Commit 5f45ddc5 authored by Kamil Trzcinski's avatar Kamil Trzcinski

Fix specs after merging LFS changes

parent 83b643a0
...@@ -13,7 +13,7 @@ class JwtController < ApplicationController ...@@ -13,7 +13,7 @@ class JwtController < ApplicationController
@authentication_result ||= Gitlab::Auth::Result.new @authentication_result ||= Gitlab::Auth::Result.new
result = service.new(@authentication_result.project, @authentication_result.user, auth_params). result = service.new(@authentication_result.project, @authentication_result.actor, auth_params).
execute(capabilities: @authentication_result.capabilities) execute(capabilities: @authentication_result.capabilities)
render json: result, status: result[:http_status] render json: result, status: result[:http_status]
...@@ -25,8 +25,18 @@ class JwtController < ApplicationController ...@@ -25,8 +25,18 @@ class JwtController < ApplicationController
authenticate_with_http_basic do |login, password| authenticate_with_http_basic do |login, password|
@authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip) @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip)
render_403 unless @authentication_result.succeeded? render_403 unless @authentication_result.success? &&
(@authentication_result.actor.nil? || @authentication_result.actor.is_a?(User))
end end
rescue Gitlab::Auth::MissingPersonalTokenError
render_missing_personal_token
end
def render_missing_personal_token
render plain: "HTTP Basic: Access denied\n" \
"You have 2FA enabled, please use a personal access token for Git over HTTP.\n" \
"You can generate one at #{profile_personal_access_tokens_url}",
status: 401
end end
def auth_params def auth_params
......
...@@ -65,7 +65,7 @@ describe Gitlab::Auth, lib: true do ...@@ -65,7 +65,7 @@ describe Gitlab::Auth, lib: true do
token = Gitlab::LfsToken.new(user).generate token = Gitlab::LfsToken.new(user).generate
expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: user.username) expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: user.username)
expect(gl_auth.find_for_git_client(user.username, token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, :lfs_token)) expect(gl_auth.find_for_git_client(user.username, token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, nil, :lfs_token, read_capabilities))
end end
it 'recognizes deploy key lfs tokens' do it 'recognizes deploy key lfs tokens' do
...@@ -74,7 +74,7 @@ describe Gitlab::Auth, lib: true do ...@@ -74,7 +74,7 @@ describe Gitlab::Auth, lib: true do
token = Gitlab::LfsToken.new(key).generate token = Gitlab::LfsToken.new(key).generate
expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: "lfs+deploy-key-#{key.id}") expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: "lfs+deploy-key-#{key.id}")
expect(gl_auth.find_for_git_client("lfs+deploy-key-#{key.id}", token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(key, :lfs_deploy_token)) expect(gl_auth.find_for_git_client("lfs+deploy-key-#{key.id}", token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(key, nil, :lfs_deploy_token, read_capabilities))
end end
it 'recognizes OAuth tokens' do it 'recognizes OAuth tokens' do
...@@ -91,7 +91,7 @@ describe Gitlab::Auth, lib: true do ...@@ -91,7 +91,7 @@ describe Gitlab::Auth, lib: true do
login = 'foo' login = 'foo'
ip = 'ip' ip = 'ip'
expect(gl_auth).to receive(:rate_limit!).with(ip, success: nil, login: login) expect(gl_auth).to receive(:rate_limit!).with(ip, success: false, login: login)
expect(gl_auth.find_for_git_client(login, 'bar', project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new) expect(gl_auth.find_for_git_client(login, 'bar', project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new)
end end
end end
......
...@@ -45,13 +45,31 @@ describe JwtController do ...@@ -45,13 +45,31 @@ describe JwtController do
context 'using User login' do context 'using User login' do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:headers) { { authorization: credentials('user', 'password') } } let(:headers) { { authorization: credentials(user.username , user.password) } }
before { expect(Gitlab::Auth).to receive(:find_with_user_password).with('user', 'password').and_return(user) }
subject! { get '/jwt/auth', parameters, headers } subject! { get '/jwt/auth', parameters, headers }
it { expect(service_class).to have_received(:new).with(nil, user, parameters) } it { expect(service_class).to have_received(:new).with(nil, user, parameters) }
context 'when user has 2FA enabled' do
let(:user) { create(:user, :two_factor) }
context 'without personal token' do
it 'rejects the authorization attempt' do
expect(response).to have_http_status(401)
expect(response.body).to include('You have 2FA enabled, please use a personal access token for Git over HTTP')
end
end
context 'with personal token' do
let(:access_token) { create(:personal_access_token, user: user) }
let(:headers) { { authorization: credentials(user.username, access_token.token) } }
it 'rejects the authorization attempt' do
expect(response).to have_http_status(200)
end
end
end
end end
context 'using invalid login' do context 'using invalid login' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment