2d8c310f11
If we do not set a private token during the test, current_user will be nil because the user is not found, not due to the access check.
172 lines
5 KiB
Ruby
172 lines
5 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe API, api: true do
|
|
include API::APIHelpers
|
|
include ApiHelpers
|
|
let(:user) { create(:user) }
|
|
let(:admin) { create(:admin) }
|
|
let(:key) { create(:key, user: user) }
|
|
|
|
let(:params) { {} }
|
|
let(:env) { {} }
|
|
|
|
def set_env(token_usr, identifier)
|
|
clear_env
|
|
clear_param
|
|
env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = token_usr.private_token
|
|
env[API::APIHelpers::SUDO_HEADER] = identifier
|
|
end
|
|
|
|
def set_param(token_usr, identifier)
|
|
clear_env
|
|
clear_param
|
|
params[API::APIHelpers::PRIVATE_TOKEN_PARAM] = token_usr.private_token
|
|
params[API::APIHelpers::SUDO_PARAM] = identifier
|
|
end
|
|
|
|
def clear_env
|
|
env.delete(API::APIHelpers::PRIVATE_TOKEN_HEADER)
|
|
env.delete(API::APIHelpers::SUDO_HEADER)
|
|
end
|
|
|
|
def clear_param
|
|
params.delete(API::APIHelpers::PRIVATE_TOKEN_PARAM)
|
|
params.delete(API::APIHelpers::SUDO_PARAM)
|
|
end
|
|
|
|
def error!(message, status)
|
|
raise Exception
|
|
end
|
|
|
|
describe ".current_user" do
|
|
it "should return nil for an invalid token" do
|
|
env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = 'invalid token'
|
|
current_user.should be_nil
|
|
end
|
|
|
|
it "should return nil for a user without access" do
|
|
env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = user.private_token
|
|
Gitlab::UserAccess.stub(allowed?: false)
|
|
current_user.should be_nil
|
|
end
|
|
|
|
it "should leave user as is when sudo not specified" do
|
|
env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = user.private_token
|
|
current_user.should == user
|
|
clear_env
|
|
params[API::APIHelpers::PRIVATE_TOKEN_PARAM] = user.private_token
|
|
current_user.should == user
|
|
end
|
|
|
|
it "should change current user to sudo when admin" do
|
|
set_env(admin, user.id)
|
|
current_user.should == user
|
|
set_param(admin, user.id)
|
|
current_user.should == user
|
|
set_env(admin, user.username)
|
|
current_user.should == user
|
|
set_param(admin, user.username)
|
|
current_user.should == user
|
|
end
|
|
|
|
it "should throw an error when the current user is not an admin and attempting to sudo" do
|
|
set_env(user, admin.id)
|
|
expect { current_user }.to raise_error
|
|
set_param(user, admin.id)
|
|
expect { current_user }.to raise_error
|
|
set_env(user, admin.username)
|
|
expect { current_user }.to raise_error
|
|
set_param(user, admin.username)
|
|
expect { current_user }.to raise_error
|
|
end
|
|
|
|
it "should throw an error when the user cannot be found for a given id" do
|
|
id = user.id + admin.id
|
|
user.id.should_not == id
|
|
admin.id.should_not == id
|
|
set_env(admin, id)
|
|
expect { current_user }.to raise_error
|
|
|
|
set_param(admin, id)
|
|
expect { current_user }.to raise_error
|
|
end
|
|
|
|
it "should throw an error when the user cannot be found for a given username" do
|
|
username = "#{user.username}#{admin.username}"
|
|
user.username.should_not == username
|
|
admin.username.should_not == username
|
|
set_env(admin, username)
|
|
expect { current_user }.to raise_error
|
|
|
|
set_param(admin, username)
|
|
expect { current_user }.to raise_error
|
|
end
|
|
|
|
it "should handle sudo's to oneself" do
|
|
set_env(admin, admin.id)
|
|
current_user.should == admin
|
|
set_param(admin, admin.id)
|
|
current_user.should == admin
|
|
set_env(admin, admin.username)
|
|
current_user.should == admin
|
|
set_param(admin, admin.username)
|
|
current_user.should == admin
|
|
end
|
|
|
|
it "should handle multiple sudo's to oneself" do
|
|
set_env(admin, user.id)
|
|
current_user.should == user
|
|
current_user.should == user
|
|
set_env(admin, user.username)
|
|
current_user.should == user
|
|
current_user.should == user
|
|
|
|
set_param(admin, user.id)
|
|
current_user.should == user
|
|
current_user.should == user
|
|
set_param(admin, user.username)
|
|
current_user.should == user
|
|
current_user.should == user
|
|
end
|
|
|
|
it "should handle multiple sudo's to oneself using string ids" do
|
|
set_env(admin, user.id.to_s)
|
|
current_user.should == user
|
|
current_user.should == user
|
|
|
|
set_param(admin, user.id.to_s)
|
|
current_user.should == user
|
|
current_user.should == user
|
|
end
|
|
end
|
|
|
|
describe '.sudo_identifier' do
|
|
it "should return integers when input is an int" do
|
|
set_env(admin, '123')
|
|
sudo_identifier.should == 123
|
|
set_env(admin, '0001234567890')
|
|
sudo_identifier.should == 1234567890
|
|
|
|
set_param(admin, '123')
|
|
sudo_identifier.should == 123
|
|
set_param(admin, '0001234567890')
|
|
sudo_identifier.should == 1234567890
|
|
end
|
|
|
|
it "should return string when input is an is not an int" do
|
|
set_env(admin, '12.30')
|
|
sudo_identifier.should == "12.30"
|
|
set_env(admin, 'hello')
|
|
sudo_identifier.should == 'hello'
|
|
set_env(admin, ' 123')
|
|
sudo_identifier.should == ' 123'
|
|
|
|
set_param(admin, '12.30')
|
|
sudo_identifier.should == "12.30"
|
|
set_param(admin, 'hello')
|
|
sudo_identifier.should == 'hello'
|
|
set_param(admin, ' 123')
|
|
sudo_identifier.should == ' 123'
|
|
end
|
|
end
|
|
end
|