diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-20 18:42:06 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-20 18:42:06 +0000 |
commit | 6e4e1050d9dba2b7b2523fdd1768823ab85feef4 (patch) | |
tree | 78be5963ec075d80116a932011d695dd33910b4e /spec/requests/lfs_http_spec.rb | |
parent | 1ce776de4ae122aba3f349c02c17cebeaa8ecf07 (diff) | |
download | gitlab-ce-6e4e1050d9dba2b7b2523fdd1768823ab85feef4.tar.gz |
Add latest changes from gitlab-org/gitlab@13-3-stable-ee
Diffstat (limited to 'spec/requests/lfs_http_spec.rb')
-rw-r--r-- | spec/requests/lfs_http_spec.rb | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/spec/requests/lfs_http_spec.rb b/spec/requests/lfs_http_spec.rb index 082857ab738..fd4261fb50d 100644 --- a/spec/requests/lfs_http_spec.rb +++ b/spec/requests/lfs_http_spec.rb @@ -17,6 +17,8 @@ RSpec.describe 'Git LFS API and storage' do 'X-Sendfile-Type' => sendfile }.compact end + + let(:include_workhorse_jwt_header) { true } let(:authorization) { } let(:sendfile) { } let(:pipeline) { create(:ci_empty_pipeline, project: project) } @@ -1076,14 +1078,24 @@ RSpec.describe 'Git LFS API and storage' do end end - context 'invalid tempfiles' do + context 'without the lfs object' do before do lfs_object.destroy end it 'rejects slashes in the tempfile name (path traversal)' do put_finalize('../bar', with_tempfile: true) - expect(response).to have_gitlab_http_status(:forbidden) + expect(response).to have_gitlab_http_status(:bad_request) + end + + context 'not sending the workhorse jwt header' do + let(:include_workhorse_jwt_header) { false } + + it 'rejects the request' do + put_finalize(with_tempfile: true) + + expect(response).to have_gitlab_http_status(:unprocessable_entity) + end end end end @@ -1309,7 +1321,8 @@ RSpec.describe 'Git LFS API and storage' do method: :put, file_key: :file, params: args.merge(file: uploaded_file), - headers: finalize_headers + headers: finalize_headers, + send_rewritten_field: include_workhorse_jwt_header ) end |