2019-07-25 01:24:42 -04:00
# frozen_string_literal: true
2016-04-20 02:28:48 -04:00
require 'spec_helper'
2020-06-16 14:09:01 -04:00
RSpec . describe 'Profile > Personal Access Tokens' , :js do
2016-04-20 02:28:48 -04:00
let ( :user ) { create ( :user ) }
2020-11-09 07:09:24 -05:00
let ( :pat_create_service ) { double ( 'PersonalAccessTokens::CreateService' , execute : ServiceResponse . error ( message : 'error' , payload : { personal_access_token : PersonalAccessToken . new } ) ) }
2016-04-20 02:28:48 -04:00
2016-06-01 22:57:47 -04:00
def active_personal_access_tokens
2017-03-01 11:59:03 -05:00
find ( " .table.active-tokens " )
2016-06-01 22:57:47 -04:00
end
2017-07-14 05:36:47 -04:00
def no_personal_access_tokens_message
find ( " .settings-message " )
2016-06-01 22:57:47 -04:00
end
def created_personal_access_token
2016-06-09 23:19:05 -04:00
find ( " # created-personal-access-token " ) . value
2016-06-01 22:57:47 -04:00
end
2020-12-16 19:09:53 -05:00
def feed_token
find ( " # feed_token " ) . value
end
2021-06-10 23:10:14 -04:00
def feed_token_description
" Your feed token authenticates you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar. It is visible in those feed URLs. "
end
2016-06-03 00:23:49 -04:00
def disallow_personal_access_token_saves!
2020-11-09 07:09:24 -05:00
allow ( PersonalAccessTokens :: CreateService ) . to receive ( :new ) . and_return ( pat_create_service )
2017-06-06 07:18:01 -04:00
2016-06-03 00:23:49 -04:00
errors = ActiveModel :: Errors . new ( PersonalAccessToken . new ) . tap { | e | e . add ( :name , " cannot be nil " ) }
allow_any_instance_of ( PersonalAccessToken ) . to receive ( :errors ) . and_return ( errors )
end
2016-04-20 02:28:48 -04:00
before do
2017-06-21 19:44:10 -04:00
sign_in ( user )
2016-04-20 02:28:48 -04:00
end
describe " token creation " do
2017-03-01 11:59:03 -05:00
it " allows creation of a personal access token " do
2017-03-23 09:08:39 -04:00
name = 'My PAT'
2016-04-20 02:28:48 -04:00
2016-06-01 22:57:47 -04:00
visit profile_personal_access_tokens_path
2021-06-17 08:10:02 -04:00
fill_in " Token name " , with : name
2016-04-25 05:00:59 -04:00
# Set date to 1st of next month
2021-06-17 08:10:02 -04:00
find_field ( " Expiration date " ) . click
2017-01-06 09:43:21 -05:00
find ( " .pika-next " ) . click
2016-04-25 05:00:59 -04:00
click_on " 1 "
2016-11-28 02:43:53 -05:00
# Scopes
check " api "
check " read_user "
2016-11-22 03:57:31 -05:00
2017-04-03 19:10:06 -04:00
click_on " Create personal access token "
2018-11-08 10:03:56 -05:00
2016-11-28 02:43:53 -05:00
expect ( active_personal_access_tokens ) . to have_text ( name )
2017-01-01 09:34:53 -05:00
expect ( active_personal_access_tokens ) . to have_text ( 'In' )
2016-11-28 02:43:53 -05:00
expect ( active_personal_access_tokens ) . to have_text ( 'api' )
expect ( active_personal_access_tokens ) . to have_text ( 'read_user' )
2018-11-08 10:03:56 -05:00
expect ( created_personal_access_token ) . not_to be_empty
2016-11-22 03:57:31 -05:00
end
2016-06-03 00:23:49 -04:00
context " when creation fails " do
it " displays an error message " do
disallow_personal_access_token_saves!
visit profile_personal_access_tokens_path
2021-06-17 08:10:02 -04:00
fill_in " Token name " , with : 'My PAT'
2016-06-03 00:23:49 -04:00
2017-04-03 19:10:06 -04:00
expect { click_on " Create personal access token " } . not_to change { PersonalAccessToken . count }
2016-06-03 00:23:49 -04:00
expect ( page ) . to have_content ( " Name cannot be nil " )
2018-11-08 10:03:56 -05:00
expect ( page ) . not_to have_selector ( " # created-personal-access-token " )
2016-06-03 00:23:49 -04:00
end
end
2016-04-20 02:28:48 -04:00
end
2017-02-23 12:47:06 -05:00
describe 'active tokens' do
2017-03-01 11:59:03 -05:00
let! ( :impersonation_token ) { create ( :personal_access_token , :impersonation , user : user ) }
2017-02-23 12:47:06 -05:00
let! ( :personal_access_token ) { create ( :personal_access_token , user : user ) }
2017-03-01 11:59:03 -05:00
it 'only shows personal access tokens' do
2017-02-23 12:47:06 -05:00
visit profile_personal_access_tokens_path
expect ( active_personal_access_tokens ) . to have_text ( personal_access_token . name )
expect ( active_personal_access_tokens ) . not_to have_text ( impersonation_token . name )
end
end
2016-04-20 02:28:48 -04:00
describe " inactive tokens " do
2016-06-03 00:23:49 -04:00
let! ( :personal_access_token ) { create ( :personal_access_token , user : user ) }
2016-04-20 02:28:48 -04:00
it " allows revocation of an active token " do
visit profile_personal_access_tokens_path
2017-10-30 12:17:31 -04:00
accept_confirm { click_on " Revoke " }
2016-04-20 02:28:48 -04:00
2017-07-14 05:36:47 -04:00
expect ( page ) . to have_selector ( " .settings-message " )
2020-05-15 05:07:59 -04:00
expect ( no_personal_access_tokens_message ) . to have_text ( " This user has no active personal access tokens. " )
2016-04-20 02:28:48 -04:00
end
2017-07-14 05:36:47 -04:00
it " removes expired tokens from 'active' section " do
2021-03-31 08:08:55 -04:00
personal_access_token . update! ( expires_at : 5 . days . ago )
2016-04-20 02:28:48 -04:00
visit profile_personal_access_tokens_path
2017-07-14 05:36:47 -04:00
expect ( page ) . to have_selector ( " .settings-message " )
2020-05-15 05:07:59 -04:00
expect ( no_personal_access_tokens_message ) . to have_text ( " This user has no active personal access tokens. " )
2016-04-20 02:28:48 -04:00
end
2016-06-03 00:23:49 -04:00
context " when revocation fails " do
it " displays an error message " do
visit profile_personal_access_tokens_path
2020-11-09 07:09:24 -05:00
allow_next_instance_of ( PersonalAccessTokens :: RevokeService ) do | instance |
allow ( instance ) . to receive ( :revocation_permitted? ) . and_return ( false )
end
2016-06-03 00:23:49 -04:00
2017-10-30 12:17:31 -04:00
accept_confirm { click_on " Revoke " }
2016-06-03 00:23:49 -04:00
expect ( active_personal_access_tokens ) . to have_text ( personal_access_token . name )
2020-08-07 11:10:17 -04:00
expect ( page ) . to have_content ( " Not permitted to revoke " )
2016-06-03 00:23:49 -04:00
end
end
2016-04-20 02:28:48 -04:00
end
2020-12-16 19:09:53 -05:00
describe " feed token " do
context " when enabled " do
it " displays feed token " do
allow ( Gitlab :: CurrentSettings ) . to receive ( :disable_feed_token ) . and_return ( false )
visit profile_personal_access_tokens_path
expect ( feed_token ) . to eq ( user . feed_token )
2021-06-10 23:10:14 -04:00
expect ( page ) . to have_content ( feed_token_description )
2020-12-16 19:09:53 -05:00
end
end
context " when disabled " do
it " does not display feed token " do
allow ( Gitlab :: CurrentSettings ) . to receive ( :disable_feed_token ) . and_return ( true )
visit profile_personal_access_tokens_path
2021-06-10 23:10:14 -04:00
expect ( page ) . to have_no_content ( feed_token_description )
expect ( page ) . to have_no_css ( " # feed_token " )
2020-12-16 19:09:53 -05:00
end
end
end
2021-02-24 22:10:50 -05:00
it 'pushes `personal_access_tokens_scoped_to_projects` feature flag to the frontend' do
visit profile_personal_access_tokens_path
expect ( page ) . to have_pushed_frontend_feature_flags ( personalAccessTokensScopedToProjects : true )
end
2016-04-20 02:28:48 -04:00
end