Make tests green for ci_job_token authentication

doc/api/jobs.md

@@ -328,7 +328,7 @@ Example requests:
 - Using the `job_token` parameter (only inside `.gitlab-ci.yml`):
 
     ```
-    curl --header -form "job-token=$CI_JOB_TOKEN" "https://gitlab.example.com/api/v4/projects/1/jobs/artifacts/master/download?job=test"
+    curl --header --form "job-token=$CI_JOB_TOKEN" "https://gitlab.example.com/api/v4/projects/1/jobs/artifacts/master/download?job=test"
     ```
 
 Response:
@@ -380,7 +380,7 @@ Example requests:
 - Using the `job_token` parameter (only inside `.gitlab-ci.yml`):
 
     ```
-    curl --header -form "job-token=$CI_JOB_TOKEN" "https://gitlab.example.com/api/v4/projects/1/jobs/artifacts/master/download?job=test"
+    curl --header --form "job-token=$CI_JOB_TOKEN" "https://gitlab.example.com/api/v4/projects/1/jobs/artifacts/master/download?job=test"
     ```
 
 Example response:

lib/api/helpers.rb

@@ -377,6 +377,7 @@ module API
 
     def initial_current_user
       return @initial_current_user if defined?(@initial_current_user)
+
       Gitlab::Auth::UniqueIpsLimiter.limit_user! do
         @initial_current_user ||= find_user_by_private_token(scopes: scopes_registered_for_endpoint)
         @initial_current_user ||= doorkeeper_guard(scopes: scopes_registered_for_endpoint)

lib/api/jobs.rb

@@ -248,7 +248,7 @@ module API
       end
 
       def check_cross_project_pipelines_feature!
-        not_found!('Project') if job_token_authentication? && project.feature_available?(:cross_project_pipelines)
+        not_found!('Project') if job_token_authentication? && @project.feature_available?(:cross_project_pipelines)
       end
     end
   end

spec/requests/api/helpers_spec.rb

@@ -13,9 +13,12 @@ describe API::Helpers do
   let(:env) { { 'REQUEST_METHOD' => 'GET' } }
   let(:request) { Rack::Request.new(env) }
   let(:header) { }
+  let(:route_authentication_setting) { {} }
 
   before do
     allow_any_instance_of(self.class).to receive(:options).and_return({})
+    allow_any_instance_of(self.class).to receive(:route_authentication_setting)
+      .and_return(route_authentication_setting)
   end
 
   def set_env(user_or_token, identifier)
@@ -202,11 +205,15 @@ describe API::Helpers do
     end
 
     describe "when authenticating using a job token" do
-      let(:job) { create(:ci_build) }
-  
+      let(:job) { create(:ci_build, user: current_user) }
+      let(:route_authentication_setting) { { job_token_allowed: true } }
+
+      before do
+        allow_any_instance_of(API::Helpers).to receive(:doorkeeper_guard).and_return(nil)
+      end
+
       it "returns nil for an invalid token" do
         env[API::APIGuard::JOB_TOKEN_HEADER] = 'invalid token'
-        allow_any_instance_of(self.class).to receive(:doorkeeper_guard){ false }
 
         expect(current_user).to be_nil
       end
@@ -224,13 +231,6 @@ describe API::Helpers do
 
         expect(current_user).to be_nil
       end
-
-      it "authenticates as user when route is allowed" do
-        env[API::APIGuard::JOB_TOKEN_HEADER] = job.token
-        route_setting(:authentication) = { job_token_allowed: true }
-
-        expect(current_user).to eq(user)
-      end
     end
 
     context 'sudo usage' do

spec/requests/api/jobs_spec.rb

@@ -207,7 +207,6 @@ describe API::Jobs do
     context 'normal authentication' do
       before do
         stub_artifacts_object_storage
-        job
         get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user)
       end
 
@@ -248,16 +247,16 @@ describe API::Jobs do
       before do
         get api("/projects/#{project.id}/jobs/#{job.id}/artifacts"), job_token: job.token
       end
-      
+
       context 'user is developer' do
         let(:api_user) { user }
-      
+
         it_behaves_like 'downloads artifact'
       end
 
       context 'user is admin, but not member' do
         let(:api_user) { create(:admin) }
-      
+
         it 'does not allow to see that artfiact is present' do
           expect(response).to have_http_status(404)
         end
@@ -267,7 +266,7 @@ describe API::Jobs do
 
   describe 'GET /projects/:id/artifacts/:ref_name/download?job=name' do
     let(:api_user) { reporter }
-    let(:job) { create(:ci_build, :artifacts, pipeline: pipeline) }
+    let(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user) }
 
     before do
       stub_artifacts_object_storage
@@ -338,7 +337,7 @@ describe API::Jobs do
         end
 
         context 'when artifacts are stored remotely' do
-          let(:job) { create(:ci_build, :artifacts, :remote_store, pipeline: pipeline) }
+          let(:job) { create(:ci_build, :artifacts, :remote_store, pipeline: pipeline, user: api_user) }
 
           it 'returns location redirect' do
             expect(response).to have_http_status(302)
@@ -381,7 +380,7 @@ describe API::Jobs do
           get api("/projects/#{project.id}/jobs/artifacts/master/download"), job: job.name, job_token: job.token
         end
 
-        context 'when user is reporter' do
+        context 'when user is eporter' do
           it_behaves_like 'a valid file'
         end