mirror of
https://gitlab.com/gitlab-org/gitlab-foss.git
synced 2025-08-10 01:31:45 +00:00
120 lines
3.5 KiB
Ruby
120 lines
3.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'spec_helper'
|
|
|
|
RSpec.describe Oauth::ProtectedResourceMetadataController, feature_category: :system_access do
|
|
describe 'GET /.well-known/oauth-protected-resource' do
|
|
let(:protected_resource_path) { Gitlab::Routing.url_helpers.oauth_protected_resource_metadata_path }
|
|
let(:expected_response) do
|
|
{
|
|
'resource' => "http://www.example.com/api/v4/mcp",
|
|
'authorization_servers' => [
|
|
"http://www.example.com"
|
|
]
|
|
}
|
|
end
|
|
|
|
before do
|
|
get protected_resource_path
|
|
end
|
|
|
|
it 'returns 200 status' do
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
end
|
|
|
|
it 'returns correct content type' do
|
|
expect(response.content_type).to eq('application/json; charset=utf-8')
|
|
end
|
|
|
|
it 'returns the expected JSON structure' do
|
|
expect(response.parsed_body).to eq(expected_response)
|
|
end
|
|
|
|
it 'includes correct caching headers' do
|
|
cache_control = response.headers['Cache-Control']
|
|
expect(cache_control).to include('max-age=86400')
|
|
expect(cache_control).to include('public')
|
|
expect(cache_control).to include('must-revalidate')
|
|
expect(cache_control).to include('no-transform')
|
|
end
|
|
|
|
context 'when using custom base URL' do
|
|
let(:custom_host) { 'https://custom-gitlab.example.com' }
|
|
|
|
before do
|
|
allow_next_instance_of(ActionDispatch::Request) do |instance|
|
|
allow(instance).to receive(:base_url).and_return(custom_host)
|
|
end
|
|
|
|
get protected_resource_path
|
|
end
|
|
|
|
it 'returns metadata with custom base URL' do
|
|
expected_custom_response = {
|
|
'resource' => "#{custom_host}/api/v4/mcp",
|
|
'authorization_servers' => [
|
|
custom_host
|
|
]
|
|
}
|
|
|
|
expect(response.parsed_body).to eq(expected_custom_response)
|
|
end
|
|
end
|
|
|
|
context 'without authentication' do
|
|
it 'does not require authentication' do
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
end
|
|
end
|
|
|
|
context 'with authenticated user' do
|
|
let_it_be(:user) { create(:user) }
|
|
|
|
before do
|
|
sign_in(user)
|
|
|
|
get protected_resource_path
|
|
end
|
|
|
|
it 'returns the same response as unauthenticated request' do
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
expect(response.parsed_body).to eq(expected_response)
|
|
end
|
|
end
|
|
|
|
context 'when validating response' do
|
|
it 'contains required fields' do
|
|
response_body = response.parsed_body
|
|
|
|
expect(response_body).to have_key('resource')
|
|
expect(response_body).to have_key('authorization_servers')
|
|
end
|
|
|
|
it 'has correct resource format' do
|
|
resource_url = response.parsed_body['resource']
|
|
|
|
expect(resource_url).to be_a(String)
|
|
expect(resource_url).to end_with('/api/v4/mcp')
|
|
expect(resource_url).to match(%r{\Ahttps?://})
|
|
end
|
|
|
|
it 'has correct authorization_servers format' do
|
|
auth_servers = response.parsed_body['authorization_servers']
|
|
|
|
expect(auth_servers).to be_a(Array)
|
|
expect(auth_servers.length).to eq(1)
|
|
expect(auth_servers.first).to be_a(String)
|
|
expect(auth_servers.first).to match(%r{\Ahttps?://})
|
|
end
|
|
|
|
it 'authorization_servers contains the same base URL as resource' do
|
|
response_body = response.parsed_body
|
|
resource_base = response_body['resource'].gsub('/api/v4/mcp', '')
|
|
auth_server = response_body['authorization_servers'].first
|
|
|
|
expect(auth_server).to eq(resource_base)
|
|
end
|
|
end
|
|
end
|
|
end
|