diff options
Diffstat (limited to 'spec/controllers/explore/projects_controller_spec.rb')
-rw-r--r-- | spec/controllers/explore/projects_controller_spec.rb | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/spec/controllers/explore/projects_controller_spec.rb b/spec/controllers/explore/projects_controller_spec.rb index 6752d2b8ebd..6f68de52845 100644 --- a/spec/controllers/explore/projects_controller_spec.rb +++ b/spec/controllers/explore/projects_controller_spec.rb @@ -59,6 +59,79 @@ describe Explore::ProjectsController do end end + shared_examples "blocks high page numbers" do + let(:page_limit) { 200 } + + context "page number is too high" do + [:index, :trending, :starred].each do |endpoint| + describe "GET #{endpoint}" do + render_views + + before do + get endpoint, params: { page: page_limit + 1 } + end + + it { is_expected.to respond_with(:bad_request) } + it { is_expected.to render_template("explore/projects/page_out_of_bounds") } + + it "assigns the page number" do + expect(assigns[:max_page_number]).to eq(page_limit.to_s) + end + end + + describe "GET #{endpoint}.json" do + render_views + + before do + get endpoint, params: { page: page_limit + 1 }, format: :json + end + + it { is_expected.to respond_with(:bad_request) } + end + + describe "metrics recording" do + after do + get endpoint, params: { page: page_limit + 1 } + end + + it "records the interception" do + expect(Gitlab::Metrics).to receive(:counter).with( + :gitlab_page_out_of_bounds, + controller: "explore/projects", + action: endpoint.to_s, + bot: false + ) + end + end + end + end + + context "page number is acceptable" do + [:index, :trending, :starred].each do |endpoint| + describe "GET #{endpoint}" do + render_views + + before do + get endpoint, params: { page: page_limit } + end + + it { is_expected.to respond_with(:success) } + it { is_expected.to render_template("explore/projects/#{endpoint}") } + end + + describe "GET #{endpoint}.json" do + render_views + + before do + get endpoint, params: { page: page_limit }, format: :json + end + + it { is_expected.to respond_with(:success) } + end + end + end + end + context 'when user is signed in' do let(:user) { create(:user) } @@ -67,6 +140,7 @@ describe Explore::ProjectsController do end include_examples 'explore projects' + include_examples "blocks high page numbers" context 'user preference sorting' do let(:project) { create(:project) } @@ -79,6 +153,7 @@ describe Explore::ProjectsController do context 'when user is not signed in' do include_examples 'explore projects' + include_examples "blocks high page numbers" context 'user preference sorting' do let(:project) { create(:project) } |