File: user_store_spec.rb

package info (click to toggle)
gitlab 17.6.5-19
links: PTS, VCS
area: main
in suites: sid
size: 629,368 kB
sloc: ruby: 1,915,304; javascript: 557,307; sql: 60,639; xml: 6,509; sh: 4,567; makefile: 1,239; python: 406
file content (461 lines) | stat: -rw-r--r-- 15,706 bytes
# frozen_string_literal: true

module QA
  RSpec.describe Runtime::UserStore do
    let(:default_admin_token) { "ypCa3Dzb23o5nvsixwPA" }

    before do
      allow(Runtime::Scenario).to receive(:send).with("gitlab_address").and_return("https://example.com")
      allow(Runtime::Logger).to receive_messages({
        debug: nil,
        info: nil,
        warn: nil,
        error: nil
      })

      # Clear the global state before each spec execution
      if described_class.instance_variable_defined?(:@admin_api_client)
        described_class.send(:remove_instance_variable, :@admin_api_client)
      end

      if described_class.instance_variable_defined?(:@admin_user)
        described_class.send(:remove_instance_variable, :@admin_user)
      end

      if described_class.instance_variable_defined?(:@user_api_client)
        described_class.send(:remove_instance_variable, :@user_api_client)
      end

      if described_class.instance_variable_defined?(:@test_user)
        described_class.send(:remove_instance_variable, :@test_user)
      end
    end

    def mock_user_get(token:, code: 200, body: { is_admin: true, id: 1, username: "root" }.to_json)
      allow(Support::API).to receive(:get).with("https://example.com/api/v4/user?private_token=#{token}").and_return(
        instance_double(RestClient::Response, code: code, body: body)
      )
    end

    describe "#admin_api_client" do
      let(:admin_token) { nil }
      let(:no_admin_env) { false }

      before do
        allow(Runtime::Env).to receive_messages({
          admin_username: nil,
          admin_password: nil,
          admin_personal_access_token: admin_token,
          no_admin_environment?: no_admin_env
        })
      end

      context "with no admin env" do
        let(:no_admin_env) { true }

        it "sets admin api client to nil" do
          expect(described_class.admin_api_client).to be_nil
        end
      end

      context "when admin token variable is set" do
        let(:admin_token) { "admin-token" }

        before do
          mock_user_get(token: admin_token)
        end

        it "creates admin api client with configured token" do
          expect(described_class.admin_api_client.personal_access_token).to eq(admin_token)
        end
      end

      context "with valid default admin token and no token configured" do
        before do
          mock_user_get(token: default_admin_token)
        end

        it "creates admin api client with default admin token" do
          expect(described_class.admin_api_client.personal_access_token).to eq(default_admin_token)
        end
      end

      context "with invalid token set via environment variable" do
        let(:admin_token) { "admin-token" }

        before do
          mock_user_get(token: admin_token, code: 401, body: "401 Unauthorized")
        end

        it "raises InvalidTokenError" do
          expect { described_class.admin_api_client }.to raise_error(
            described_class::InvalidTokenError, "API client validation failed! Code: 401, Err: '401 Unauthorized'"
          )
        end
      end

      context "with expired admin password" do
        let(:admin_token) { "admin-token" }

        before do
          mock_user_get(token: admin_token, code: 403, body: "Your password expired")
        end

        it "raises ExpiredAdminPasswordError" do
          expect { described_class.admin_api_client }.to raise_error(
            described_class::ExpiredAdminPasswordError, "Password for client's user has expired and must be reset"
          )
        end
      end

      context "with token creation via UI" do
        let(:token) { "token" }

        # dummy objects are created with populated id fields to simulate proper fabrication and reload calls
        let(:admin_user) { Resource::User.init { |u| u.id = 1 } }

        let(:pat) do
          Resource::PersonalAccessToken.init do |p|
            p.token = token
            p.user_id = 1
          end
        end

        before do
          allow(Flow::Login).to receive(:while_signed_in).with(as: admin_user).and_yield
          allow(Resource::User).to receive(:init).and_yield(admin_user).and_return(admin_user)
          allow(Resource::PersonalAccessToken).to receive(:fabricate_via_browser_ui!).and_yield(pat).and_return(pat)
          allow(admin_user).to receive(:reload!)

          mock_user_get(token: default_admin_token, code: 401)
        end

        it "creates admin api client with token created from UI" do
          expect(described_class.admin_api_client.personal_access_token).to eq(token)
          expect(pat.username).to eq("root")
          expect(pat.password).to eq("5iveL!fe")
          expect(admin_user).to have_received(:reload!)
        end
      end
    end

    describe "#admin_user" do
      let(:no_admin_env) { false }

      before do
        allow(Runtime::Env).to receive_messages({
          admin_username: nil,
          admin_password: nil,
          admin_personal_access_token: nil,
          no_admin_environment?: no_admin_env
        })
      end

      context "with no admin env" do
        let(:no_admin_env) { true }

        it "sets admin user to nil" do
          expect(described_class.admin_user).to be_nil
        end
      end

      context "when admin client has not been initialized" do
        context "with admin user variables set" do
          let(:username) { "admin-username" }
          let(:password) { "admin-password" }

          before do
            allow(Runtime::Env).to receive_messages({ admin_username: username, admin_password: password })
          end

          it "returns admin user with configured credentials" do
            expect(described_class.admin_user.username).to eq(username)
            expect(described_class.admin_user.password).to eq(password)
          end
        end

        context "without admin user variables set" do
          let(:username) { "root" }
          let(:password) { "5iveL!fe" }

          it "returns admin user with default credentials" do
            expect(described_class.admin_user.username).to eq(username)
            expect(described_class.admin_user.password).to eq(password)
          end
        end
      end

      context "when admin client has been initialized" do
        let(:admin_user) { Resource::User.new }
        let(:admin_client) { Runtime::API::Client.new(personal_access_token: default_admin_token) }

        before do
          allow(Resource::User).to receive(:init).and_yield(admin_user).and_return(admin_user)
          allow(admin_user).to receive(:reload!)

          described_class.instance_variable_set(:@admin_api_client, admin_client)
        end

        context "with valid admin client belonging to user" do
          before do
            mock_user_get(token: default_admin_token)
          end

          it "sets api client on admin user and reloads it" do
            expect(described_class.admin_user.instance_variable_get(:@api_client)).to eq(admin_client)
            expect(admin_user).to have_received(:reload!)
          end
        end

        context "with valid admin client not belonging to user" do
          before do
            mock_user_get(token: default_admin_token, body: { username: "test" }.to_json)
          end

          it "prints warning message" do
            described_class.initialize_admin_user

            expect(Runtime::Logger).to have_received(:warn).with(<<~WARN)
              Configured global api client does not belong to configured global user
              Please check values for user authentication related variables
            WARN
          end
        end

        context "with invalid admin client" do
          before do
            mock_user_get(token: default_admin_token, code: 403, body: "Unauthorized")
          end

          it "raises invalid token error" do
            expect { described_class.admin_user }.to raise_error(
              described_class::InvalidTokenError, "API client validation failed! Code: 403, Err: 'Unauthorized'"
            )
          end
        end
      end
    end

    describe "#user_api_client" do
      subject(:user_api_client) { described_class.user_api_client }

      context "when running on live environment" do
        let(:username) { "username" }
        let(:password) { "password" }
        let(:api_token) { "token" }

        before do
          allow(Runtime::Env).to receive_messages({
            user_username: username,
            user_password: password,
            personal_access_token: api_token,
            running_on_live_env?: true
          })
        end

        context "when api token variable is set" do
          before do
            mock_user_get(token: api_token)
          end

          it "creates admin api client with configured token" do
            expect(user_api_client.personal_access_token).to eq(api_token)
          end
        end

        context "when api token variable and user variables are not set" do
          let(:api_token) { nil }
          let(:username) { nil }
          let(:password) { nil }

          it "does not return api client" do
            expect(user_api_client).to be_nil
          end
        end

        context "with invalid token set via environment variable" do
          before do
            mock_user_get(token: api_token, code: 401, body: "401 Unauthorized")
          end

          it "does not return api client" do
            expect(user_api_client).to be_nil
          end
        end

        context "with expired admin password" do
          before do
            mock_user_get(token: api_token, code: 403, body: "Your password expired")
          end

          it "does not return api client" do
            expect(user_api_client).to be_nil
          end
        end

        context "with token creation via UI" do
          let(:api_token) { nil }
          # dummy objects are created with populated id fields to simulate proper fabrication and reload calls
          let(:user_spy) { Resource::User.init { |u| u.id = 1 } }

          let(:pat) do
            Resource::PersonalAccessToken.init do |p|
              p.token = "token"
              p.user_id = 1
            end
          end

          before do
            allow(Resource::User).to receive(:init).and_yield(user_spy).and_return(user_spy)
            allow(Resource::PersonalAccessToken).to receive(:fabricate_via_browser_ui!).and_yield(pat).and_return(pat)
            allow(user_spy).to receive(:reload!)
          end

          it "creates user api client with token created from UI" do
            expect(user_api_client.personal_access_token).to eq(pat.token)
            expect(pat.username).to eq(username)
            expect(pat.password).to eq(password)
            expect(user_spy).to have_received(:reload!)
          end
        end
      end

      context "when running on ephemeral environment with working admin client" do
        let(:admin_api_client) { instance_double(Runtime::API::Client) }
        let(:user) { Resource::User.init { |usr| usr.api_client = instance_double(Runtime::API::Client) } }

        before do
          allow(Runtime::Env).to receive(:running_on_live_env?).and_return(false)

          described_class.instance_variable_set(:@admin_api_client, admin_api_client)
          described_class.instance_variable_set(:@test_user, user)
        end

        it "returns test user api client" do
          expect(user_api_client).to eq(user.api_client)
        end
      end
    end

    describe "#test_user" do
      subject(:test_user) { described_class.test_user }

      context "when running on live environment" do
        let(:username) { "username" }
        let(:password) { "password" }

        before do
          allow(Runtime::Env).to receive_messages({
            user_username: username,
            user_password: password,
            personal_access_token: nil,
            running_on_live_env?: true
          })
        end

        context "when api client has not been initialized" do
          context "with user variables set" do
            it "returns user with configured credentials" do
              expect(test_user.username).to eq(username)
              expect(test_user.password).to eq(password)
            end
          end

          context "without user variables set" do
            let(:username) { nil }
            let(:password) { nil }

            it "does not return test user" do
              expect(test_user).to be_nil
            end
          end

          context "with only username set" do
            let(:password) { nil }

            it "does not return test user" do
              expect(test_user).to be_nil
            end
          end

          context "with only password set" do
            let(:username) { nil }

            it "does not return test user" do
              expect(test_user).to be_nil
            end
          end
        end

        context "when api client has been initialized" do
          let(:user_spy) { Resource::User.new }
          let(:api_client) { Runtime::API::Client.new(personal_access_token: "token") }

          before do
            allow(Resource::User).to receive(:init).and_yield(user_spy).and_return(user_spy)
            allow(user_spy).to receive(:reload!)

            described_class.instance_variable_set(:@user_api_client, api_client)
          end

          context "with valid client belonging to user" do
            before do
              mock_user_get(token: api_client.personal_access_token, body: { username: username }.to_json)
            end

            it "sets api client on user and reloads it" do
              expect(test_user.api_client).to eq(api_client)
              expect(test_user).to have_received(:reload!)
            end
          end

          context "with valid client not belonging to user" do
            before do
              mock_user_get(token: api_client.personal_access_token, body: { username: "test" }.to_json)
            end

            it "prints warning message" do
              described_class.initialize_test_user

              expect(Runtime::Logger).to have_received(:warn).with(<<~WARN)
              Configured global api client does not belong to configured global user
              Please check values for user authentication related variables
              WARN
            end
          end

          context "with invalid api client" do
            before do
              mock_user_get(token: api_client.personal_access_token, code: 403, body: "Unauthorized")
            end

            it "raises invalid token error" do
              expect(test_user).to be_nil
              expect(Runtime::Logger).to have_received(:warn).with(
                "Failed to create test user: API client validation failed! Code: 403, Err: 'Unauthorized'"
              )
            end
          end
        end
      end

      context "when running on ephemeral environment with working admin client" do
        let(:admin_api_client) { instance_double(Runtime::API::Client) }
        let(:user) { Resource::User.new }

        before do
          allow(Runtime::Env).to receive(:running_on_live_env?).and_return(false)
          allow(Resource::User).to receive(:fabricate_via_api!).and_yield(user).and_return(user)

          described_class.instance_variable_set(:@admin_api_client, admin_api_client)
        end

        it "returns new user" do
          expect(test_user).to eq(user)
          # check admin api client was explicitly used for user creation
          expect(test_user.api_client).to eq(admin_api_client)
        end
      end
    end
  end
end