diff options
author | Mayra Cabrera <mcabrera@gitlab.com> | 2018-07-23 09:23:08 +0000 |
---|---|---|
committer | Grzegorz Bizon <grzegorz@gitlab.com> | 2018-07-23 09:23:08 +0000 |
commit | f2c46672cae763bb213e8aa14253e5eea48c1064 (patch) | |
tree | 708ab3375268f826b01adb2ae79e590bcb9aabd1 /spec | |
parent | d1f890e9e4c759b1b43b888c07127a05e38f53e5 (diff) | |
download | gitlab-ce-f2c46672cae763bb213e8aa14253e5eea48c1064.tar.gz |
Resolve "Deploy Tokens failed to clone LFS repository"
Diffstat (limited to 'spec')
-rw-r--r-- | spec/models/deploy_token_spec.rb | 9 | ||||
-rw-r--r-- | spec/requests/lfs_http_spec.rb | 38 |
2 files changed, 46 insertions, 1 deletions
diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb index f8d51a95833..cd84a684fec 100644 --- a/spec/models/deploy_token_spec.rb +++ b/spec/models/deploy_token_spec.rb @@ -62,11 +62,18 @@ describe DeployToken do end end - context "when it hasn't been revoked" do + context "when it hasn't been revoked and is not expired" do it 'should return true' do expect(deploy_token.active?).to be_truthy end end + + context "when it hasn't been revoked and is expired" do + it 'should return true' do + deploy_token.update_attribute(:expires_at, Date.today - 5.days) + expect(deploy_token.active?).to be_falsy + end + end end describe '#username' do diff --git a/spec/requests/lfs_http_spec.rb b/spec/requests/lfs_http_spec.rb index de39abdb746..c2378646f89 100644 --- a/spec/requests/lfs_http_spec.rb +++ b/spec/requests/lfs_http_spec.rb @@ -575,6 +575,40 @@ describe 'Git LFS API and storage' do end end + context 'when using Deploy Tokens' do + let(:project) { create(:project, :repository) } + let(:authorization) { authorize_deploy_token } + let(:update_user_permissions) { nil } + let(:role) { nil } + let(:update_lfs_permissions) do + project.lfs_objects << lfs_object + end + + context 'when Deploy Token is valid' do + let(:deploy_token) { create(:deploy_token, projects: [project]) } + + it_behaves_like 'an authorized requests' + end + + context 'when Deploy Token is not valid' do + let(:deploy_token) { create(:deploy_token, projects: [project], read_repository: false) } + + it 'responds with access denied' do + expect(response).to have_gitlab_http_status(401) + end + end + + context 'when Deploy Token is not related to the project' do + let(:another_project) { create(:project, :repository) } + let(:deploy_token) { create(:deploy_token, projects: [another_project]) } + + it 'responds with access forbidden' do + # We render 404, to prevent data leakage about existence of the project + expect(response).to have_gitlab_http_status(404) + end + end + end + context 'when build is authorized as' do let(:authorization) { authorize_ci_project } @@ -1381,6 +1415,10 @@ describe 'Git LFS API and storage' do ActionController::HttpAuthentication::Basic.encode_credentials(user.username, Gitlab::LfsToken.new(user).token) end + def authorize_deploy_token + ActionController::HttpAuthentication::Basic.encode_credentials(deploy_token.username, deploy_token.token) + end + def post_lfs_json(url, body = nil, headers = nil) post(url, body.try(:to_json), (headers || {}).merge('Content-Type' => LfsRequest::CONTENT_TYPE)) end |