diff options
author | Markus Koller <mkoller@gitlab.com> | 2019-06-20 19:45:01 +0200 |
---|---|---|
committer | Markus Koller <mkoller@gitlab.com> | 2019-06-25 13:19:30 +0200 |
commit | db132bae1d0098dce835844bfa667c5377510d3c (patch) | |
tree | 0b690d78e0251ab6010e76aea7960a2f815b8935 /spec/controllers/concerns | |
parent | 8fd2c08472afc3846ba28f97994a57143bc76eaf (diff) | |
download | gitlab-ce-db132bae1d0098dce835844bfa667c5377510d3c.tar.gz |
Support redirect paths starting with a dash51952-forking-via-webide
We use a leading dash for certain things like the WebIDE, which
had the side effect of losing the `params[:continue][:to]` param when
opening the WebIDE on a project where the user doesn't have push access
and therefore needs to fork the project first.
Diffstat (limited to 'spec/controllers/concerns')
-rw-r--r-- | spec/controllers/concerns/internal_redirect_spec.rb | 77 |
1 files changed, 54 insertions, 23 deletions
diff --git a/spec/controllers/concerns/internal_redirect_spec.rb b/spec/controllers/concerns/internal_redirect_spec.rb index 97119438ca1..da68c8c8697 100644 --- a/spec/controllers/concerns/internal_redirect_spec.rb +++ b/spec/controllers/concerns/internal_redirect_spec.rb @@ -15,44 +15,71 @@ describe InternalRedirect do subject(:controller) { controller_class.new } describe '#safe_redirect_path' do - it 'is `nil` for invalid uris' do - expect(controller.safe_redirect_path('Hello world')).to be_nil + where(:input) do + [ + 'Hello world', + '//example.com/hello/world', + 'https://example.com/hello/world' + ] end - it 'is `nil` for paths trying to include a host' do - expect(controller.safe_redirect_path('//example.com/hello/world')).to be_nil + with_them 'being invalid' do + it 'returns nil' do + expect(controller.safe_redirect_path(input)).to be_nil + end end - it 'returns the path if it is valid' do - expect(controller.safe_redirect_path('/hello/world')).to eq('/hello/world') + where(:input) do + [ + '/hello/world', + '/-/ide/project/path' + ] end - it 'returns the path with querystring if it is valid' do - expect(controller.safe_redirect_path('/hello/world?hello=world#L123')) - .to eq('/hello/world?hello=world#L123') + with_them 'being valid' do + it 'returns the path' do + expect(controller.safe_redirect_path(input)).to eq(input) + end + + it 'returns the path with querystring and fragment' do + expect(controller.safe_redirect_path("#{input}?hello=world#L123")) + .to eq("#{input}?hello=world#L123") + end end end describe '#safe_redirect_path_for_url' do - it 'is `nil` for invalid urls' do - expect(controller.safe_redirect_path_for_url('Hello world')).to be_nil + where(:input) do + [ + 'Hello world', + 'http://example.com/hello/world', + 'http://test.host:3000/hello/world' + ] end - it 'is `nil` for urls from a with a different host' do - expect(controller.safe_redirect_path_for_url('http://example.com/hello/world')).to be_nil + with_them 'being invalid' do + it 'returns nil' do + expect(controller.safe_redirect_path_for_url(input)).to be_nil + end end - it 'is `nil` for urls from a with a different port' do - expect(controller.safe_redirect_path_for_url('http://test.host:3000/hello/world')).to be_nil + where(:input) do + [ + 'http://test.host/hello/world' + ] end - it 'returns the path if the url is on the same host' do - expect(controller.safe_redirect_path_for_url('http://test.host/hello/world')).to eq('/hello/world') - end + with_them 'being on the same host' do + let(:path) { URI(input).path } - it 'returns the path including querystring if the url is on the same host' do - expect(controller.safe_redirect_path_for_url('http://test.host/hello/world?hello=world#L123')) - .to eq('/hello/world?hello=world#L123') + it 'returns the path' do + expect(controller.safe_redirect_path_for_url(input)).to eq(path) + end + + it 'returns the path with querystring and fragment' do + expect(controller.safe_redirect_path_for_url("#{input}?hello=world#L123")) + .to eq("#{path}?hello=world#L123") + end end end @@ -82,12 +109,16 @@ describe InternalRedirect do end describe '#host_allowed?' do - it 'allows uris with the same host and port' do + it 'allows URI with the same host and port' do expect(controller.host_allowed?(URI('http://test.host/test'))).to be(true) end - it 'rejects uris with other host and port' do + it 'rejects URI with other host' do expect(controller.host_allowed?(URI('http://example.com/test'))).to be(false) end + + it 'rejects URI with other port' do + expect(controller.host_allowed?(URI('http://test.host:3000/test'))).to be(false) + end end end |