File: impersonations_controller_spec.rb

package info (click to toggle)
gitlab 17.6.5-19
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 629,368 kB
  • sloc: ruby: 1,915,304; javascript: 557,307; sql: 60,639; xml: 6,509; sh: 4,567; makefile: 1,239; python: 406
file content (121 lines) | stat: -rw-r--r-- 3,282 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Admin::ImpersonationsController do
  let(:impersonator) { create(:admin) }
  let(:user) { create(:user) }

  describe "DELETE destroy" do
    context "when not signed in" do
      it "redirects to the sign in page" do
        delete :destroy

        expect(response).to redirect_to(new_user_session_path)
      end
    end

    context "when signed in" do
      before do
        sign_in(user)
      end

      context "when not impersonating" do
        it "responds with status 404" do
          delete :destroy

          expect(response).to have_gitlab_http_status(:not_found)
        end

        it "doesn't sign us in" do
          delete :destroy

          expect(warden.user).to eq(user)
        end
      end

      context "when impersonating" do
        before do
          session[:impersonator_id] = impersonator.id
        end

        context "when the impersonator is not admin (anymore)" do
          before do
            impersonator.admin = false
            impersonator.save!
          end

          it "responds with status 404" do
            delete :destroy

            expect(response).to have_gitlab_http_status(:not_found)
          end

          it "doesn't sign us in as the impersonator" do
            delete :destroy

            expect(warden.user).to eq(user)
          end
        end

        context "when the impersonator is admin" do
          context "when the impersonator is blocked" do
            before do
              impersonator.block!
            end

            it "responds with status 404" do
              delete :destroy

              expect(response).to have_gitlab_http_status(:not_found)
            end

            it "doesn't sign us in as the impersonator" do
              delete :destroy

              expect(warden.user).to eq(user)
            end
          end

          context "when the impersonator is not blocked" do
            shared_examples_for "successfully stops impersonating" do
              it "redirects to the impersonated user's page" do
                expect(Gitlab::AppLogger).to receive(:info).with("User #{impersonator.username} has stopped impersonating #{user.username}").and_call_original

                delete :destroy

                expect(response).to redirect_to(admin_user_path(user))
              end

              it "signs us in as the impersonator" do
                delete :destroy

                expect(warden.user).to eq(impersonator)
              end

              it 'clears token session keys' do
                session[:bitbucket_token] = SecureRandom.hex(8)

                delete :destroy

                expect(session[:bitbucket_token]).to be_nil
              end
            end

            # base case
            it_behaves_like "successfully stops impersonating"

            context "and the user has a temporary oauth e-mail address" do
              before do
                allow(user).to receive(:temp_oauth_email?).and_return(true)
                allow(controller).to receive(:current_user).and_return(user)
              end

              it_behaves_like "successfully stops impersonating"
            end
          end
        end
      end
    end
  end
end