gitlab-org--gitlab-foss/spec/controllers/projects/settings/access_tokens_controller_spec.rb

# frozen_string_literal: true

require('spec_helper')

RSpec.describe Projects::Settings::AccessTokensController do
  let_it_be(:user) { create(:user) }
  let_it_be(:project) { create(:project) }

  before_all do
    project.add_maintainer(user)
  end

  before do
    sign_in(user)
  end

  shared_examples 'feature unavailable' do
    let_it_be(:project) { create(:project) }

    before do
      allow(Gitlab).to receive(:com?).and_return(false)
      project.add_developer(user)
    end

    it { is_expected.to have_gitlab_http_status(:not_found) }
  end

  describe '#index' do
    subject { get :index, params: { namespace_id: project.namespace, project_id: project } }

    it_behaves_like 'feature unavailable'

    context 'when feature is available' do
      let_it_be(:bot_user) { create(:user, :project_bot) }
      let_it_be(:active_project_access_token) { create(:personal_access_token, user: bot_user) }
      let_it_be(:inactive_project_access_token) { create(:personal_access_token, :revoked, user: bot_user) }

      before_all do
        project.add_maintainer(bot_user)
      end

      before do
        enable_feature
      end

      it 'retrieves active project access tokens' do
        subject

        expect(assigns(:active_project_access_tokens)).to contain_exactly(active_project_access_token)
      end

      it 'retrieves inactive project access tokens' do
        subject

        expect(assigns(:inactive_project_access_tokens)).to contain_exactly(inactive_project_access_token)
      end

      it 'lists all available scopes' do
        subject

        expect(assigns(:scopes)).to eq(Gitlab::Auth.resource_bot_scopes)
      end

      it 'retrieves newly created personal access token value' do
        token_value = 'random-value'
        allow(PersonalAccessToken).to receive(:redis_getdel).with("#{user.id}:#{project.id}").and_return(token_value)

        subject

        expect(assigns(:new_project_access_token)).to eq(token_value)
      end
    end
  end

  describe '#create', :clean_gitlab_redis_shared_state do
    subject { post :create, params: { namespace_id: project.namespace, project_id: project }.merge(project_access_token: access_token_params) }

    let_it_be(:access_token_params) { {} }

    it_behaves_like 'feature unavailable'

    context 'when feature is available' do
      let_it_be(:access_token_params) { { name: 'Nerd bot', scopes: ["api"], expires_at: 1.month.since.to_date } }

      before do
        enable_feature
      end

      def created_token
        PersonalAccessToken.order(:created_at).last
      end

      it 'returns success message' do
        subject

        expect(response.flash[:notice]).to match(/\AYour new project access token has been created./i)
      end

      it 'creates project access token' do
        subject

        expect(created_token.name).to eq(access_token_params[:name])
        expect(created_token.scopes).to eq(access_token_params[:scopes])
        expect(created_token.expires_at).to eq(access_token_params[:expires_at])
      end

      it 'creates project bot user' do
        subject

        expect(created_token.user).to be_project_bot
      end

      it 'stores newly created token redis store' do
        expect(PersonalAccessToken).to receive(:redis_store!)

        subject
      end

      it { expect { subject }.to change { User.count }.by(1) }
      it { expect { subject }.to change { PersonalAccessToken.count }.by(1) }

      context 'when unsuccessful' do
        before do
          allow_next_instance_of(ResourceAccessTokens::CreateService) do |service|
            allow(service).to receive(:execute).and_return ServiceResponse.error(message: 'Failed!')
          end
        end

        it { expect(subject).to render_template(:index) }
      end
    end
  end

  describe '#revoke' do
    subject { put :revoke, params: { namespace_id: project.namespace, project_id: project, id: project_access_token } }

    let_it_be(:bot_user) { create(:user, :project_bot) }
    let_it_be(:project_access_token) { create(:personal_access_token, user: bot_user) }

    before_all do
      project.add_maintainer(bot_user)
    end

    it_behaves_like 'feature unavailable'

    context 'when feature is available', :sidekiq_inline do
      before do
        enable_feature
      end

      it 'calls delete user worker' do
        expect(DeleteUserWorker).to receive(:perform_async).with(user.id, bot_user.id, skip_authorization: true)

        subject
      end

      it 'removed membership of bot user' do
        subject

        expect(project.reload.bots).not_to include(bot_user)
      end

      it 'converts issuables of the bot user to ghost user' do
        issue = create(:issue, author: bot_user)

        subject

        expect(issue.reload.author.ghost?).to be true
      end

      it 'deletes project bot user' do
        subject

        expect(User.exists?(bot_user.id)).to be_falsy
      end
    end
  end

  def enable_feature
    allow(Gitlab).to receive(:com?).and_return(false)
  end
end
Add latest changes from gitlab-org/gitlab@master 2020-05-05 17:09:42 -04:00			`# frozen_string_literal: true`

			`require('spec_helper')`

Add latest changes from gitlab-org/gitlab@master 2020-06-03 14:08:28 -04:00			`RSpec.describe Projects::Settings::AccessTokensController do`
Add latest changes from gitlab-org/gitlab@master 2020-05-05 17:09:42 -04:00			`let_it_be(:user) { create(:user) }`
			`let_it_be(:project) { create(:project) }`

			`before_all do`
			`project.add_maintainer(user)`
			`end`

			`before do`
			`sign_in(user)`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-09-30 14:09:52 -04:00			`shared_examples 'feature unavailable' do`
			`let_it_be(:project) { create(:project) }`
Add latest changes from gitlab-org/gitlab@master 2020-05-05 17:09:42 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-09-30 14:09:52 -04:00			`before do`
			`allow(Gitlab).to receive(:com?).and_return(false)`
			`project.add_developer(user)`
Add latest changes from gitlab-org/gitlab@master 2020-05-05 17:09:42 -04:00			`end`

Add latest changes from gitlab-org/gitlab@master 2020-09-30 14:09:52 -04:00			`it { is_expected.to have_gitlab_http_status(:not_found) }`
Add latest changes from gitlab-org/gitlab@master 2020-05-05 17:09:42 -04:00			`end`

			`describe '#index' do`
			`subject { get :index, params: { namespace_id: project.namespace, project_id: project } }`

Add latest changes from gitlab-org/gitlab@master 2020-09-30 14:09:52 -04:00			`it_behaves_like 'feature unavailable'`
Add latest changes from gitlab-org/gitlab@master 2020-05-05 17:09:42 -04:00
			`context 'when feature is available' do`
			`let_it_be(:bot_user) { create(:user, :project_bot) }`
			`let_it_be(:active_project_access_token) { create(:personal_access_token, user: bot_user) }`
			`let_it_be(:inactive_project_access_token) { create(:personal_access_token, :revoked, user: bot_user) }`

			`before_all do`
			`project.add_maintainer(bot_user)`
			`end`

			`before do`
			`enable_feature`
			`end`

			`it 'retrieves active project access tokens' do`
			`subject`

			`expect(assigns(:active_project_access_tokens)).to contain_exactly(active_project_access_token)`
			`end`

			`it 'retrieves inactive project access tokens' do`
			`subject`

			`expect(assigns(:inactive_project_access_tokens)).to contain_exactly(inactive_project_access_token)`
			`end`

			`it 'lists all available scopes' do`
			`subject`

			`expect(assigns(:scopes)).to eq(Gitlab::Auth.resource_bot_scopes)`
			`end`

			`it 'retrieves newly created personal access token value' do`
			`token_value = 'random-value'`
			`allow(PersonalAccessToken).to receive(:redis_getdel).with("#{user.id}:#{project.id}").and_return(token_value)`

			`subject`

			`expect(assigns(:new_project_access_token)).to eq(token_value)`
			`end`
			`end`
			`end`

			`describe '#create', :clean_gitlab_redis_shared_state do`
			`subject { post :create, params: { namespace_id: project.namespace, project_id: project }.merge(project_access_token: access_token_params) }`

			`let_it_be(:access_token_params) { {} }`

Add latest changes from gitlab-org/gitlab@master 2020-09-30 14:09:52 -04:00			`it_behaves_like 'feature unavailable'`
Add latest changes from gitlab-org/gitlab@master 2020-05-05 17:09:42 -04:00
			`context 'when feature is available' do`
			`let_it_be(:access_token_params) { { name: 'Nerd bot', scopes: ["api"], expires_at: 1.month.since.to_date } }`

			`before do`
			`enable_feature`
			`end`

			`def created_token`
			`PersonalAccessToken.order(:created_at).last`
			`end`

			`it 'returns success message' do`
			`subject`

			`expect(response.flash[:notice]).to match(/\AYour new project access token has been created./i)`
			`end`

			`it 'creates project access token' do`
			`subject`

			`expect(created_token.name).to eq(access_token_params[:name])`
			`expect(created_token.scopes).to eq(access_token_params[:scopes])`
			`expect(created_token.expires_at).to eq(access_token_params[:expires_at])`
			`end`

			`it 'creates project bot user' do`
			`subject`

			`expect(created_token.user).to be_project_bot`
			`end`

			`it 'stores newly created token redis store' do`
			`expect(PersonalAccessToken).to receive(:redis_store!)`

			`subject`
			`end`

			`it { expect { subject }.to change { User.count }.by(1) }`
			`it { expect { subject }.to change { PersonalAccessToken.count }.by(1) }`

			`context 'when unsuccessful' do`
			`before do`
			`allow_next_instance_of(ResourceAccessTokens::CreateService) do \|service\|`
			`allow(service).to receive(:execute).and_return ServiceResponse.error(message: 'Failed!')`
			`end`
			`end`

			`it { expect(subject).to render_template(:index) }`
			`end`
			`end`
			`end`

			`describe '#revoke' do`
			`subject { put :revoke, params: { namespace_id: project.namespace, project_id: project, id: project_access_token } }`

			`let_it_be(:bot_user) { create(:user, :project_bot) }`
			`let_it_be(:project_access_token) { create(:personal_access_token, user: bot_user) }`

			`before_all do`
			`project.add_maintainer(bot_user)`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-09-30 14:09:52 -04:00			`it_behaves_like 'feature unavailable'`
Add latest changes from gitlab-org/gitlab@master 2020-05-05 17:09:42 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-10-05 11:08:56 -04:00			`context 'when feature is available', :sidekiq_inline do`
Add latest changes from gitlab-org/gitlab@master 2020-05-05 17:09:42 -04:00			`before do`
			`enable_feature`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-10-05 11:08:56 -04:00			`it 'calls delete user worker' do`
			`expect(DeleteUserWorker).to receive(:perform_async).with(user.id, bot_user.id, skip_authorization: true)`
Add latest changes from gitlab-org/gitlab@master 2020-05-05 17:09:42 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-10-05 11:08:56 -04:00			`subject`
Add latest changes from gitlab-org/gitlab@master 2020-05-05 17:09:42 -04:00			`end`

			`it 'removed membership of bot user' do`
			`subject`

			`expect(project.reload.bots).not_to include(bot_user)`
			`end`

			`it 'converts issuables of the bot user to ghost user' do`
			`issue = create(:issue, author: bot_user)`

			`subject`

			`expect(issue.reload.author.ghost?).to be true`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-10-05 11:08:56 -04:00
			`it 'deletes project bot user' do`
			`subject`

			`expect(User.exists?(bot_user.id)).to be_falsy`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-05-05 17:09:42 -04:00			`end`
			`end`

			`def enable_feature`
			`allow(Gitlab).to receive(:com?).and_return(false)`
			`end`
			`end`