diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-30 04:50:03 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-30 04:50:07 +0000 |
| commit | ad1444a708bdac21064c0b41ef54cdf9b247e4d4 (patch) | |
| tree | a4bcf9fed4b00326d05400454649e76176f70dda | |
| parent | 4e9a85ef8e7e49a41ac1cc34bb5d1ace4df2e6c7 (diff) | |
| download | gitlab-ce-ad1444a708bdac21064c0b41ef54cdf9b247e4d4.tar.gz | |
Add latest changes from gitlab-org/security/gitlab@15-4-stable-ee
| -rw-r--r-- | app/models/hooks/web_hook.rb | 5 | ||||
| -rw-r--r-- | spec/models/hooks/web_hook_spec.rb | 32 |
2 files changed, 36 insertions, 1 deletions
diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb index 84ee23d77ce..4672c80c5aa 100644 --- a/app/models/hooks/web_hook.rb +++ b/app/models/hooks/web_hook.rb @@ -41,6 +41,7 @@ class WebHook < ApplicationRecord validate :no_missing_url_variables after_initialize :initialize_url_variables + before_validation :reset_token scope :executable, -> do next all unless Feature.enabled?(:web_hooks_disable_failed) @@ -185,6 +186,10 @@ class WebHook < ApplicationRecord private + def reset_token + self.token = nil if url_changed? && !encrypted_token_changed? + end + def web_hooks_disable_failed? Feature.enabled?(:web_hooks_disable_failed) end diff --git a/spec/models/hooks/web_hook_spec.rb b/spec/models/hooks/web_hook_spec.rb index 036d2effc0f..f8aa378f28e 100644 --- a/spec/models/hooks/web_hook_spec.rb +++ b/spec/models/hooks/web_hook_spec.rb @@ -131,6 +131,36 @@ RSpec.describe WebHook do expect(hook.push_events_branch_filter).to eq('') end end + + describe 'before_validation :reset_token' do + subject(:hook) { build_stubbed(:project_hook, :token, project: project) } + + it 'resets token if url changed' do + hook.url = 'https://webhook.example.com/new-hook' + + expect(hook).to be_valid + expect(hook.token).to be_nil + end + + it 'does not reset token if new url is set together with the same token' do + hook.url = 'https://webhook.example.com/new-hook' + current_token = hook.token + hook.token = current_token + + expect(hook).to be_valid + expect(hook.token).to eq(current_token) + expect(hook.url).to eq('https://webhook.example.com/new-hook') + end + + it 'does not reset token if new url is set together with a new token' do + hook.url = 'https://webhook.example.com/new-hook' + hook.token = 'token' + + expect(hook).to be_valid + expect(hook.token).to eq('token') + expect(hook.url).to eq('https://webhook.example.com/new-hook') + end + end end describe 'encrypted attributes' do @@ -232,7 +262,7 @@ RSpec.describe WebHook do end describe '#executable?' do - let(:web_hook) { create(:project_hook, project: project) } + let_it_be(:web_hook) { create(:project_hook, project: project) } where(:recent_failures, :not_until, :executable) do [ |