diff options
author | Igor Drozdov <idrozdov@gitlab.com> | 2019-10-25 11:06:04 +0300 |
---|---|---|
committer | Igor Drozdov <idrozdov@gitlab.com> | 2019-10-25 11:06:04 +0300 |
commit | f6bb5a96149260e643c3814031b1499a815df2d0 (patch) | |
tree | c59b98c6f5bbcc97b31b883d83b9939628d9f705 /spec/controllers/concerns | |
parent | c4edbefa458319a81e238f8f034d19f6ea6292ca (diff) | |
download | gitlab-ce-f6bb5a96149260e643c3814031b1499a815df2d0.tar.gz |
Return 404 on LFS request if project doesn't exist
Diffstat (limited to 'spec/controllers/concerns')
-rw-r--r-- | spec/controllers/concerns/lfs_request_spec.rb | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/spec/controllers/concerns/lfs_request_spec.rb b/spec/controllers/concerns/lfs_request_spec.rb index cb8c0b8f71c..823b9a50434 100644 --- a/spec/controllers/concerns/lfs_request_spec.rb +++ b/spec/controllers/concerns/lfs_request_spec.rb @@ -16,13 +16,17 @@ describe LfsRequest do end def project - @project ||= Project.find(params[:id]) + @project ||= Project.find_by(id: params[:id]) end def download_request? true end + def upload_request? + false + end + def ci? false end @@ -49,4 +53,41 @@ describe LfsRequest do expect(assigns(:storage_project)).to eq(project) end end + + context 'user is authenticated without access to lfs' do + before do + allow(controller).to receive(:authenticate_user) + allow(controller).to receive(:authentication_result) do + Gitlab::Auth::Result.new + end + end + + context 'with access to the project' do + it 'returns 403' do + get :show, params: { id: project.id } + + expect(response.status).to eq(403) + end + end + + context 'without access to the project' do + context 'project does not exist' do + it 'returns 404' do + get :show, params: { id: 'does not exist' } + + expect(response.status).to eq(404) + end + end + + context 'project is private' do + let(:project) { create(:project, :private) } + + it 'returns 404' do + get :show, params: { id: project.id } + + expect(response.status).to eq(404) + end + end + end + end end |