diff options
author | Stan Hu <stanhu@gmail.com> | 2015-08-07 00:06:20 -0700 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2015-08-23 09:23:44 -0700 |
commit | ed1d4fa477789659f9343593bf06d50e70750561 (patch) | |
tree | c7d208bd6be17632a314eb090456f1a30f42f13b /spec/controllers/import/bitbucket_controller_spec.rb | |
parent | 97cc91d21d28a6482dc6ab040db31598a786f56c (diff) | |
download | gitlab-ce-ed1d4fa477789659f9343593bf06d50e70750561.tar.gz |
Remove user OAuth tokens stored in database for Bitbucket, GitHub, and GitLab
and request them each session. Pass these tokens to the project import data.
This prevents the need to encrypt these tokens and clear them in case they
expire or get revoked.
For example, if you deleted and re-created OAuth2 keys for Bitbucket, you would get
an Error 500 with no way to recover:
```
Started GET "/import/bitbucket/status" for x.x.x.x at 2015-08-07 05:24:10 +0000
Processing by Import::BitbucketController#status as HTML
Completed 500 Internal Server Error in 607ms (ActiveRecord: 2.3ms)
NameError (uninitialized constant Import::BitbucketController::Unauthorized):
app/controllers/import/bitbucket_controller.rb:77:in `rescue in go_to_bitbucket_for_permissions'
app/controllers/import/bitbucket_controller.rb:74:in `go_to_bitbucket_for_permissions'
app/controllers/import/bitbucket_controller.rb:86:in `bitbucket_unauthorized'
```
Closes #1871
Diffstat (limited to 'spec/controllers/import/bitbucket_controller_spec.rb')
-rw-r--r-- | spec/controllers/import/bitbucket_controller_spec.rb | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/spec/controllers/import/bitbucket_controller_spec.rb b/spec/controllers/import/bitbucket_controller_spec.rb index 89e595121a7..81c03c9059b 100644 --- a/spec/controllers/import/bitbucket_controller_spec.rb +++ b/spec/controllers/import/bitbucket_controller_spec.rb @@ -4,7 +4,15 @@ require_relative 'import_spec_helper' describe Import::BitbucketController do include ImportSpecHelper - let(:user) { create(:user, bitbucket_access_token: 'asd123', bitbucket_access_token_secret: "sekret") } + let(:user) { create(:user) } + let(:token) { "asdasd12345" } + let(:secret) { "sekrettt" } + let(:access_params) { { bitbucket_access_token: token, bitbucket_access_token_secret: secret } } + + def assign_session_tokens + session[:bitbucket_access_token] = token + session[:bitbucket_access_token_secret] = secret + end before do sign_in(user) @@ -17,8 +25,6 @@ describe Import::BitbucketController do end it "updates access token" do - token = "asdasd12345" - secret = "sekrettt" access_token = double(token: token, secret: secret) allow_any_instance_of(Gitlab::BitbucketImport::Client). to receive(:get_token).and_return(access_token) @@ -26,8 +32,8 @@ describe Import::BitbucketController do get :callback - expect(user.reload.bitbucket_access_token).to eq(token) - expect(user.reload.bitbucket_access_token_secret).to eq(secret) + expect(session[:bitbucket_access_token]).to eq(token) + expect(session[:bitbucket_access_token_secret]).to eq(secret) expect(controller).to redirect_to(status_import_bitbucket_url) end end @@ -35,6 +41,7 @@ describe Import::BitbucketController do describe "GET status" do before do @repo = OpenStruct.new(slug: 'vim', owner: 'asd') + assign_session_tokens end it "assigns variables" do @@ -73,17 +80,18 @@ describe Import::BitbucketController do before do allow(Gitlab::BitbucketImport::KeyAdder). - to receive(:new).with(bitbucket_repo, user). + to receive(:new).with(bitbucket_repo, user, access_params). and_return(double(execute: true)) stub_client(user: bitbucket_user, project: bitbucket_repo) + assign_session_tokens end context "when the repository owner is the Bitbucket user" do context "when the Bitbucket user and GitLab user's usernames match" do it "takes the current user's namespace" do expect(Gitlab::BitbucketImport::ProjectCreator). - to receive(:new).with(bitbucket_repo, user.namespace, user). + to receive(:new).with(bitbucket_repo, user.namespace, user, access_params). and_return(double(execute: true)) post :create, format: :js @@ -95,7 +103,7 @@ describe Import::BitbucketController do it "takes the current user's namespace" do expect(Gitlab::BitbucketImport::ProjectCreator). - to receive(:new).with(bitbucket_repo, user.namespace, user). + to receive(:new).with(bitbucket_repo, user.namespace, user, access_params). and_return(double(execute: true)) post :create, format: :js @@ -116,7 +124,7 @@ describe Import::BitbucketController do context "when the namespace is owned by the GitLab user" do it "takes the existing namespace" do expect(Gitlab::BitbucketImport::ProjectCreator). - to receive(:new).with(bitbucket_repo, existing_namespace, user). + to receive(:new).with(bitbucket_repo, existing_namespace, user, access_params). and_return(double(execute: true)) post :create, format: :js @@ -150,7 +158,7 @@ describe Import::BitbucketController do it "takes the new namespace" do expect(Gitlab::BitbucketImport::ProjectCreator). - to receive(:new).with(bitbucket_repo, an_instance_of(Group), user). + to receive(:new).with(bitbucket_repo, an_instance_of(Group), user, access_params). and_return(double(execute: true)) post :create, format: :js |