to have_text ( 'read_api' )
2016-11-28 07:43:53 +00:00
expect ( active_personal_access_tokens ) . to have_text ( 'read_user' )
2018-11-08 15:03:56 +00:00
expect ( created_personal_access_token ) . not_to be_empty
2016-11-22 08:57:31 +00:00
end
2016-06-03 04:23:49 +00:00
context " when creation fails " do
it " displays an error message " do
2022-05-23 09:08:01 +00:00
number_tokens_before = PersonalAccessToken . count
2016-06-03 04:23:49 +00:00
visit profile_personal_access_tokens_path
2021-06-17 12:10:02 +00:00
fill_in " Token name " , with : 'My PAT'
2016-06-03 04:23:49 +00:00
2022-05-23 09:08:01 +00:00
click_on " Create personal access token "
wait_for_all_requests
expect ( number_tokens_before ) . to equal ( PersonalAccessToken . count )
expect ( page ) . to have_content ( _ ( " Scopes can't be blank " ) )
expect ( page ) . not_to have_selector ( " [data-testid='new-access-tokens'] " )
2016-06-03 04:23:49 +00:00
end
end
2016-04-20 06:28:48 +00:00
end
2017-02-23 17:47:06 +00:00
describe 'active tokens' do
2017-03-01 16:59:03 +00:00
let! ( :impersonation_token ) { create ( :personal_access_token , :impersonation , user : user ) }
2017-02-23 17:47:06 +00:00
let! ( :personal_access_token ) { create ( :personal_access_token , user : user ) }
2017-03-01 16:59:03 +00:00
it 'only shows personal access tokens' do
2017-02-23 17:47:06 +00:00
visit profile_personal_access_tokens_path
expect ( active_personal_access_tokens ) . to have_text ( personal_access_token . name )
expect ( active_personal_access_tokens ) . not_to have_text ( impersonation_token . name )
end
2021-09-15 18:11:29 +00:00
context 'when User#time_display_relative is false' do
before do
user . update! ( time_display_relative : false )
end
it 'shows absolute times for expires_at' do
visit profile_personal_access_tokens_path
2021-09-26 21:10:02 +00:00
expect ( active_personal_access_tokens ) . to have_text ( PersonalAccessToken . last . expires_at . strftime ( '%b %-d' ) )
2021-09-15 18:11:29 +00:00
end
end
2017-02-23 17:47:06 +00:00
end
2016-04-20 06:28:48 +00:00
describe " inactive tokens " do
2016-06-03 04:23:49 +00:00
let! ( :personal_access_token ) { create ( :personal_access_token , user : user ) }
2016-04-20 06:28:48 +00:00
it " allows revocation of an active token " do
visit profile_personal_access_tokens_path
2017-10-30 16:17:31 +00:00
accept_confirm { click_on " Revoke " }
2016-04-20 06:28:48 +00:00
2022-05-23 09:08:01 +00:00
expect ( active_personal_access_tokens ) . to have_text ( " This user has no active personal access tokens. " )
2016-04-20 06:28:48 +00:00
end
2017-07-14 09:36:47 +00:00
it " removes expired tokens from 'active' section " do
2021-03-31 12:08:55 +00:00
personal_access_token . update! ( expires_at : 5 . days . ago )
2016-04-20 06:28:48 +00:00
visit profile_personal_access_tokens_path
2022-05-23 09:08:01 +00:00
expect ( active_personal_access_tokens ) . to have_text ( " This user has no active personal access tokens. " )
2016-04-20 06:28:48 +00:00
end
2016-06-03 04:23:49 +00:00
context " when revocation fails " do
it " displays an error message " do
2020-11-09 12:09:24 +00:00
allow_next_instance_of ( PersonalAccessTokens :: RevokeService ) do | instance |
allow ( instance ) . to receive ( :revocation_permitted? ) . and_return ( false )
end
2022-05-23 09:08:01 +00:00
visit profile_personal_access_tokens_path
2016-06-03 04:23:49 +00:00
2017-10-30 16:17:31 +00:00
accept_confirm { click_on " Revoke " }
2016-06-03 04:23:49 +00:00
expect ( active_personal_access_tokens ) . to have_text ( personal_access_token . name )
end
end
2016-04-20 06:28:48 +00:00
end
2020-12-17 00:09:53 +00:00
describe " feed token " do
context " when enabled " do
2022-01-17 15:16:12 +00:00
it " displays feed token " do
2020-12-17 00:09:53 +00:00
allow ( Gitlab :: CurrentSettings ) . to receive ( :disable_feed_token ) . and_return ( false )
visit profile_personal_access_tokens_path
2021-12-16 00:15:50 +00:00
within ( '[data-testid="feed-token-container"]' ) do
click_button ( 'Click to reveal' )
expect ( page ) . to have_field ( 'Feed token' , with : user . feed_token )
expect ( page ) . to have_content ( feed_token_description )
end
end
2020-12-17 00:09:53 +00:00
end
context " when disabled " do
it " does not display feed token " do
allow ( Gitlab :: CurrentSettings ) . to receive ( :disable_feed_token ) . and_return ( true )
visit profile_personal_access_tokens_path
2021-12-16 00:15:50 +00:00
expect ( page ) . not_to have_content ( feed_token_description )
expect ( page ) . not_to have_field ( 'Feed token' )
2020-12-17 00:09:53 +00:00
end
end
end
2021-02-25 03:10:50 +00:00
it 'pushes `personal_access_tokens_scoped_to_projects` feature flag to the frontend' do
visit profile_personal_access_tokens_path
expect ( page ) . to have_pushed_frontend_feature_flags ( personalAccessTokensScopedToProjects : true )
end
2021-06-30 12:07:58 +00:00
it " prefills token details " do
name = 'My PAT'
scopes = 'api,read_user'
visit profile_personal_access_tokens_path ( { name : name , scopes : scopes } )
expect ( page ) . to have_field ( " Token name " , with : name )
expect ( find ( " # personal_access_token_scopes_api " ) ) . to be_checked
expect ( find ( " # personal_access_token_scopes_read_user " ) ) . to be_checked
end
2022-05-23 09:08:01 +00:00
context 'access_token_ajax feature flag disabled' do
def active_personal_access_tokens
find ( " .table.active-tokens " )
end
def no_personal_access_tokens_message
find ( " .settings-message " )
end
def created_personal_access_token
find ( " # created-personal-access-token " ) . value
end
def disallow_personal_access_token_saves!
allow_next_instance_of ( PersonalAccessToken ) do | pat |
pat . errors . add ( :name , 'cannot be nil' )
end
allow ( PersonalAccessTokens :: CreateService ) . to receive ( :new ) . and_return ( pat_create_service )
end
before do
stub_feature_flags ( bootstrap_confirmation_modals : false )
stub_feature_flags ( access_token_ajax : false )
sign_in ( user )
end
describe " token creation " do
it " allows creation of a personal access token " do
name = 'My PAT'
visit profile_personal_access_tokens_path
fill_in " Token name " , with : name
# Set date to 1st of next month
find_field ( " Expiration date " ) . click
find ( " .pika-next " ) . click
click_on " 1 "
# Scopes
check " read_api "
check " read_user "
click_on " Create personal access token "
expect ( active_personal_access_tokens ) . to have_text ( name )
expect ( active_personal_access_tokens ) . to have_text ( 'in' )
expect ( active_personal_access_tokens ) . to have_text ( 'read_api' )
expect ( active_personal_access_tokens ) . to have_text ( 'read_user' )
expect ( created_personal_access_token ) . not_to be_empty
end
context " when creation fails " do
it " displays an error message " do
disallow_personal_access_token_saves!
visit profile_personal_access_tokens_path
fill_in " Token name " , with : 'My PAT'
expect { click_on " Create personal access token " } . not_to change { PersonalAccessToken . count }
expect ( page ) . to have_content ( " Name cannot be nil " )
expect ( page ) . not_to have_selector ( " # created-personal-access-token " )
end
end
end
describe 'active tokens' do
let! ( :impersonation_token ) { create ( :personal_access_token , :impersonation , user : user ) }
let! ( :personal_access_token ) { create ( :personal_access_token , user : user ) }
it 'only shows personal access tokens' do
visit profile_personal_access_tokens_path
expect ( active_personal_access_tokens ) . to have_text ( personal_access_token . name )
expect ( active_personal_access_tokens ) . not_to have_text ( impersonation_token . name )
end
context 'when User#time_display_relative is false' do
before do
user . update! ( time_display_relative : false )
end
it 'shows absolute times for expires_at' do
visit profile_personal_access_tokens_path
expect ( active_personal_access_tokens ) . to have_text ( PersonalAccessToken . last . expires_at . strftime ( '%b %-d' ) )
end
end
end
describe " inactive tokens " do
let! ( :personal_access_token ) { create ( :personal_access_token , user : user ) }
it " allows revocation of an active token " do
visit profile_personal_access_tokens_path
accept_confirm { click_on " Revoke " }
expect ( page ) . to have_selector ( " .settings-message " )
expect ( no_personal_access_tokens_message ) . to have_text ( " This user has no active personal access tokens. " )
end
it " removes expired tokens from 'active' section " do
personal_access_token . update! ( expires_at : 5 . days . ago )
visit profile_personal_access_tokens_path
expect ( page ) . to have_selector ( " .settings-message " )
expect ( no_personal_access_tokens_message ) . to have_text ( " This user has no active personal access tokens. " )
end
context " when revocation fails " do
it " displays an error message " do
allow_next_instance_of ( PersonalAccessTokens :: RevokeService ) do | instance |
allow ( instance ) . to receive ( :revocation_permitted? ) . and_return ( false )
end
visit profile_personal_access_tokens_path
accept_confirm { click_on " Revoke " }
expect ( active_personal_access_tokens ) . to have_text ( personal_access_token . name )
end
end
end
end
2016-04-20 06:28:48 +00:00
end