gitlab-org--gitlab-foss/spec/finders/personal_access_tokens_finder_spec.rb

362 lines
12 KiB
Ruby

# frozen_string_literal: true
require 'spec_helper'
RSpec.describe PersonalAccessTokensFinder do
def finder(options = {}, current_user = nil)
described_class.new(options, current_user)
end
describe '# searches PATs' do
using RSpec::Parameterized::TableSyntax
let_it_be(:time_token) do
create(:personal_access_token, created_at: DateTime.new(2022, 01, 02),
last_used_at: DateTime.new(2022, 01, 02))
end
let_it_be(:name_token) { create(:personal_access_token, name: 'test_1') }
let_it_be(:impersonated_token) do
create(:personal_access_token, :impersonation,
created_at: DateTime.new(2022, 01, 02),
last_used_at: DateTime.new(2022, 01, 02),
name: 'imp_token'
)
end
shared_examples 'finding tokens by user and options' do
subject { finder(option, user).execute }
it 'finds exactly' do
subject
is_expected.to contain_exactly(*result)
end
end
context 'by' do
where(:option, :user, :result) do
{ created_before: DateTime.new(2022, 01, 03) } | create(:admin) | lazy { [time_token, impersonated_token] }
{ created_after: DateTime.new(2022, 01, 01) } | create(:admin) | lazy { [time_token, name_token, impersonated_token] }
{ last_used_before: DateTime.new(2022, 01, 03) } | create(:admin) | lazy { [time_token, impersonated_token] }
{ last_used_before: DateTime.new(2022, 01, 03) } | create(:admin) | lazy { [time_token, impersonated_token] }
{ impersonation: true } | create(:admin) | lazy { [impersonated_token] }
{ search: 'test' } | create(:admin) | lazy { [name_token] }
end
with_them do
it_behaves_like 'finding tokens by user and options'
end
end
end
describe '#execute' do
let(:user) { create(:user) }
let(:params) { {} }
let(:current_user) { nil }
let!(:active_personal_access_token) { create(:personal_access_token, user: user) }
let!(:expired_personal_access_token) { create(:personal_access_token, :expired, user: user) }
let!(:revoked_personal_access_token) { create(:personal_access_token, :revoked, user: user) }
let!(:active_impersonation_token) { create(:personal_access_token, :impersonation, user: user) }
let!(:expired_impersonation_token) { create(:personal_access_token, :expired, :impersonation, user: user) }
let!(:revoked_impersonation_token) { create(:personal_access_token, :revoked, :impersonation, user: user) }
let!(:project_bot) { create(:user, :project_bot) }
let!(:project_member) { create(:project_member, user: project_bot) }
let!(:project_access_token) { create(:personal_access_token, user: project_bot) }
subject { finder(params, current_user).execute }
context 'when current_user is defined' do
let(:current_user) { create(:admin) }
let(:params) { { user: user } }
context 'current_user is allowed to read PATs' do
it do
is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token,
revoked_personal_access_token, expired_personal_access_token,
revoked_impersonation_token, expired_impersonation_token)
end
end
context 'current_user is not allowed to read PATs' do
let(:current_user) { create(:user) }
it { is_expected.to be_empty }
end
context 'when user param is not set' do
let(:params) { {} }
it do
is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token,
revoked_personal_access_token, expired_personal_access_token,
revoked_impersonation_token, expired_impersonation_token, project_access_token)
end
context 'when current_user is not an administrator' do
let(:current_user) { create(:user) }
it { is_expected.to be_empty }
end
end
end
describe 'without user' do
it do
is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token,
revoked_personal_access_token, expired_personal_access_token,
revoked_impersonation_token, expired_impersonation_token, project_access_token)
end
describe 'with users' do
let(:user2) { create(:user) }
before do
create(:personal_access_token, user: user2)
create(:personal_access_token, :expired, user: user2)
create(:personal_access_token, :revoked, user: user2)
create(:personal_access_token, :impersonation, user: user2)
create(:personal_access_token, :expired, :impersonation, user: user2)
create(:personal_access_token, :revoked, :impersonation, user: user2)
params[:users] = [user]
end
it {
is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token,
revoked_personal_access_token, expired_personal_access_token,
revoked_impersonation_token, expired_impersonation_token)
}
end
describe 'with sort order' do
before do
params[:sort] = 'id_asc'
end
it 'sorts records as per the specified sort order' do
expect(subject).to match_array(PersonalAccessToken.all.order(id: :asc))
end
end
describe 'without impersonation' do
before do
params[:impersonation] = false
end
it { is_expected.to contain_exactly(active_personal_access_token, revoked_personal_access_token, expired_personal_access_token, project_access_token) }
describe 'with active state' do
before do
params[:state] = 'active'
end
it { is_expected.to contain_exactly(active_personal_access_token, project_access_token) }
end
describe 'with inactive state' do
before do
params[:state] = 'inactive'
end
it { is_expected.to contain_exactly(revoked_personal_access_token, expired_personal_access_token) }
end
end
describe 'with impersonation' do
before do
params[:impersonation] = true
end
it { is_expected.to contain_exactly(active_impersonation_token, revoked_impersonation_token, expired_impersonation_token) }
describe 'with active state' do
before do
params[:state] = 'active'
end
it { is_expected.to contain_exactly(active_impersonation_token) }
end
describe 'with inactive state' do
before do
params[:state] = 'inactive'
end
it { is_expected.to contain_exactly(revoked_impersonation_token, expired_impersonation_token) }
end
end
describe 'with active state' do
before do
params[:state] = 'active'
end
it { is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token, project_access_token) }
end
describe 'with inactive state' do
before do
params[:state] = 'inactive'
end
it do
is_expected.to contain_exactly(expired_personal_access_token, revoked_personal_access_token,
expired_impersonation_token, revoked_impersonation_token)
end
end
describe 'with id' do
subject { finder(params).find_by_id(active_personal_access_token.id) }
it { is_expected.to eq(active_personal_access_token) }
describe 'with impersonation' do
before do
params[:impersonation] = true
end
it { is_expected.to be_nil }
end
end
describe 'with token' do
subject { finder(params).find_by_token(active_personal_access_token.token) }
it { is_expected.to eq(active_personal_access_token) }
describe 'with impersonation' do
before do
params[:impersonation] = true
end
it { is_expected.to be_nil }
end
end
end
describe 'with user' do
let(:user2) { create(:user) }
let!(:other_user_active_personal_access_token) { create(:personal_access_token, user: user2) }
let!(:other_user_expired_personal_access_token) { create(:personal_access_token, :expired, user: user2) }
let!(:other_user_revoked_personal_access_token) { create(:personal_access_token, :revoked, user: user2) }
let!(:other_user_active_impersonation_token) { create(:personal_access_token, :impersonation, user: user2) }
let!(:other_user_expired_impersonation_token) { create(:personal_access_token, :expired, :impersonation, user: user2) }
let!(:other_user_revoked_impersonation_token) { create(:personal_access_token, :revoked, :impersonation, user: user2) }
before do
params[:user] = user
end
it do
is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token,
revoked_personal_access_token, expired_personal_access_token,
revoked_impersonation_token, expired_impersonation_token)
end
describe 'filtering human tokens' do
before do
params[:owner_type] = 'human'
end
it { is_expected.not_to include(project_access_token) }
end
describe 'without impersonation' do
before do
params[:impersonation] = false
end
it { is_expected.to contain_exactly(active_personal_access_token, revoked_personal_access_token, expired_personal_access_token) }
describe 'with active state' do
before do
params[:state] = 'active'
end
it { is_expected.to contain_exactly(active_personal_access_token) }
end
describe 'with inactive state' do
before do
params[:state] = 'inactive'
end
it { is_expected.to contain_exactly(revoked_personal_access_token, expired_personal_access_token) }
end
end
describe 'with impersonation' do
before do
params[:impersonation] = true
end
it { is_expected.to contain_exactly(active_impersonation_token, revoked_impersonation_token, expired_impersonation_token) }
describe 'with active state' do
before do
params[:state] = 'active'
end
it { is_expected.to contain_exactly(active_impersonation_token) }
end
describe 'with inactive state' do
before do
params[:state] = 'inactive'
end
it { is_expected.to contain_exactly(revoked_impersonation_token, expired_impersonation_token) }
end
end
describe 'with active state' do
before do
params[:state] = 'active'
end
it { is_expected.to contain_exactly(active_personal_access_token, active_impersonation_token) }
end
describe 'with inactive state' do
before do
params[:state] = 'inactive'
end
it do
is_expected.to contain_exactly(expired_personal_access_token, revoked_personal_access_token,
expired_impersonation_token, revoked_impersonation_token)
end
end
describe 'with id' do
subject { finder(params).find_by_id(active_personal_access_token.id) }
it { is_expected.to eq(active_personal_access_token) }
describe 'with impersonation' do
before do
params[:impersonation] = true
end
it { is_expected.to be_nil }
end
end
describe 'with token' do
subject { finder(params).find_by_token(active_personal_access_token.token) }
it { is_expected.to eq(active_personal_access_token) }
describe 'with impersonation' do
before do
params[:impersonation] = true
end
it { is_expected.to be_nil }
end
end
end
end
end