Merge remote-tracking branch 'upstream/master' into 42572-release-controller

* upstream/master: (889 commits) SlackService - respect `notify_only_default_branch` for push events Clarify usage ping wording in admin area Update incoming emails documents Allow to include also descendant group labels Update docs on grouping CI jobs Support additional LabelsFinder parameters for group labels Extend Cluster Applications to install GitLab Runner to Kubernetes cluster Remove registry list webpack entry point Remove trailing newline that was causing an EE conflict Small fixes in Vuex docs Remove u2f webpack bundle Update documentation WRT to request parameters remove common_vue CommonsChunk config Fetch commit signatures from Gitaly in batches migrate stl_viewer to dynamic import migrate sketch_viewer to dynamic import migrate pdf_viewer to dynamic import migrate notebook_viewer to dynamic import migrate balsamiq_viewer to dynamic import Add some strings that were missing in gitlab.pot ...
author: Lin Jen-Shin <godfat@godfat.org> 2018-03-03 00:10:21 +0800
committer: Lin Jen-Shin <godfat@godfat.org> 2018-03-03 00:10:21 +0800
commit: 6c5a7d5305e257244168799df0420359d0ad7b57 (patch)
tree: 197f0293855b02cccfb97e3f319594530b285344 /spec/lib/gitlab/middleware
parent: 461ecbcf07f0785b5ea50c62b114bf8217ac5199 (diff)
parent: 9b704ef327cc0224bf09c1e8d8d27df88ab13734 (diff)
download: gitlab-ce-6c5a7d5305e257244168799df0420359d0ad7b57.tar.gz
2 files changed, 82 insertions, 19 deletions
diff --git a/spec/lib/gitlab/middleware/go_spec.rb b/spec/lib/gitlab/middleware/go_spec.rb
index 60a134be939..b24c9882c0c 100644
--- a/spec/lib/gitlab/middleware/go_spec.rb
+++ b/spec/lib/gitlab/middleware/go_spec.rb
@@ -3,19 +3,30 @@ require 'spec_helper'
 describe Gitlab::Middleware::Go do
   let(:app) { double(:app) }
   let(:middleware) { described_class.new(app) }
+  let(:env) do
+    {
+      'rack.input' => '',
+      'REQUEST_METHOD' => 'GET'
+    }
+  end
 
   describe '#call' do
     describe 'when go-get=0' do
+      before do
+        env['QUERY_STRING'] = 'go-get=0'
+      end
+
       it 'skips go-import generation' do
-        env = { 'rack.input' => '',
-                'QUERY_STRING' => 'go-get=0' }
         expect(app).to receive(:call).with(env).and_return('no-go')
         middleware.call(env)
       end
     end
 
     describe 'when go-get=1' do
-      let(:current_user) { nil }
+      before do
+        env['QUERY_STRING'] = 'go-get=1'
+        env['PATH_INFO'] = "/#{path}"
+      end
 
       shared_examples 'go-get=1' do |enabled_protocol:|
         context 'with simple 2-segment project path' do
@@ -54,21 +65,75 @@ describe Gitlab::Middleware::Go do
                 project.update_attribute(:visibility_level, Project::PRIVATE)
               end
 
-              context 'with access to the project' do
+              shared_examples 'unauthorized' do
+                it 'returns the 2-segment group path' do
+                  expect_response_with_path(go, enabled_protocol, group.full_path)
+                end
+              end
+
+              context 'when not authenticated' do
+                it_behaves_like 'unauthorized'
+              end
+
+              context 'when authenticated' do
                 let(:current_user) { project.creator }
 
                 before do
                   project.team.add_master(current_user)
                 end
 
-                it 'returns the full project path' do
-                  expect_response_with_path(go, enabled_protocol, project.full_path)
+                shared_examples 'authenticated' do
+                  context 'with access to the project' do
+                    it 'returns the full project path' do
+                      expect_response_with_path(go, enabled_protocol, project.full_path)
+                    end
+                  end
+
+                  context 'without access to the project' do
+                    before do
+                      project.team.find_member(current_user).destroy
+                    end
+
+                    it_behaves_like 'unauthorized'
+                  end
                 end
-              end
 
-              context 'without access to the project' do
-                it 'returns the 2-segment group path' do
-                  expect_response_with_path(go, enabled_protocol, group.full_path)
+                context 'using warden' do
+                  before do
+                    env['warden'] = double(authenticate: current_user)
+                  end
+
+                  context 'when active' do
+                    it_behaves_like 'authenticated'
+                  end
+
+                  context 'when blocked' do
+                    before do
+                      current_user.block!
+                    end
+
+                    it_behaves_like 'unauthorized'
+                  end
+                end
+
+                context 'using a personal access token' do
+                  let(:personal_access_token) { create(:personal_access_token, user: current_user) }
+
+                  before do
+                    env['HTTP_PRIVATE_TOKEN'] = personal_access_token.token
+                  end
+
+                  context 'with api scope' do
+                    it_behaves_like 'authenticated'
+                  end
+
+                  context 'with read_user scope' do
+                    before do
+                      personal_access_token.update_attribute(:scopes, [:read_user])
+                    end
+
+                    it_behaves_like 'unauthorized'
+                  end
                 end
               end
             end
@@ -138,12 +203,6 @@ describe Gitlab::Middleware::Go do
     end
 
     def go
-      env = {
-        'rack.input' => '',
-        'QUERY_STRING' => 'go-get=1',
-        'PATH_INFO' => "/#{path}",
-        'warden' => double(authenticate: current_user)
-      }
       middleware.call(env)
     end
 
diff --git a/spec/lib/gitlab/middleware/multipart_spec.rb b/spec/lib/gitlab/middleware/multipart_spec.rb
index 8d925460f01..a2ba91dae80 100644
--- a/spec/lib/gitlab/middleware/multipart_spec.rb
+++ b/spec/lib/gitlab/middleware/multipart_spec.rb
@@ -5,15 +5,17 @@ require 'tempfile'
 describe Gitlab::Middleware::Multipart do
   let(:app) { double(:app) }
   let(:middleware) { described_class.new(app) }
+  let(:original_filename) { 'filename' }
 
   it 'opens top-level files' do
     Tempfile.open('top-level') do |tempfile|
-      env = post_env({ 'file' => tempfile.path }, { 'file.name' => 'filename' }, Gitlab::Workhorse.secret, 'gitlab-workhorse')
+      env = post_env({ 'file' => tempfile.path }, { 'file.name' => original_filename }, Gitlab::Workhorse.secret, 'gitlab-workhorse')
 
       expect(app).to receive(:call) do |env|
         file = Rack::Request.new(env).params['file']
         expect(file).to be_a(::UploadedFile)
         expect(file.path).to eq(tempfile.path)
+        expect(file.original_filename).to eq(original_filename)
       end
 
       middleware.call(env)
@@ -34,13 +36,14 @@ describe Gitlab::Middleware::Multipart do
 
   it 'opens files one level deep' do
     Tempfile.open('one-level') do |tempfile|
-      in_params = { 'user' => { 'avatar' => { '.name' => 'filename' } } }
+      in_params = { 'user' => { 'avatar' => { '.name' => original_filename } } }
       env = post_env({ 'user[avatar]' => tempfile.path }, in_params, Gitlab::Workhorse.secret, 'gitlab-workhorse')
 
       expect(app).to receive(:call) do |env|
         file = Rack::Request.new(env).params['user']['avatar']
         expect(file).to be_a(::UploadedFile)
         expect(file.path).to eq(tempfile.path)
+        expect(file.original_filename).to eq(original_filename)
       end
 
       middleware.call(env)
@@ -49,13 +52,14 @@ describe Gitlab::Middleware::Multipart do
 
   it 'opens files two levels deep' do
     Tempfile.open('two-levels') do |tempfile|
-      in_params = { 'project' => { 'milestone' => { 'themesong' => { '.name' => 'filename' } } } }
+      in_params = { 'project' => { 'milestone' => { 'themesong' => { '.name' => original_filename } } } }
       env = post_env({ 'project[milestone][themesong]' => tempfile.path }, in_params, Gitlab::Workhorse.secret, 'gitlab-workhorse')
 
       expect(app).to receive(:call) do |env|
         file = Rack::Request.new(env).params['project']['milestone']['themesong']
         expect(file).to be_a(::UploadedFile)
         expect(file.path).to eq(tempfile.path)
+        expect(file.original_filename).to eq(original_filename)
       end
 
       middleware.call(env)
author	Lin Jen-Shin <godfat@godfat.org>	2018-03-03 00:10:21 +0800
committer	Lin Jen-Shin <godfat@godfat.org>	2018-03-03 00:10:21 +0800
commit	6c5a7d5305e257244168799df0420359d0ad7b57 (patch)
tree	197f0293855b02cccfb97e3f319594530b285344 /spec/lib/gitlab/middleware
parent	461ecbcf07f0785b5ea50c62b114bf8217ac5199 (diff)
parent	9b704ef327cc0224bf09c1e8d8d27df88ab13734 (diff)
download	gitlab-ce-6c5a7d5305e257244168799df0420359d0ad7b57.tar.gz