diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-07 18:06:21 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-07 18:06:21 +0000 |
| commit | d8ccc7a00b7a1ea954263170a2044257424a2cfe (patch) | |
| tree | 0a29cb558aae61795da47c82ce7e87983c5dc4af /spec/requests | |
| parent | 90a06a20be61bb6d48d77746091492831153e075 (diff) | |
| download | gitlab-ce-d8ccc7a00b7a1ea954263170a2044257424a2cfe.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/requests')
| -rw-r--r-- | spec/requests/projects/blob_controller_spec.rb | 44 | ||||
| -rw-r--r-- | spec/requests/user_avatar_spec.rb | 36 |
2 files changed, 80 insertions, 0 deletions
diff --git a/spec/requests/projects/blob_controller_spec.rb b/spec/requests/projects/blob_controller_spec.rb new file mode 100644 index 00000000000..b3321375ccc --- /dev/null +++ b/spec/requests/projects/blob_controller_spec.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Projects::BlobController do + let(:project) { create(:project, :private, :repository) } + let(:namespace) { project.namespace } + + context 'anonymous user views blob in inaccessible project' do + context 'with default HTML format' do + before do + get namespace_project_blob_path(namespace_id: namespace, project_id: project, id: 'master/README.md') + end + + context 'when project is private' do + it { expect(response).to have_gitlab_http_status(:redirect) } + end + + context 'when project does not exist' do + let(:namespace) { 'non_existent_namespace' } + let(:project) { 'non_existent_project' } + + it { expect(response).to have_gitlab_http_status(:redirect) } + end + end + + context 'with JSON format' do + before do + get namespace_project_blob_path(namespace_id: namespace, project_id: project, id: 'master/README.md', format: :json) + end + + context 'when project is private' do + it { expect(response).to have_gitlab_http_status(:unauthorized) } + end + + context 'when project does not exist' do + let(:namespace) { 'non_existent_namespace' } + let(:project) { 'non_existent_project' } + + it { expect(response).to have_gitlab_http_status(:unauthorized) } + end + end + end +end diff --git a/spec/requests/user_avatar_spec.rb b/spec/requests/user_avatar_spec.rb new file mode 100644 index 00000000000..9451674161c --- /dev/null +++ b/spec/requests/user_avatar_spec.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'Loading a user avatar' do + let(:user) { create(:user, :with_avatar) } + + context 'when logged in' do + # The exact query count will vary depending on the 2FA settings of the + # instance, group, and user. Removing those extra 2FA queries in this case + # may not be a good idea, so we just set up the ideal case. + before do + stub_application_setting(require_two_factor_authentication: true) + + login_as(create(:user, :two_factor)) + end + + # One each for: current user, avatar user, and upload record + it 'only performs three SQL queries' do + get user.avatar_url # Skip queries on first application load + + expect(response).to have_gitlab_http_status(200) + expect { get user.avatar_url }.not_to exceed_query_limit(3) + end + end + + context 'when logged out' do + # One each for avatar user and upload record + it 'only performs two SQL queries' do + get user.avatar_url # Skip queries on first application load + + expect(response).to have_gitlab_http_status(200) + expect { get user.avatar_url }.not_to exceed_query_limit(2) + end + end +end |