2019-07-25 05:24:42 +00:00
# frozen_string_literal: true
2016-04-20 06:28:48 +00:00
require 'spec_helper'
2020-06-16 18:09:01 +00:00
RSpec . describe 'Profile > Personal Access Tokens' , :js do
2016-04-20 06:28:48 +00:00
let ( :user ) { create ( :user ) }
2020-11-09 12:09:24 +00:00
let ( :pat_create_service ) { double ( 'PersonalAccessTokens::CreateService' , execute : ServiceResponse . error ( message : 'error' , payload : { personal_access_token : PersonalAccessToken . new } ) ) }
2016-04-20 06:28:48 +00:00
2016-06-02 02:57:47 +00:00
def active_personal_access_tokens
2017-03-01 16:59:03 +00:00
find ( " .table.active-tokens " )
2016-06-02 02:57:47 +00:00
end
2017-07-14 09:36:47 +00:00
def no_personal_access_tokens_message
find ( " .settings-message " )
2016-06-02 02:57:47 +00:00
end
def created_personal_access_token
2016-06-10 03:19:05 +00:00
find ( " # created-personal-access-token " ) . value
2016-06-02 02:57:47 +00:00
end
2021-06-11 03:10:14 +00:00
def feed_token_description
" Your feed token authenticates you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar. It is visible in those feed URLs. "
end
2016-06-03 04:23:49 +00:00
def disallow_personal_access_token_saves!
2020-11-09 12:09:24 +00:00
allow ( PersonalAccessTokens :: CreateService ) . to receive ( :new ) . and_return ( pat_create_service )
2017-06-06 11:18:01 +00:00
2016-06-03 04:23:49 +00:00
errors = ActiveModel :: Errors . new ( PersonalAccessToken . new ) . tap { | e | e . add ( :name , " cannot be nil " ) }
allow_any_instance_of ( PersonalAccessToken ) . to receive ( :errors ) . and_return ( errors )
end
2016-04-20 06:28:48 +00:00
before do
2021-11-11 12:10:41 +00:00
stub_feature_flags ( bootstrap_confirmation_modals : false )
2017-06-21 23:44:10 +00:00
sign_in ( user )
2016-04-20 06:28:48 +00:00
end
describe " token creation " do
2017-03-01 16:59:03 +00:00
it " allows creation of a personal access token " do
2017-03-23 13:08:39 +00:00
name = 'My PAT'
2016-04-20 06:28:48 +00:00
2016-06-02 02:57:47 +00:00
visit profile_personal_access_tokens_path
2021-06-17 12:10:02 +00:00
fill_in " Token name " , with : name
2016-04-25 09:00:59 +00:00
# Set date to 1st of next month
2021-06-17 12:10:02 +00:00
find_field ( " Expiration date " ) . click
2017-01-06 14:43:21 +00:00
find ( " .pika-next " ) . click
2016-04-25 09:00:59 +00:00
click_on " 1 "
2016-11-28 07:43:53 +00:00
# Scopes
check " api "
check " read_user "
2016-11-22 08:57:31 +00:00
2017-04-03 23:10:06 +00:00
click_on " Create personal access token "
2018-11-08 15:03:56 +00:00
2016-11-28 07:43:53 +00:00
expect ( active_personal_access_tokens ) . to have_text ( name )
2021-09-15 18:11:29 +00:00
expect ( active_personal_access_tokens ) . to have_text ( 'in' )
2016-11-28 07:43:53 +00:00
expect ( active_personal_access_tokens ) . to have_text ( 'api' )
expect ( active_personal_access_tokens ) . to have_text ( 'read_user' )
2018-11-08 15:03:56 +00:00
expect ( created_personal_access_token ) . not_to be_empty
2016-11-22 08:57:31 +00:00
end
2016-06-03 04:23:49 +00:00
context " when creation fails " do
it " displays an error message " do
disallow_personal_access_token_saves!
visit profile_personal_access_tokens_path
2021-06-17 12:10:02 +00:00
fill_in " Token name " , with : 'My PAT'
2016-06-03 04:23:49 +00:00
2017-04-03 23:10:06 +00:00
expect { click_on " Create personal access token " } . not_to change { PersonalAccessToken . count }
2016-06-03 04:23:49 +00:00
expect ( page ) . to have_content ( " Name cannot be nil " )
2018-11-08 15:03:56 +00:00
expect ( page ) . not_to have_selector ( " # created-personal-access-token " )
2016-06-03 04:23:49 +00:00
end
end
2016-04-20 06:28:48 +00:00
end
2017-02-23 17:47:06 +00:00
describe 'active tokens' do
2017-03-01 16:59:03 +00:00
let! ( :impersonation_token ) { create ( :personal_access_token , :impersonation , user : user ) }
2017-02-23 17:47:06 +00:00
let! ( :personal_access_token ) { create ( :personal_access_token , user : user ) }
2017-03-01 16:59:03 +00:00
it 'only shows personal access tokens' do
2017-02-23 17:47:06 +00:00
visit profile_personal_access_tokens_path
expect ( active_personal_access_tokens ) . to have_text ( personal_access_token . name )
expect ( active_personal_access_tokens ) . not_to have_text ( impersonation_token . name )
end
2021-09-15 18:11:29 +00:00
context 'when User#time_display_relative is false' do
before do
user . update! ( time_display_relative : false )
end
it 'shows absolute times for expires_at' do
visit profile_personal_access_tokens_path
2021-09-26 21:10:02 +00:00
expect ( active_personal_access_tokens ) . to have_text ( PersonalAccessToken . last . expires_at . strftime ( '%b %-d' ) )
2021-09-15 18:11:29 +00:00
end
end
2017-02-23 17:47:06 +00:00
end
2016-04-20 06:28:48 +00:00
describe " inactive tokens " do
2016-06-03 04:23:49 +00:00
let! ( :personal_access_token ) { create ( :personal_access_token , user : user ) }
2016-04-20 06:28:48 +00:00
it " allows revocation of an active token " do
visit profile_personal_access_tokens_path
2017-10-30 16:17:31 +00:00
accept_confirm { click_on " Revoke " }
2016-04-20 06:28:48 +00:00
2017-07-14 09:36:47 +00:00
expect ( page ) . to have_selector ( " .settings-message " )
2020-05-15 09:07:59 +00:00
expect ( no_personal_access_tokens_message ) . to have_text ( " This user has no active personal access tokens. " )
2016-04-20 06:28:48 +00:00
end
2017-07-14 09:36:47 +00:00
it " removes expired tokens from 'active' section " do
2021-03-31 12:08:55 +00:00
personal_access_token . update! ( expires_at : 5 . days . ago )
2016-04-20 06:28:48 +00:00
visit profile_personal_access_tokens_path
2017-07-14 09:36:47 +00:00
expect ( page ) . to have_selector ( " .settings-message " )
2020-05-15 09:07:59 +00:00
expect ( no_personal_access_tokens_message ) . to have_text ( " This user has no active personal access tokens. " )
2016-04-20 06:28:48 +00:00
end
2016-06-03 04:23:49 +00:00
context " when revocation fails " do
it " displays an error message " do
visit profile_personal_access_tokens_path
2020-11-09 12:09:24 +00:00
allow_next_instance_of ( PersonalAccessTokens :: RevokeService ) do | instance |
allow ( instance ) . to receive ( :revocation_permitted? ) . and_return ( false )
end
2016-06-03 04:23:49 +00:00
2017-10-30 16:17:31 +00:00
accept_confirm { click_on " Revoke " }
2016-06-03 04:23:49 +00:00
expect ( active_personal_access_tokens ) . to have_text ( personal_access_token . name )
2020-08-07 15:10:17 +00:00
expect ( page ) . to have_content ( " Not permitted to revoke " )
2016-06-03 04:23:49 +00:00
end
end
2016-04-20 06:28:48 +00:00
end
2020-12-17 00:09:53 +00:00
describe " feed token " do
context " when enabled " do
2022-01-17 15:16:12 +00:00
it " displays feed token " do
2020-12-17 00:09:53 +00:00
allow ( Gitlab :: CurrentSettings ) . to receive ( :disable_feed_token ) . and_return ( false )
visit profile_personal_access_tokens_path
2021-12-16 00:15:50 +00:00
within ( '[data-testid="feed-token-container"]' ) do
click_button ( 'Click to reveal' )
expect ( page ) . to have_field ( 'Feed token' , with : user . feed_token )
expect ( page ) . to have_content ( feed_token_description )
end
end
2020-12-17 00:09:53 +00:00
end
context " when disabled " do
it " does not display feed token " do
allow ( Gitlab :: CurrentSettings ) . to receive ( :disable_feed_token ) . and_return ( true )
visit profile_personal_access_tokens_path
2021-12-16 00:15:50 +00:00
expect ( page ) . not_to have_content ( feed_token_description )
expect ( page ) . not_to have_field ( 'Feed token' )
2020-12-17 00:09:53 +00:00
end
end
end
2021-02-25 03:10:50 +00:00
it 'pushes `personal_access_tokens_scoped_to_projects` feature flag to the frontend' do
visit profile_personal_access_tokens_path
expect ( page ) . to have_pushed_frontend_feature_flags ( personalAccessTokensScopedToProjects : true )
end
2021-06-30 12:07:58 +00:00
it " prefills token details " do
name = 'My PAT'
scopes = 'api,read_user'
visit profile_personal_access_tokens_path ( { name : name , scopes : scopes } )
expect ( page ) . to have_field ( " Token name " , with : name )
expect ( find ( " # personal_access_token_scopes_api " ) ) . to be_checked
expect ( find ( " # personal_access_token_scopes_read_user " ) ) . to be_checked
end
2016-04-20 06:28:48 +00:00
end