diff options
author | Marin Jankovski <marin@gitlab.com> | 2019-07-02 06:18:03 +0000 |
---|---|---|
committer | Marin Jankovski <marin@gitlab.com> | 2019-07-02 06:18:03 +0000 |
commit | 3e1c60194800c3a58805dcd72739c91836791a8f (patch) | |
tree | 77085ac16b8e6a9bf2187adc594cd1a3ffc4e462 /spec/routing | |
parent | efaf6f4bcc8a1c2542bf51f8bd7ccabc2b90afcc (diff) | |
parent | ba377e91e1179b5b1124df1fcdda22c1b63e82a1 (diff) | |
download | gitlab-ce-3e1c60194800c3a58805dcd72739c91836791a8f.tar.gz |
Merge branch 'security-prevent-detection-of-merge-request-template-name' into 'master'
Guests can know whether merge request template name exists or not
See merge request gitlab/gitlabhq!3117
Diffstat (limited to 'spec/routing')
-rw-r--r-- | spec/routing/project_routing_spec.rb | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/spec/routing/project_routing_spec.rb b/spec/routing/project_routing_spec.rb index 83775b1040e..6dde40d1cb6 100644 --- a/spec/routing/project_routing_spec.rb +++ b/spec/routing/project_routing_spec.rb @@ -693,4 +693,24 @@ describe 'project routing' do it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/settings/repository", "/gitlab/gitlabhq/-/settings/repository" end + + describe Projects::TemplatesController, 'routing' do + describe '#show' do + def show_with_template_type(template_type) + "/gitlab/gitlabhq/templates/#{template_type}/template_name" + end + + it 'routes when :template_type is `merge_request`' do + expect(get(show_with_template_type('merge_request'))).to route_to('projects/templates#show', namespace_id: 'gitlab', project_id: 'gitlabhq', template_type: 'merge_request', key: 'template_name', format: 'json') + end + + it 'routes when :template_type is `issue`' do + expect(get(show_with_template_type('issue'))).to route_to('projects/templates#show', namespace_id: 'gitlab', project_id: 'gitlabhq', template_type: 'issue', key: 'template_name', format: 'json') + end + + it 'routes to application#route_not_found when :template_type is unknown' do + expect(get(show_with_template_type('invalid'))).to route_to('application#route_not_found', unmatched_route: 'gitlab/gitlabhq/templates/invalid/template_name') + end + end + end end |