Commit d97cc48d authored by Takuya Noguchi's avatar Takuya Noguchi

Replace user controller spec with its request spec

This includes sessionless shared examples for request spec copied
from the existing ones for controller spec.
Signed-off-by: default avatarTakuya Noguchi <takninnovationresearch@gmail.com>
parent 358f351e
...@@ -197,7 +197,6 @@ Rails/SaveBang: ...@@ -197,7 +197,6 @@ Rails/SaveBang:
- 'spec/controllers/projects_controller_spec.rb' - 'spec/controllers/projects_controller_spec.rb'
- 'spec/controllers/sent_notifications_controller_spec.rb' - 'spec/controllers/sent_notifications_controller_spec.rb'
- 'spec/controllers/sessions_controller_spec.rb' - 'spec/controllers/sessions_controller_spec.rb'
- 'spec/controllers/users_controller_spec.rb'
- 'spec/factories_spec.rb' - 'spec/factories_spec.rb'
- 'spec/features/admin/admin_appearance_spec.rb' - 'spec/features/admin/admin_appearance_spec.rb'
- 'spec/features/admin/admin_labels_spec.rb' - 'spec/features/admin/admin_labels_spec.rb'
...@@ -399,6 +398,7 @@ Rails/SaveBang: ...@@ -399,6 +398,7 @@ Rails/SaveBang:
- 'spec/requests/api/labels_spec.rb' - 'spec/requests/api/labels_spec.rb'
- 'spec/requests/api/project_import_spec.rb' - 'spec/requests/api/project_import_spec.rb'
- 'spec/requests/projects/cycle_analytics_events_spec.rb' - 'spec/requests/projects/cycle_analytics_events_spec.rb'
- 'spec/requests/users_controller_spec.rb'
Rails/TimeZone: Rails/TimeZone:
Enabled: true Enabled: true
......
---
title: Replace user controller spec with its request spec
merge_request: 50435
author: Takuya Noguchi
type: other
# frozen_string_literal: true # frozen_string_literal: true
# This controller shared examples will be migrated to
# spec/support/shared_examples/requests/sessionless_auth_request_shared_examples.rb
# See also https://gitlab.com/groups/gitlab-org/-/epics/5076
RSpec.shared_examples 'authenticates sessionless user' do |path, format, params| RSpec.shared_examples 'authenticates sessionless user' do |path, format, params|
params ||= {} params ||= {}
......
# frozen_string_literal: true
RSpec.shared_examples 'authenticates sessionless user for the request spec' do |params|
params ||= {}
before do
stub_authentication_activity_metrics(debug: false)
end
let(:user) { create(:user) }
let(:personal_access_token) { create(:personal_access_token, user: user) }
let(:default_params) { params.except(:public) || {} }
context "when the 'personal_access_token' param is populated with the personal access token" do
it 'logs the user in' do
expect(authentication_metrics)
.to increment(:user_authenticated_counter)
.and increment(:user_session_override_counter)
.and increment(:user_sessionless_authentication_counter)
get url, params: default_params.merge(private_token: personal_access_token.token)
expect(response).to have_gitlab_http_status(:ok)
expect(controller.current_user).to eq(user)
end
it 'does not log the user in if page is public', if: params[:public] do
get url, params: default_params
expect(response).to have_gitlab_http_status(:ok)
expect(controller.current_user).to be_nil
end
end
context 'when the personal access token has no api scope', unless: params[:public] do
it 'does not log the user in' do
# Several instances of where these specs are shared route the request
# through ApplicationController#route_not_found which does not involve
# the usual auth code from Devise, so does not increment the
# :user_unauthenticated_counter
#
unless params[:ignore_incrementing]
expect(authentication_metrics)
.to increment(:user_unauthenticated_counter)
end
personal_access_token.update!(scopes: [:read_user])
get url, params: default_params.merge(private_token: personal_access_token.token)
expect(response).not_to have_gitlab_http_status(:ok)
end
end
context "when the 'PERSONAL_ACCESS_TOKEN' header is populated with the personal access token" do
it 'logs the user in' do
expect(authentication_metrics)
.to increment(:user_authenticated_counter)
.and increment(:user_session_override_counter)
.and increment(:user_sessionless_authentication_counter)
headers = { 'PRIVATE-TOKEN': personal_access_token.token }
get url, params: default_params, headers: headers
expect(response).to have_gitlab_http_status(:ok)
end
end
it "doesn't log the user in otherwise", unless: params[:public] do
# Several instances of where these specs are shared route the request
# through ApplicationController#route_not_found which does not involve
# the usual auth code from Devise, so does not increment the
# :user_unauthenticated_counter
#
unless params[:ignore_incrementing]
expect(authentication_metrics)
.to increment(:user_unauthenticated_counter)
end
get url, params: default_params.merge(private_token: 'token')
expect(response).not_to have_gitlab_http_status(:ok)
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment