Commit graph

6 commits

Author SHA1 Message Date
Jacopo
2f40dac352 Refactor have_http_status into have_gitlab_http_status in the specs 2017-10-20 10:13:18 +02:00
Douwe Maan
025c6eeaa1 Move all API authentication code to APIGuard 2017-10-12 11:13:37 +02:00
Robin Bobbitt
62ef67acc3 Hide read_registry scope when registry is disabled on instance 2017-08-21 18:13:32 -04:00
Timothy Andrew
1b8223dd51 Fix remaining spec failures for !12300.
1. Get the spec for `lib/gitlab/auth.rb` passing.

  - Make the `request` argument to `AccessTokenValidationService` optional -
  `auth.rb` doesn't need to pass in a request.

  - Pass in scopes in the format `[{ name: 'api' }]` rather than `['api']`, which
  is what `AccessTokenValidationService` now expects.

2. Get the spec for `API::V3::Users` passing

2. Get the spec for `AccessTokenValidationService` passing
2017-06-28 07:17:13 +00:00
Timothy Andrew
0ff1d16192 Test OAuth token scope verification in the API::Users endpoint 2017-06-28 07:17:13 +00:00
Timothy Andrew
157c05f49d Test /users endpoints for the read_user scope.
- Test `GET` endpoints to check that the scope is allowed.
- Test `POST` endpoints to check that the scope is disallowed.
- Test both `v3` and `v4` endpoints.
2017-06-28 07:17:13 +00:00