diff options
author | Stan Hu <stanhu@gmail.com> | 2018-12-09 21:23:15 -0800 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-12-09 21:56:31 -0800 |
commit | 384a92b7362ad75801add04292f6ef7938207fc4 (patch) | |
tree | 4560a7133fb537fff637c9455b34e5a0cccfa99e /spec | |
parent | 7cb0dd98590e8fdd7483b9f61643a0daa23c2b67 (diff) | |
download | gitlab-ce-384a92b7362ad75801add04292f6ef7938207fc4.tar.gz |
Check for valid refs in CommitController before doing anything
Before a 404 would be rendered only after a request to Gitaly would
return with an InvalidArgument error. Now we check that the ref have a
valid format before sending it to Gitaly. In both cases, a 404 is
returned to the user, but this change prevents Gitaly from generating
error noise in production.
Closes https://gitlab.com/gitlab-org/gitaly/issues/1425
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/projects/commits_controller_spec.rb | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/spec/controllers/projects/commits_controller_spec.rb b/spec/controllers/projects/commits_controller_spec.rb index 5c72dab698c..80513650636 100644 --- a/spec/controllers/projects/commits_controller_spec.rb +++ b/spec/controllers/projects/commits_controller_spec.rb @@ -53,6 +53,12 @@ describe Projects::CommitsController do it { is_expected.to respond_with(:not_found) } end + + context "branch with invalid format, valid file" do + let(:id) { 'branch with space/README.md' } + + it { is_expected.to respond_with(:not_found) } + end end context "when the ref name ends in .atom" do @@ -94,6 +100,30 @@ describe Projects::CommitsController do end end end + + describe "GET /commits/:id/signatures" do + render_views + + before do + get(:signatures, + namespace_id: project.namespace, + project_id: project, + id: id, + format: :json) + end + + context "valid branch" do + let(:id) { 'master' } + + it { is_expected.to respond_with(:success) } + end + + context "invalid branch format" do + let(:id) { 'some branch' } + + it { is_expected.to respond_with(:not_found) } + end + end end context 'token authentication' do |