diff options
author | Bob Van Landuyt <bob@gitlab.com> | 2018-10-04 16:28:31 +0000 |
---|---|---|
committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-10-04 18:30:16 +0200 |
commit | 380ec65894852a23a7a45e72b585263a8fbfbb8c (patch) | |
tree | c03c150a1e40a2937fc5b92d7bf33f5fef9f1315 /spec | |
parent | cd435dedf2f249e3dca5cc04e37d168725377a2e (diff) | |
download | gitlab-ce-380ec65894852a23a7a45e72b585263a8fbfbb8c.tar.gz |
Merge branch 'security-osw-user-info-leak-discussions-11-2' into 'security-11-2'
[11.2] Filter user sensitive data from discussions JSON
See merge request gitlab/gitlabhq!2538
Diffstat (limited to 'spec')
-rw-r--r-- | spec/fixtures/api/schemas/entities/note_user_entity.json | 26 | ||||
-rw-r--r-- | spec/serializers/discussion_entity_spec.rb | 7 |
2 files changed, 33 insertions, 0 deletions
diff --git a/spec/fixtures/api/schemas/entities/note_user_entity.json b/spec/fixtures/api/schemas/entities/note_user_entity.json new file mode 100644 index 00000000000..aab98981dd9 --- /dev/null +++ b/spec/fixtures/api/schemas/entities/note_user_entity.json @@ -0,0 +1,26 @@ +{ + "type": "object", + "required": [ + "id", + "state", + "avatar_url", + "path", + "name", + "username" + ], + "properties": { + "id": { "type": "integer" }, + "state": { "type": "string" }, + "avatar_url": { "type": "string" }, + "path": { "type": "string" }, + "name": { "type": "string" }, + "username": { "type": "string" }, + "status_tooltip_html": { + "oneOf": [ + { "type": "null" }, + { "type": "string" } + ] + } + }, + "additionalProperties": false +} diff --git a/spec/serializers/discussion_entity_spec.rb b/spec/serializers/discussion_entity_spec.rb index 378540a35b6..0590304e832 100644 --- a/spec/serializers/discussion_entity_spec.rb +++ b/spec/serializers/discussion_entity_spec.rb @@ -36,6 +36,13 @@ describe DiscussionEntity do ) end + it 'resolved_by matches note_user_entity schema' do + Notes::ResolveService.new(note.project, user).execute(note) + + expect(subject[:resolved_by].with_indifferent_access) + .to match_schema('entities/note_user_entity') + end + context 'when is LegacyDiffDiscussion' do let(:project) { create(:project) } let(:merge_request) { create(:merge_request, source_project: project) } |