Add latest changes from gitlab-org/gitlab@13-1-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-06-18 11:18:50 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-06-18 11:18:50 +0000
commit: 8c7f4e9d5f36cff46365a7f8c4b9c21578c1e781 (patch)
tree: a77e7fe7a93de11213032ed4ab1f33a3db51b738 /spec/requests/api/admin
parent: 00b35af3db1abfe813a778f643dad221aad51fca (diff)
download: gitlab-ce-8c7f4e9d5f36cff46365a7f8c4b9c21578c1e781.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/spec/requests/api/admin/ci/variables_spec.rb b/spec/requests/api/admin/ci/variables_spec.rb
index bc2f0ba50a2..185fde17e1b 100644
--- a/spec/requests/api/admin/ci/variables_spec.rb
+++ b/spec/requests/api/admin/ci/variables_spec.rb
@@ -109,6 +109,22 @@ describe ::API::Admin::Ci::Variables do
 
         expect(response).to have_gitlab_http_status(:bad_request)
       end
+
+      it 'does not allow values above 700 characters' do
+        too_long_message = <<~MESSAGE.strip
+          The encrypted value of the provided variable exceeds 1024 bytes. \
+          Variables over 700 characters risk exceeding the limit.
+        MESSAGE
+
+        expect do
+          post api('/admin/ci/variables', admin),
+            params: { key: 'too_long', value: SecureRandom.hex(701) }
+        end.not_to change { ::Ci::InstanceVariable.count }
+
+        expect(response).to have_gitlab_http_status(:bad_request)
+        expect(json_response).to match('message' =>
+          a_hash_including('encrypted_value' => [too_long_message]))
+      end
     end
 
     context 'authorized user with invalid permissions' do
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-06-18 11:18:50 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-06-18 11:18:50 +0000
commit	8c7f4e9d5f36cff46365a7f8c4b9c21578c1e781 (patch)
tree	a77e7fe7a93de11213032ed4ab1f33a3db51b738 /spec/requests/api/admin
parent	00b35af3db1abfe813a778f643dad221aad51fca (diff)
download	gitlab-ce-8c7f4e9d5f36cff46365a7f8c4b9c21578c1e781.tar.gz