gitlab-org--gitlab-foss/spec/requests/api/deploy_tokens_spec.rb

# frozen_string_literal: true

require 'spec_helper'

describe API::DeployTokens do
  let_it_be(:user)          { create(:user) }
  let_it_be(:creator)       { create(:user) }
  let_it_be(:project)       { create(:project, creator_id: creator.id) }
  let_it_be(:group)         { create(:group) }
  let!(:deploy_token) { create(:deploy_token, projects: [project]) }
  let!(:group_deploy_token) { create(:deploy_token, :group, groups: [group]) }

  shared_examples 'with feature flag disabled' do
    context 'disabled feature flag' do
      before do
        stub_feature_flags(deploy_tokens_api: false)
      end

      it { is_expected.to have_gitlab_http_status(:service_unavailable) }
    end
  end

  describe 'GET /deploy_tokens' do
    subject do
      get api('/deploy_tokens', user)
      response
    end

    it_behaves_like 'with feature flag disabled'

    context 'when unauthenticated' do
      let(:user) { nil }

      it { is_expected.to have_gitlab_http_status(:unauthorized) }
    end

    context 'when authenticated as non-admin user' do
      let(:user) { creator }

      it { is_expected.to have_gitlab_http_status(:forbidden) }
    end

    context 'when authenticated as admin' do
      let(:user) { create(:admin) }

      it { is_expected.to have_gitlab_http_status(:ok) }

      it 'returns all deploy tokens' do
        subject

        expect(response).to include_pagination_headers
        expect(response).to match_response_schema('public_api/v4/deploy_tokens')
      end
    end
  end

  describe 'GET /projects/:id/deploy_tokens' do
    subject do
      get api("/projects/#{project.id}/deploy_tokens", user)
      response
    end

    context 'when unauthenticated' do
      let(:user) { nil }

      it { is_expected.to have_gitlab_http_status(:not_found) }
    end

    context 'when authenticated as non-admin user' do
      before do
        project.add_developer(user)
      end

      it { is_expected.to have_gitlab_http_status(:forbidden) }
    end

    context 'when authenticated as maintainer' do
      let!(:other_deploy_token) { create(:deploy_token) }

      before do
        project.add_maintainer(user)
      end

      it_behaves_like 'with feature flag disabled'

      it { is_expected.to have_gitlab_http_status(:ok) }

      it 'returns all deploy tokens for the project' do
        subject

        expect(response).to include_pagination_headers
        expect(response).to match_response_schema('public_api/v4/deploy_tokens')
      end

      it 'does not return deploy tokens for other projects' do
        subject

        token_ids = json_response.map { |token| token['id'] }
        expect(token_ids).not_to include(other_deploy_token.id)
      end
    end
  end

  describe 'GET /groups/:id/deploy_tokens' do
    subject do
      get api("/groups/#{group.id}/deploy_tokens", user)
      response
    end

    context 'when unauthenticated' do
      let(:user) { nil }

      it { is_expected.to have_gitlab_http_status(:forbidden) }
    end

    context 'when authenticated as non-admin user' do
      before do
        group.add_developer(user)
      end

      it { is_expected.to have_gitlab_http_status(:forbidden) }
    end

    context 'when authenticated as maintainer' do
      let!(:other_deploy_token) { create(:deploy_token, :group) }

      before do
        group.add_maintainer(user)
      end

      it_behaves_like 'with feature flag disabled'

      it { is_expected.to have_gitlab_http_status(:ok) }

      it 'returns all deploy tokens for the group' do
        subject

        expect(response).to include_pagination_headers
        expect(response).to match_response_schema('public_api/v4/deploy_tokens')
      end

      it 'does not return deploy tokens for other groups' do
        subject

        token_ids = json_response.map { |token| token['id'] }
        expect(token_ids).not_to include(other_deploy_token.id)
      end
    end
  end

  describe 'DELETE /projects/:id/deploy_tokens/:token_id' do
    subject do
      delete api("/projects/#{project.id}/deploy_tokens/#{deploy_token.id}", user)
      response
    end

    context 'when unauthenticated' do
      let(:user) { nil }

      it { is_expected.to have_gitlab_http_status(:not_found) }
    end

    context 'when authenticated as non-admin user' do
      before do
        project.add_developer(user)
      end

      it { is_expected.to have_gitlab_http_status(:forbidden) }
    end

    context 'when authenticated as maintainer' do
      before do
        project.add_maintainer(user)
      end

      it { is_expected.to have_gitlab_http_status(:no_content) }

      it 'deletes the deploy token' do
        expect { subject }.to change { project.deploy_tokens.count }.by(-1)
      end

      context 'invalid request' do
        it 'returns not found with invalid group id' do
          delete api("/projects/bad_id/deploy_tokens/#{group_deploy_token.id}", user)

          expect(response).to have_gitlab_http_status(:not_found)
        end

        it 'returns bad_request with invalid token id' do
          delete api("/projects/#{project.id}/deploy_tokens/123abc", user)

          expect(response).to have_gitlab_http_status(:bad_request)
        end
      end
    end
  end

  context 'deploy token creation' do
    shared_examples 'creating a deploy token' do |entity, unauthenticated_response|
      let(:params) do
        {
          name: 'Foo',
          expires_at: 1.year.from_now,
          scopes: [
            'read_repository'
          ],
          username: 'Bar'
        }
      end

      context 'when unauthenticated' do
        let(:user) { nil }

        it { is_expected.to have_gitlab_http_status(unauthenticated_response) }
      end

      context 'when authenticated as non-admin user' do
        before do
          send(entity).add_developer(user)
        end

        it { is_expected.to have_gitlab_http_status(:forbidden) }
      end

      context 'when authenticated as maintainer' do
        before do
          send(entity).add_maintainer(user)
        end

        it 'creates the deploy token' do
          expect { subject }.to change { DeployToken.count }.by(1)

          expect(response).to have_gitlab_http_status(:created)
          expect(response).to match_response_schema('public_api/v4/deploy_token')
        end

        context 'with no optional params given' do
          let(:params) do
            {
              name: 'Foo',
              scopes: [
                'read_repository'
              ]
            }
          end

          it 'creates the deploy token with default values' do
            subject

            expect(response).to have_gitlab_http_status(:created)
            expect(json_response['username']).to match(/gitlab\+deploy-token-\d+/)
            expect(json_response['expires_at']).to eq(nil)
          end
        end

        context 'with an invalid scope' do
          before do
            params[:scopes] = %w[read_repository all_access]
          end

          it { is_expected.to have_gitlab_http_status(:bad_request) }
        end
      end
    end

    describe 'POST /projects/:id/deploy_tokens' do
      subject do
        post api("/projects/#{project.id}/deploy_tokens", user), params: params
        response
      end

      it_behaves_like 'creating a deploy token', :project, :not_found
    end

    describe 'POST /groups/:id/deploy_tokens' do
      subject do
        post api("/groups/#{group.id}/deploy_tokens", user), params: params
        response
      end

      it_behaves_like 'creating a deploy token', :group, :forbidden
    end
  end

  describe 'DELETE /groups/:id/deploy_tokens/:token_id' do
    subject do
      delete api("/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}", user)
      response
    end

    context 'when unauthenticated' do
      let(:user) { nil }

      it { is_expected.to have_gitlab_http_status(:forbidden) }
    end

    context 'when authenticated as non-admin user' do
      before do
        group.add_developer(user)
      end

      it { is_expected.to have_gitlab_http_status(:forbidden) }
    end

    context 'when authenticated as maintainer' do
      before do
        group.add_maintainer(user)
      end

      it 'deletes the deploy token' do
        expect { subject }.to change { group.deploy_tokens.count }.by(-1)

        expect(group.deploy_tokens).to be_empty
      end

      context 'invalid request' do
        it 'returns bad request with invalid group id' do
          delete api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user)

          expect(response).to have_gitlab_http_status(:not_found)
        end

        it 'returns not found with invalid deploy token id' do
          delete api("/groups/#{group.id}/deploy_tokens/bad_id", user)

          expect(response).to have_gitlab_http_status(:not_found)
        end
      end
    end
  end
end
Add latest changes from gitlab-org/gitlab@master 2020-02-20 03:08:57 +00:00			`# frozen_string_literal: true`

			`require 'spec_helper'`

			`describe API::DeployTokens do`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00			`let_it_be(:user) { create(:user) }`
			`let_it_be(:creator) { create(:user) }`
			`let_it_be(:project) { create(:project, creator_id: creator.id) }`
			`let_it_be(:group) { create(:group) }`
Add latest changes from gitlab-org/gitlab@master 2020-02-20 03:08:57 +00:00			`let!(:deploy_token) { create(:deploy_token, projects: [project]) }`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00			`let!(:group_deploy_token) { create(:deploy_token, :group, groups: [group]) }`
Add latest changes from gitlab-org/gitlab@master 2020-02-20 03:08:57 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 06:10:11 +00:00			`shared_examples 'with feature flag disabled' do`
			`context 'disabled feature flag' do`
			`before do`
			`stub_feature_flags(deploy_tokens_api: false)`
			`end`

			`it { is_expected.to have_gitlab_http_status(:service_unavailable) }`
			`end`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-02-20 03:08:57 +00:00			`describe 'GET /deploy_tokens' do`
Add latest changes from gitlab-org/gitlab@master 2020-02-28 12:09:05 +00:00			`subject do`
			`get api('/deploy_tokens', user)`
			`response`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-02-20 03:08:57 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 06:10:11 +00:00			`it_behaves_like 'with feature flag disabled'`

Add latest changes from gitlab-org/gitlab@master 2020-02-20 03:08:57 +00:00			`context 'when unauthenticated' do`
			`let(:user) { nil }`

Add latest changes from gitlab-org/gitlab@master 2020-02-28 12:09:05 +00:00			`it { is_expected.to have_gitlab_http_status(:unauthorized) }`
Add latest changes from gitlab-org/gitlab@master 2020-02-20 03:08:57 +00:00			`end`

			`context 'when authenticated as non-admin user' do`
			`let(:user) { creator }`

Add latest changes from gitlab-org/gitlab@master 2020-02-28 12:09:05 +00:00			`it { is_expected.to have_gitlab_http_status(:forbidden) }`
Add latest changes from gitlab-org/gitlab@master 2020-02-20 03:08:57 +00:00			`end`

			`context 'when authenticated as admin' do`
			`let(:user) { create(:admin) }`

Add latest changes from gitlab-org/gitlab@master 2020-02-28 12:09:05 +00:00			`it { is_expected.to have_gitlab_http_status(:ok) }`

Add latest changes from gitlab-org/gitlab@master 2020-02-20 03:08:57 +00:00			`it 'returns all deploy tokens' do`
			`subject`

			`expect(response).to include_pagination_headers`
Add latest changes from gitlab-org/gitlab@master 2020-02-28 12:09:05 +00:00			`expect(response).to match_response_schema('public_api/v4/deploy_tokens')`
			`end`
			`end`
			`end`

			`describe 'GET /projects/:id/deploy_tokens' do`
			`subject do`
			`get api("/projects/#{project.id}/deploy_tokens", user)`
			`response`
			`end`

			`context 'when unauthenticated' do`
			`let(:user) { nil }`

			`it { is_expected.to have_gitlab_http_status(:not_found) }`
			`end`

			`context 'when authenticated as non-admin user' do`
			`before do`
			`project.add_developer(user)`
			`end`

			`it { is_expected.to have_gitlab_http_status(:forbidden) }`
			`end`

			`context 'when authenticated as maintainer' do`
			`let!(:other_deploy_token) { create(:deploy_token) }`

			`before do`
			`project.add_maintainer(user)`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-03-11 06:10:11 +00:00			`it_behaves_like 'with feature flag disabled'`

Add latest changes from gitlab-org/gitlab@master 2020-02-28 12:09:05 +00:00			`it { is_expected.to have_gitlab_http_status(:ok) }`

			`it 'returns all deploy tokens for the project' do`
			`subject`

			`expect(response).to include_pagination_headers`
			`expect(response).to match_response_schema('public_api/v4/deploy_tokens')`
			`end`

			`it 'does not return deploy tokens for other projects' do`
			`subject`

			`token_ids = json_response.map { \|token\| token['id'] }`
			`expect(token_ids).not_to include(other_deploy_token.id)`
Add latest changes from gitlab-org/gitlab@master 2020-02-20 03:08:57 +00:00			`end`
			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 06:10:11 +00:00			`describe 'GET /groups/:id/deploy_tokens' do`
			`subject do`
			`get api("/groups/#{group.id}/deploy_tokens", user)`
			`response`
			`end`

			`context 'when unauthenticated' do`
			`let(:user) { nil }`

			`it { is_expected.to have_gitlab_http_status(:forbidden) }`
			`end`

			`context 'when authenticated as non-admin user' do`
			`before do`
			`group.add_developer(user)`
			`end`

			`it { is_expected.to have_gitlab_http_status(:forbidden) }`
			`end`

			`context 'when authenticated as maintainer' do`
			`let!(:other_deploy_token) { create(:deploy_token, :group) }`

			`before do`
			`group.add_maintainer(user)`
			`end`

			`it_behaves_like 'with feature flag disabled'`

			`it { is_expected.to have_gitlab_http_status(:ok) }`

			`it 'returns all deploy tokens for the group' do`
			`subject`

			`expect(response).to include_pagination_headers`
			`expect(response).to match_response_schema('public_api/v4/deploy_tokens')`
			`end`

			`it 'does not return deploy tokens for other groups' do`
			`subject`

			`token_ids = json_response.map { \|token\| token['id'] }`
			`expect(token_ids).not_to include(other_deploy_token.id)`
			`end`
			`end`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-03-12 12:09:17 +00:00			`describe 'DELETE /projects/:id/deploy_tokens/:token_id' do`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00			`subject do`
Add latest changes from gitlab-org/gitlab@master 2020-03-12 12:09:17 +00:00			`delete api("/projects/#{project.id}/deploy_tokens/#{deploy_token.id}", user)`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00			`response`
			`end`

			`context 'when unauthenticated' do`
			`let(:user) { nil }`

Add latest changes from gitlab-org/gitlab@master 2020-03-12 12:09:17 +00:00			`it { is_expected.to have_gitlab_http_status(:not_found) }`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00			`end`

			`context 'when authenticated as non-admin user' do`
			`before do`
Add latest changes from gitlab-org/gitlab@master 2020-03-12 12:09:17 +00:00			`project.add_developer(user)`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00			`end`

			`it { is_expected.to have_gitlab_http_status(:forbidden) }`
			`end`

			`context 'when authenticated as maintainer' do`
			`before do`
Add latest changes from gitlab-org/gitlab@master 2020-03-12 12:09:17 +00:00			`project.add_maintainer(user)`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00			`end`

Add latest changes from gitlab-org/gitlab@master 2020-03-12 12:09:17 +00:00			`it { is_expected.to have_gitlab_http_status(:no_content) }`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-12 12:09:17 +00:00			`it 'deletes the deploy token' do`
			`expect { subject }.to change { project.deploy_tokens.count }.by(-1)`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00			`end`

			`context 'invalid request' do`
Add latest changes from gitlab-org/gitlab@master 2020-03-11 06:10:11 +00:00			`it 'returns not found with invalid group id' do`
Add latest changes from gitlab-org/gitlab@master 2020-03-12 12:09:17 +00:00			`delete api("/projects/bad_id/deploy_tokens/#{group_deploy_token.id}", user)`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 06:10:11 +00:00			`expect(response).to have_gitlab_http_status(:not_found)`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00			`end`

Add latest changes from gitlab-org/gitlab@master 2020-03-12 12:09:17 +00:00			`it 'returns bad_request with invalid token id' do`
			`delete api("/projects/#{project.id}/deploy_tokens/123abc", user)`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-12 12:09:17 +00:00			`expect(response).to have_gitlab_http_status(:bad_request)`
Add latest changes from gitlab-org/gitlab@master 2020-03-09 00:08:14 +00:00			`end`
			`end`
			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 21:09:19 +00:00			`context 'deploy token creation' do`
			`shared_examples 'creating a deploy token' do \|entity, unauthenticated_response\|`
			`let(:params) do`
			`{`
			`name: 'Foo',`
			`expires_at: 1.year.from_now,`
			`scopes: [`
			`'read_repository'`
			`],`
			`username: 'Bar'`
			`}`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 21:09:19 +00:00			`context 'when unauthenticated' do`
			`let(:user) { nil }`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 21:09:19 +00:00			`it { is_expected.to have_gitlab_http_status(unauthenticated_response) }`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 21:09:19 +00:00			`context 'when authenticated as non-admin user' do`
			`before do`
			`send(entity).add_developer(user)`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 21:09:19 +00:00			`it { is_expected.to have_gitlab_http_status(:forbidden) }`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00			`end`

Add latest changes from gitlab-org/gitlab@master 2020-03-11 21:09:19 +00:00			`context 'when authenticated as maintainer' do`
			`before do`
			`send(entity).add_maintainer(user)`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 21:09:19 +00:00			`it 'creates the deploy token' do`
			`expect { subject }.to change { DeployToken.count }.by(1)`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 21:09:19 +00:00			`expect(response).to have_gitlab_http_status(:created)`
			`expect(response).to match_response_schema('public_api/v4/deploy_token')`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-26 18:08:03 +00:00
			`context 'with no optional params given' do`
			`let(:params) do`
			`{`
			`name: 'Foo',`
			`scopes: [`
			`'read_repository'`
			`]`
			`}`
			`end`

			`it 'creates the deploy token with default values' do`
			`subject`

			`expect(response).to have_gitlab_http_status(:created)`
			`expect(json_response['username']).to match(/gitlab\+deploy-token-\d+/)`
			`expect(json_response['expires_at']).to eq(nil)`
			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 21:09:19 +00:00			`context 'with an invalid scope' do`
			`before do`
			`params[:scopes] = %w[read_repository all_access]`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 21:09:19 +00:00			`it { is_expected.to have_gitlab_http_status(:bad_request) }`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-11 21:09:19 +00:00			`end`
			`end`

			`describe 'POST /projects/:id/deploy_tokens' do`
			`subject do`
			`post api("/projects/#{project.id}/deploy_tokens", user), params: params`
			`response`
			`end`

			`it_behaves_like 'creating a deploy token', :project, :not_found`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-03-11 21:09:19 +00:00			`describe 'POST /groups/:id/deploy_tokens' do`
			`subject do`
			`post api("/groups/#{group.id}/deploy_tokens", user), params: params`
			`response`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-11 21:09:19 +00:00
			`it_behaves_like 'creating a deploy token', :group, :forbidden`
Add latest changes from gitlab-org/gitlab@master 2020-03-10 09:08:10 +00:00			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-12 12:09:17 +00:00
			`describe 'DELETE /groups/:id/deploy_tokens/:token_id' do`
			`subject do`
			`delete api("/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}", user)`
			`response`
			`end`

			`context 'when unauthenticated' do`
			`let(:user) { nil }`

			`it { is_expected.to have_gitlab_http_status(:forbidden) }`
			`end`

			`context 'when authenticated as non-admin user' do`
			`before do`
			`group.add_developer(user)`
			`end`

			`it { is_expected.to have_gitlab_http_status(:forbidden) }`
			`end`

			`context 'when authenticated as maintainer' do`
			`before do`
			`group.add_maintainer(user)`
			`end`

			`it 'deletes the deploy token' do`
			`expect { subject }.to change { group.deploy_tokens.count }.by(-1)`

			`expect(group.deploy_tokens).to be_empty`
			`end`

			`context 'invalid request' do`
			`it 'returns bad request with invalid group id' do`
			`delete api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user)`

			`expect(response).to have_gitlab_http_status(:not_found)`
			`end`

			`it 'returns not found with invalid deploy token id' do`
			`delete api("/groups/#{group.id}/deploy_tokens/bad_id", user)`

			`expect(response).to have_gitlab_http_status(:not_found)`
			`end`
			`end`
			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-02-20 03:08:57 +00:00			`end`