Follow-up from "Fix project access token regression"
The following discussion from !50784 (closed) should be addressed:
-
@serenafang started a discussion: The pipeline is currently failing on
spec/lib/gitlab/auth_spec.rb:377
, "when project bot is not a project member" and "when project bot user is blocked". In both cases the failure looks like:expected: #<struct Gitlab::Auth::Result actor=nil, project=nil, type=nil, authentication_abilities=nil> got: #<struct Gitlab::Auth::Result actor=#<User id:42 @user39>, project=nil, type=:personal_access_token, ...:download_code, :read_container_image, :push_code, :create_container_image, :admin_container_image]>
aka, when the project bot is not valid (when they're not a project member or when they're blocked), we expect them not to be authenticated but because
line 201: if token.user.project_bot?
istrue
, it's being authenticated anyway.If we reintroduce this line, which I removed in !47247 (merged), the pipeline passes and the problem is fixed:
return if project && token.user.project_bot? && !project.bots.include?(token.user)