diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-18 13:16:36 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-18 13:16:36 +0000 |
commit | 311b0269b4eb9839fa63f80c8d7a58f32b8138a0 (patch) | |
tree | 07e7870bca8aed6d61fdcc810731c50d2c40af47 /spec/lib/gitlab/middleware | |
parent | 27909cef6c4170ed9205afa7426b8d3de47cbb0c (diff) | |
download | gitlab-ce-311b0269b4eb9839fa63f80c8d7a58f32b8138a0.tar.gz |
Add latest changes from gitlab-org/gitlab@14-5-stable-eev14.5.0-rc42
Diffstat (limited to 'spec/lib/gitlab/middleware')
-rw-r--r-- | spec/lib/gitlab/middleware/compressed_json_spec.rb | 75 | ||||
-rw-r--r-- | spec/lib/gitlab/middleware/go_spec.rb | 16 | ||||
-rw-r--r-- | spec/lib/gitlab/middleware/query_analyzer_spec.rb | 61 |
3 files changed, 152 insertions, 0 deletions
diff --git a/spec/lib/gitlab/middleware/compressed_json_spec.rb b/spec/lib/gitlab/middleware/compressed_json_spec.rb new file mode 100644 index 00000000000..c5efc568971 --- /dev/null +++ b/spec/lib/gitlab/middleware/compressed_json_spec.rb @@ -0,0 +1,75 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Middleware::CompressedJson do + let_it_be(:decompressed_input) { '{"foo": "bar"}' } + let_it_be(:input) { ActiveSupport::Gzip.compress(decompressed_input) } + + let(:app) { double(:app) } + let(:middleware) { described_class.new(app) } + let(:env) do + { + 'HTTP_CONTENT_ENCODING' => 'gzip', + 'REQUEST_METHOD' => 'POST', + 'CONTENT_TYPE' => 'application/json', + 'PATH_INFO' => path, + 'rack.input' => StringIO.new(input) + } + end + + shared_examples 'decompress middleware' do + it 'replaces input with a decompressed content' do + expect(app).to receive(:call) + + middleware.call(env) + + expect(env['rack.input'].read).to eq(decompressed_input) + expect(env['CONTENT_LENGTH']).to eq(decompressed_input.length) + expect(env['HTTP_CONTENT_ENCODING']).to be_nil + end + end + + describe '#call' do + context 'with collector route' do + let(:path) { '/api/v4/error_tracking/collector/1/store'} + + it_behaves_like 'decompress middleware' + end + + context 'with collector route under relative url' do + let(:path) { '/gitlab/api/v4/error_tracking/collector/1/store'} + + before do + stub_config_setting(relative_url_root: '/gitlab') + end + + it_behaves_like 'decompress middleware' + end + + context 'with some other route' do + let(:path) { '/api/projects/123' } + + it 'keeps the original input' do + expect(app).to receive(:call) + + middleware.call(env) + + expect(env['rack.input'].read).to eq(input) + expect(env['HTTP_CONTENT_ENCODING']).to eq('gzip') + end + end + + context 'payload is too large' do + let(:body_limit) { Gitlab::Middleware::CompressedJson::MAXIMUM_BODY_SIZE } + let(:decompressed_input) { 'a' * (body_limit + 100) } + let(:input) { ActiveSupport::Gzip.compress(decompressed_input) } + let(:path) { '/api/v4/error_tracking/collector/1/envelope'} + + it 'reads only limited size' do + expect(middleware.call(env)) + .to eq([413, { 'Content-Type' => 'text/plain' }, ['Payload Too Large']]) + end + end + end +end diff --git a/spec/lib/gitlab/middleware/go_spec.rb b/spec/lib/gitlab/middleware/go_spec.rb index 0ce95fdb5af..1ef548ab29b 100644 --- a/spec/lib/gitlab/middleware/go_spec.rb +++ b/spec/lib/gitlab/middleware/go_spec.rb @@ -147,6 +147,22 @@ RSpec.describe Gitlab::Middleware::Go do end end end + + context 'when a personal access token is missing' do + before do + env['REMOTE_ADDR'] = '192.168.0.1' + env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(current_user.username, 'dummy_password') + end + + it 'returns unauthorized' do + expect(Gitlab::Auth).to receive(:find_for_git_client).and_raise(Gitlab::Auth::MissingPersonalAccessTokenError) + response = go + + expect(response[0]).to eq(401) + expect(response[1]['Content-Length']).to be_nil + expect(response[2]).to eq(['']) + end + end end end end diff --git a/spec/lib/gitlab/middleware/query_analyzer_spec.rb b/spec/lib/gitlab/middleware/query_analyzer_spec.rb new file mode 100644 index 00000000000..5ebe6a92da6 --- /dev/null +++ b/spec/lib/gitlab/middleware/query_analyzer_spec.rb @@ -0,0 +1,61 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Middleware::QueryAnalyzer, query_analyzers: false do + describe 'the PreventCrossDatabaseModification' do + describe '#call' do + let(:app) { double(:app) } + let(:middleware) { described_class.new(app) } + let(:env) { {} } + + subject { middleware.call(env) } + + context 'when there is a cross modification' do + before do + allow(app).to receive(:call) do + Project.transaction do + Project.where(id: -1).update_all(id: -1) + ::Ci::Pipeline.where(id: -1).update_all(id: -1) + end + end + end + + it 'detects cross modifications and tracks exception' do + expect(::Gitlab::ErrorTracking).to receive(:track_and_raise_for_dev_exception) + + expect { subject }.not_to raise_error + end + + context 'when the detect_cross_database_modification is disabled' do + before do + stub_feature_flags(detect_cross_database_modification: false) + end + + it 'does not detect cross modifications' do + expect(::Gitlab::ErrorTracking).not_to receive(:track_and_raise_for_dev_exception) + + subject + end + end + end + + context 'when there is no cross modification' do + before do + allow(app).to receive(:call) do + Project.transaction do + Project.where(id: -1).update_all(id: -1) + Namespace.where(id: -1).update_all(id: -1) + end + end + end + + it 'does not log anything' do + expect(::Gitlab::ErrorTracking).not_to receive(:track_and_raise_for_dev_exception) + + subject + end + end + end + end +end |