diff options
Diffstat (limited to 'spec/controllers/application_controller_spec.rb')
| -rw-r--r-- | spec/controllers/application_controller_spec.rb | 281 |
1 files changed, 140 insertions, 141 deletions
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index dca74bd5f84..851c4b0144c 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -1,19 +1,18 @@ -# coding: utf-8 -require 'spec_helper' +require "spec_helper" describe ApplicationController do include TermsHelper let(:user) { create(:user) } - describe '#check_password_expiration' do + describe "#check_password_expiration" do let(:controller) { described_class.new } before do allow(controller).to receive(:session).and_return({}) end - it 'redirects if the user is over their password expiry' do + it "redirects if the user is over their password expiry" do user.password_expires_at = Time.new(2002) expect(user.ldap_user?).to be_falsey @@ -24,7 +23,7 @@ describe ApplicationController do controller.send(:check_password_expiration) end - it 'does not redirect if the user is under their password expiry' do + it "does not redirect if the user is under their password expiry" do user.password_expires_at = Time.now + 20010101 expect(user.ldap_user?).to be_falsey @@ -34,7 +33,7 @@ describe ApplicationController do controller.send(:check_password_expiration) end - it 'does not redirect if the user is over their password expiry but they are an ldap user' do + it "does not redirect if the user is over their password expiry but they are an ldap user" do user.password_expires_at = Time.new(2002) allow(user).to receive(:ldap_user?).and_return(true) @@ -44,7 +43,7 @@ describe ApplicationController do controller.send(:check_password_expiration) end - it 'does not redirect if the user is over their password expiry but password authentication is disabled for the web interface' do + it "does not redirect if the user is over their password expiry but password authentication is disabled for the web interface" do stub_application_setting(password_authentication_enabled_for_web: false) stub_application_setting(password_authentication_enabled_for_git: false) user.password_expires_at = Time.new(2002) @@ -56,7 +55,7 @@ describe ApplicationController do end end - describe '#add_gon_variables' do + describe "#add_gon_variables" do before do Gon.clear sign_in user @@ -70,74 +69,74 @@ describe ApplicationController do end end - shared_examples 'setting gon variables' do - it 'sets gon variables' do + shared_examples "setting gon variables" do + it "sets gon variables" do get :index, format: format expect(json_response.size).not_to be_zero end end - shared_examples 'not setting gon variables' do - it 'does not set gon variables' do + shared_examples "not setting gon variables" do + it "does not set gon variables" do get :index, format: format expect(json_response.size).to be_zero end end - context 'with html format' do + context "with html format" do let(:format) { :html } - it_behaves_like 'setting gon variables' + it_behaves_like "setting gon variables" - context 'for peek requests' do + context "for peek requests" do before do - request.path = '/-/peek' + request.path = "/-/peek" end - it_behaves_like 'not setting gon variables' + it_behaves_like "not setting gon variables" end end - context 'with json format' do + context "with json format" do let(:format) { :json } - it_behaves_like 'not setting gon variables' + it_behaves_like "not setting gon variables" end end - describe 'session expiration' do + describe "session expiration" do controller(described_class) do # The anonymous controller will report 401 and fail to run any actions. # Normally, GitLab will just redirect you to sign in. skip_before_action :authenticate_user!, only: :index def index - render html: 'authenticated' + render html: "authenticated" end end - context 'authenticated user' do - it 'does not set the expire_after option' do + context "authenticated user" do + it "does not set the expire_after option" do sign_in(create(:user)) get :index - expect(request.env['rack.session.options'][:expire_after]).to be_nil + expect(request.env["rack.session.options"][:expire_after]).to be_nil end end - context 'unauthenticated user' do - it 'sets the expire_after option' do + context "unauthenticated user" do + it "sets the expire_after option" do get :index - expect(request.env['rack.session.options'][:expire_after]).to eq(Settings.gitlab['unauthenticated_session_expire_delay']) + expect(request.env["rack.session.options"][:expire_after]).to eq(Settings.gitlab["unauthenticated_session_expire_delay"]) end end end - describe 'response format' do + describe "response format" do controller(described_class) do def index respond_to do |format| @@ -152,18 +151,18 @@ describe ApplicationController do sign_in user end - context 'when format is handled' do + context "when format is handled" do let(:requested_format) { :json } - it 'returns 200 response' do + it "returns 200 response" do get :index, format: requested_format expect(response).to have_gitlab_http_status 200 end end - context 'when format is not handled' do - it 'returns 404 response' do + context "when format is not handled" do + it "returns 404 response" do get :index expect(response).to have_gitlab_http_status 404 @@ -171,48 +170,48 @@ describe ApplicationController do end end - describe '#route_not_found' do - it 'renders 404 if authenticated' do + describe "#route_not_found" do + it "renders 404 if authenticated" do allow(controller).to receive(:current_user).and_return(user) expect(controller).to receive(:not_found) controller.send(:route_not_found) end - it 'does redirect to login page via authenticate_user! if not authenticated' do + it "does redirect to login page via authenticate_user! if not authenticated" do allow(controller).to receive(:current_user).and_return(nil) expect(controller).to receive(:authenticate_user!) controller.send(:route_not_found) end end - describe '#set_page_title_header' do + describe "#set_page_title_header" do let(:controller) { described_class.new } - it 'URI encodes UTF-8 characters in the title' do + it "URI encodes UTF-8 characters in the title" do response = double(headers: {}) - allow_any_instance_of(PageLayoutHelper).to receive(:page_title).and_return('€100 · GitLab') + allow_any_instance_of(PageLayoutHelper).to receive(:page_title).and_return("€100 · GitLab") allow(controller).to receive(:response).and_return(response) controller.send(:set_page_title_header) - expect(response.headers['Page-Title']).to eq('%E2%82%AC100%20%C2%B7%20GitLab') + expect(response.headers["Page-Title"]).to eq("%E2%82%AC100%20%C2%B7%20GitLab") end end - context 'two-factor authentication' do + context "two-factor authentication" do let(:controller) { described_class.new } - describe '#check_two_factor_requirement' do + describe "#check_two_factor_requirement" do subject { controller.send :check_two_factor_requirement } - it 'does not redirect if 2FA is not required' do + it "does not redirect if 2FA is not required" do allow(controller).to receive(:two_factor_authentication_required?).and_return(false) expect(controller).not_to receive(:redirect_to) subject end - it 'does not redirect if user is not logged in' do + it "does not redirect if user is not logged in" do allow(controller).to receive(:two_factor_authentication_required?).and_return(true) allow(controller).to receive(:current_user).and_return(nil) expect(controller).not_to receive(:redirect_to) @@ -220,7 +219,7 @@ describe ApplicationController do subject end - it 'does not redirect if user has 2FA enabled' do + it "does not redirect if user has 2FA enabled" do allow(controller).to receive(:two_factor_authentication_required?).and_return(true) allow(controller).to receive(:current_user).twice.and_return(user) allow(user).to receive(:two_factor_enabled?).and_return(true) @@ -229,7 +228,7 @@ describe ApplicationController do subject end - it 'does not redirect if 2FA setup can be skipped' do + it "does not redirect if 2FA setup can be skipped" do allow(controller).to receive(:two_factor_authentication_required?).and_return(true) allow(controller).to receive(:current_user).twice.and_return(user) allow(user).to receive(:two_factor_enabled?).and_return(false) @@ -239,7 +238,7 @@ describe ApplicationController do subject end - it 'redirects to 2FA setup otherwise' do + it "redirects to 2FA setup otherwise" do allow(controller).to receive(:two_factor_authentication_required?).and_return(true) allow(controller).to receive(:current_user).twice.and_return(user) allow(user).to receive(:two_factor_enabled?).and_return(false) @@ -251,23 +250,23 @@ describe ApplicationController do end end - describe '#two_factor_authentication_required?' do + describe "#two_factor_authentication_required?" do subject { controller.send :two_factor_authentication_required? } - it 'returns false if no 2FA requirement is present' do + it "returns false if no 2FA requirement is present" do allow(controller).to receive(:current_user).and_return(nil) expect(subject).to be_falsey end - it 'returns true if a 2FA requirement is set in the application settings' do + it "returns true if a 2FA requirement is set in the application settings" do stub_application_setting require_two_factor_authentication: true allow(controller).to receive(:current_user).and_return(nil) expect(subject).to be_truthy end - it 'returns true if a 2FA requirement is set on the user' do + it "returns true if a 2FA requirement is set on the user" do user.require_two_factor_authentication_from_group = true allow(controller).to receive(:current_user).and_return(user) @@ -275,27 +274,27 @@ describe ApplicationController do end end - describe '#two_factor_grace_period' do + describe "#two_factor_grace_period" do subject { controller.send :two_factor_grace_period } - it 'returns the grace period from the application settings' do + it "returns the grace period from the application settings" do stub_application_setting two_factor_grace_period: 23 allow(controller).to receive(:current_user).and_return(nil) expect(subject).to eq 23 end - context 'with a 2FA requirement set on the user' do + context "with a 2FA requirement set on the user" do let(:user) { create :user, require_two_factor_authentication_from_group: true, two_factor_grace_period: 23 } - it 'returns the user grace period if lower than the application grace period' do + it "returns the user grace period if lower than the application grace period" do stub_application_setting two_factor_grace_period: 24 allow(controller).to receive(:current_user).and_return(user) expect(subject).to eq 23 end - it 'returns the application grace period if lower than the user grace period' do + it "returns the application grace period if lower than the user grace period" do stub_application_setting two_factor_grace_period: 22 allow(controller).to receive(:current_user).and_return(user) @@ -304,27 +303,27 @@ describe ApplicationController do end end - describe '#two_factor_grace_period_expired?' do + describe "#two_factor_grace_period_expired?" do subject { controller.send :two_factor_grace_period_expired? } before do allow(controller).to receive(:current_user).and_return(user) end - it 'returns false if the user has not started their grace period yet' do + it "returns false if the user has not started their grace period yet" do expect(subject).to be_falsey end - context 'with grace period started' do + context "with grace period started" do let(:user) { create :user, otp_grace_period_started_at: 2.hours.ago } - it 'returns true if the grace period has expired' do + it "returns true if the grace period has expired" do allow(controller).to receive(:two_factor_grace_period).and_return(1) expect(subject).to be_truthy end - it 'returns false if the grace period is still active' do + it "returns false if the grace period is still active" do allow(controller).to receive(:two_factor_grace_period).and_return(3) expect(subject).to be_falsey @@ -332,27 +331,27 @@ describe ApplicationController do end end - describe '#two_factor_skippable' do + describe "#two_factor_skippable" do subject { controller.send :two_factor_skippable? } before do allow(controller).to receive(:current_user).and_return(user) end - it 'returns false if 2FA is not required' do + it "returns false if 2FA is not required" do allow(controller).to receive(:two_factor_authentication_required?).and_return(false) expect(subject).to be_falsey end - it 'returns false if the user has already enabled 2FA' do + it "returns false if the user has already enabled 2FA" do allow(controller).to receive(:two_factor_authentication_required?).and_return(true) allow(user).to receive(:two_factor_enabled?).and_return(true) expect(subject).to be_falsey end - it 'returns false if the 2FA grace period has expired' do + it "returns false if the 2FA grace period has expired" do allow(controller).to receive(:two_factor_authentication_required?).and_return(true) allow(user).to receive(:two_factor_enabled?).and_return(false) allow(controller).to receive(:two_factor_grace_period_expired?).and_return(true) @@ -360,7 +359,7 @@ describe ApplicationController do expect(subject).to be_falsey end - it 'returns true otherwise' do + it "returns true otherwise" do allow(controller).to receive(:two_factor_authentication_required?).and_return(true) allow(user).to receive(:two_factor_enabled?).and_return(false) allow(controller).to receive(:two_factor_grace_period_expired?).and_return(false) @@ -369,27 +368,27 @@ describe ApplicationController do end end - describe '#skip_two_factor?' do + describe "#skip_two_factor?" do subject { controller.send :skip_two_factor? } - it 'returns false if 2FA setup was not skipped' do + it "returns false if 2FA setup was not skipped" do allow(controller).to receive(:session).and_return({}) expect(subject).to be_falsey end - context 'with 2FA setup skipped' do + context "with 2FA setup skipped" do before do - allow(controller).to receive(:session).and_return({ skip_two_factor: 2.hours.from_now }) + allow(controller).to receive(:session).and_return({skip_two_factor: 2.hours.from_now}) end - it 'returns false if the grace period has expired' do + it "returns false if the grace period has expired" do Timecop.freeze(3.hours.from_now) do expect(subject).to be_falsey end end - it 'returns true if the grace period is still active' do + it "returns true if the grace period is still active" do Timecop.freeze(1.hour.from_now) do expect(subject).to be_truthy end @@ -398,19 +397,19 @@ describe ApplicationController do end end - context 'terms' do + context "terms" do controller(described_class) do def index - render html: 'authenticated' + render html: "authenticated" end end before do - stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false') + stub_env("IN_MEMORY_APPLICATION_SETTINGS", "false") sign_in user end - it 'does not query more when terms are enforced' do + it "does not query more when terms are enforced" do control = ActiveRecord::QueryRecorder.new { get :index } enforce_terms @@ -418,18 +417,18 @@ describe ApplicationController do expect { get :index }.not_to exceed_query_limit(control) end - context 'when terms are enforced' do + context "when terms are enforced" do before do enforce_terms end - it 'redirects if the user did not accept the terms' do + it "redirects if the user did not accept the terms" do get :index expect(response).to have_gitlab_http_status(302) end - it 'does not redirect when the user accepted terms' do + it "does not redirect when the user accepted terms" do accept_terms(user) get :index @@ -439,12 +438,12 @@ describe ApplicationController do end end - describe '#append_info_to_payload' do + describe "#append_info_to_payload" do controller(described_class) do attr_reader :last_payload def index - render html: 'authenticated' + render html: "authenticated" end def append_info_to_payload(payload) @@ -454,57 +453,57 @@ describe ApplicationController do end end - it 'does not log errors with a 200 response' do + it "does not log errors with a 200 response" do get :index - expect(controller.last_payload.has_key?(:response)).to be_falsey + expect(controller.last_payload.key?(:response)).to be_falsey end - it 'does log correlation id' do - Gitlab::CorrelationId.use_id('new-id') do + it "does log correlation id" do + Gitlab::CorrelationId.use_id("new-id") do get :index end - expect(controller.last_payload).to include('correlation_id' => 'new-id') + expect(controller.last_payload).to include("correlation_id" => "new-id") end - context '422 errors' do - it 'logs a response with a string' do - response = spy(ActionDispatch::Response, status: 422, body: 'Hello world', content_type: 'application/json', cookies: {}) + context "422 errors" do + it "logs a response with a string" do + response = spy(ActionDispatch::Response, status: 422, body: "Hello world", content_type: "application/json", cookies: {}) allow(controller).to receive(:response).and_return(response) get :index - expect(controller.last_payload[:response]).to eq('Hello world') + expect(controller.last_payload[:response]).to eq("Hello world") end - it 'logs a response with an array' do - body = ['I want', 'my hat back'] - response = spy(ActionDispatch::Response, status: 422, body: body, content_type: 'application/json', cookies: {}) + it "logs a response with an array" do + body = ["I want", "my hat back"] + response = spy(ActionDispatch::Response, status: 422, body: body, content_type: "application/json", cookies: {}) allow(controller).to receive(:response).and_return(response) get :index expect(controller.last_payload[:response]).to eq(body) end - it 'does not log a string with an empty body' do - response = spy(ActionDispatch::Response, status: 422, body: nil, content_type: 'application/json', cookies: {}) + it "does not log a string with an empty body" do + response = spy(ActionDispatch::Response, status: 422, body: nil, content_type: "application/json", cookies: {}) allow(controller).to receive(:response).and_return(response) get :index - expect(controller.last_payload.has_key?(:response)).to be_falsey + expect(controller.last_payload.key?(:response)).to be_falsey end - it 'does not log an HTML body' do - response = spy(ActionDispatch::Response, status: 422, body: 'This is a test', content_type: 'application/html', cookies: {}) + it "does not log an HTML body" do + response = spy(ActionDispatch::Response, status: 422, body: "This is a test", content_type: "application/html", cookies: {}) allow(controller).to receive(:response).and_return(response) get :index - expect(controller.last_payload.has_key?(:response)).to be_falsey + expect(controller.last_payload.key?(:response)).to be_falsey end end end - describe '#access_denied' do + describe "#access_denied" do controller(described_class) do def index access_denied!(params[:message], params[:status]) @@ -515,31 +514,31 @@ describe ApplicationController do sign_in user end - it 'renders a 404 without a message' do + it "renders a 404 without a message" do get :index expect(response).to have_gitlab_http_status(404) - expect(response).to render_template('errors/not_found') + expect(response).to render_template("errors/not_found") end - it 'renders a 403 when a message is passed to access denied' do - get :index, params: { message: 'None shall pass' } + it "renders a 403 when a message is passed to access denied" do + get :index, params: {message: "None shall pass"} expect(response).to have_gitlab_http_status(403) - expect(response).to render_template('errors/access_denied') + expect(response).to render_template("errors/access_denied") end - it 'renders a status passed to access denied' do - get :index, params: { status: 401 } + it "renders a status passed to access denied" do + get :index, params: {status: 401} expect(response).to have_gitlab_http_status(401) end end - context 'when invalid UTF-8 parameters are received' do + context "when invalid UTF-8 parameters are received" do controller(described_class) do def index - params[:text].split(' ') + params[:text].split(" ") render json: :ok end @@ -549,121 +548,121 @@ describe ApplicationController do sign_in user end - context 'html' do - subject { get :index, params: { text: "hi \255" } } + context "html" do + subject { get :index, params: {text: "hi \255"} } - it 'renders 412' do + it "renders 412" do expect { subject }.to raise_error(ActionController::BadRequest) end end - context 'js' do - subject { get :index, format: :js, params: { text: "hi \255" } } + context "js" do + subject { get :index, format: :js, params: {text: "hi \255"} } - it 'renders 412' do + it "renders 412" do expect { subject }.to raise_error(ActionController::BadRequest) end end end - context 'X-GitLab-Custom-Error header' do + context "X-GitLab-Custom-Error header" do before do sign_in user end - context 'given a 422 error page' do + context "given a 422 error page" do controller do def index - render 'errors/omniauth_error', layout: 'errors', status: 422 + render "errors/omniauth_error", layout: "errors", status: 422 end end - it 'sets a custom header' do + it "sets a custom header" do get :index - expect(response.headers['X-GitLab-Custom-Error']).to eq '1' + expect(response.headers["X-GitLab-Custom-Error"]).to eq "1" end end - context 'given a 500 error page' do + context "given a 500 error page" do controller do def index - render 'errors/omniauth_error', layout: 'errors', status: 500 + render "errors/omniauth_error", layout: "errors", status: 500 end end - it 'sets a custom header' do + it "sets a custom header" do get :index - expect(response.headers['X-GitLab-Custom-Error']).to eq '1' + expect(response.headers["X-GitLab-Custom-Error"]).to eq "1" end end - context 'given a 200 success page' do + context "given a 200 success page" do controller do def index - render 'errors/omniauth_error', layout: 'errors', status: 200 + render "errors/omniauth_error", layout: "errors", status: 200 end end - it 'does not set a custom header' do + it "does not set a custom header" do get :index - expect(response.headers['X-GitLab-Custom-Error']).to be_nil + expect(response.headers["X-GitLab-Custom-Error"]).to be_nil end end - context 'given a json response' do + context "given a json response" do controller do def index render json: {}, status: :unprocessable_entity end end - it 'does not set a custom header' do + it "does not set a custom header" do get :index, format: :json - expect(response.headers['X-GitLab-Custom-Error']).to be_nil + expect(response.headers["X-GitLab-Custom-Error"]).to be_nil end end - context 'given a json response for an html request' do + context "given a json response for an html request" do controller do def index render json: {}, status: :unprocessable_entity end end - it 'does not set a custom header' do + it "does not set a custom header" do get :index - expect(response.headers['X-GitLab-Custom-Error']).to be_nil + expect(response.headers["X-GitLab-Custom-Error"]).to be_nil end end end - context 'control headers' do + context "control headers" do controller(described_class) do def index render json: :ok end end - context 'user not logged in' do - it 'sets the default headers' do + context "user not logged in" do + it "sets the default headers" do get :index - expect(response.headers['Cache-Control']).to be_nil + expect(response.headers["Cache-Control"]).to be_nil end end - context 'user logged in' do - it 'sets the default headers' do + context "user logged in" do + it "sets the default headers" do sign_in(user) get :index - expect(response.headers['Cache-Control']).to eq 'max-age=0, private, must-revalidate, no-store' + expect(response.headers["Cache-Control"]).to eq "max-age=0, private, must-revalidate, no-store" end it 'does not set the "no-store" header for XHR requests' do @@ -671,7 +670,7 @@ describe ApplicationController do get :index, xhr: true - expect(response.headers['Cache-Control']).to eq 'max-age=0, private, must-revalidate' + expect(response.headers["Cache-Control"]).to eq "max-age=0, private, must-revalidate" end end end |