gitlab-org--gitlab-foss/spec/controllers/application_controller_spec.rb
Timothy Andrew 05b319b0b4 Perform private token and personal access token authentication in the same before_action.
- So that the check for valid personal access tokens happens only if
  private token auth fails.
2016-06-01 14:04:38 +05:30

95 lines
3.5 KiB
Ruby

require 'spec_helper'
describe ApplicationController do
describe '#check_password_expiration' do
let(:user) { create(:user) }
let(:controller) { ApplicationController.new }
it 'should redirect if the user is over their password expiry' do
user.password_expires_at = Time.new(2002)
expect(user.ldap_user?).to be_falsey
allow(controller).to receive(:current_user).and_return(user)
expect(controller).to receive(:redirect_to)
expect(controller).to receive(:new_profile_password_path)
controller.send(:check_password_expiration)
end
it 'should not redirect if the user is under their password expiry' do
user.password_expires_at = Time.now + 20010101
expect(user.ldap_user?).to be_falsey
allow(controller).to receive(:current_user).and_return(user)
expect(controller).not_to receive(:redirect_to)
controller.send(:check_password_expiration)
end
it 'should not redirect if the user is over their password expiry but they are an ldap user' do
user.password_expires_at = Time.new(2002)
allow(user).to receive(:ldap_user?).and_return(true)
allow(controller).to receive(:current_user).and_return(user)
expect(controller).not_to receive(:redirect_to)
controller.send(:check_password_expiration)
end
end
describe "#authenticate_user_from_token!" do
describe "authenticating a user from a private token" do
controller(ApplicationController) do
def index
render text: "authenticated"
end
end
let(:user) { create(:user) }
it "logs the user in when the 'private_token' param is populated with the private token" do
get :index, private_token: user.private_token
expect(response.status).to eq(200)
expect(response.body).to eq("authenticated")
end
it "logs the user in when the 'PRIVATE-TOKEN' header is populated with the private token" do
@request.headers['PRIVATE-TOKEN'] = user.private_token
get :index
expect(response.status).to eq(200)
expect(response.body).to eq("authenticated")
end
it "doesn't log the user in otherwise" do
@request.headers['PRIVATE-TOKEN'] = "token"
get :index, private_token: "token", authenticity_token: "token"
expect(response.status).to_not eq(200)
expect(response.body).to_not eq("authenticated")
end
end
describe "authenticating a user from a personal access token" do
controller(ApplicationController) do
def index
render text: 'authenticated'
end
end
let(:user) { create(:user) }
let(:personal_access_token) { create(:personal_access_token, user: user) }
it "logs the user in when the 'personal_access_token' param is populated with the personal access token" do
get :index, private_token: personal_access_token.token
expect(response.status).to eq(200)
expect(response.body).to eq('authenticated')
end
it "logs the user in when the 'PERSONAL_ACCESS_TOKEN' header is populated with the personal access token" do
@request.headers["PRIVATE-TOKEN"] = personal_access_token.token
get :index
expect(response.status).to eq(200)
expect(response.body).to eq('authenticated')
end
it "doesn't log the user in otherwise" do
get :index, private_token: "token"
expect(response.status).to_not eq(200)
expect(response.body).to_not eq('authenticated')
end
end
end
end