diff options
Diffstat (limited to 'spec/controllers/projects/notes_controller_spec.rb')
-rw-r--r-- | spec/controllers/projects/notes_controller_spec.rb | 87 |
1 files changed, 85 insertions, 2 deletions
diff --git a/spec/controllers/projects/notes_controller_spec.rb b/spec/controllers/projects/notes_controller_spec.rb index e96113c0133..edebaf294c4 100644 --- a/spec/controllers/projects/notes_controller_spec.rb +++ b/spec/controllers/projects/notes_controller_spec.rb @@ -150,7 +150,7 @@ RSpec.describe Projects::NotesController do end it 'returns an empty page of notes' do - expect(Gitlab::EtagCaching::Middleware).not_to receive(:skip!) + expect(Gitlab::EtagCaching::Middleware).to receive(:skip!) request.headers['X-Last-Fetched-At'] = microseconds(Time.zone.now) @@ -169,6 +169,8 @@ RSpec.describe Projects::NotesController do end it 'returns all notes' do + expect(Gitlab::EtagCaching::Middleware).to receive(:skip!) + get :index, params: request_params expect(json_response['notes'].count).to eq((page_1 + page_2 + page_3).size + 1) @@ -313,7 +315,7 @@ RSpec.describe Projects::NotesController do let(:note_text) { 'some note' } let(:request_params) do { - note: { note: note_text, noteable_id: merge_request.id, noteable_type: 'MergeRequest' }, + note: { note: note_text, noteable_id: merge_request.id, noteable_type: 'MergeRequest' }.merge(extra_note_params), namespace_id: project.namespace, project_id: project, merge_request_diff_head_sha: 'sha', @@ -323,6 +325,7 @@ RSpec.describe Projects::NotesController do end let(:extra_request_params) { {} } + let(:extra_note_params) { {} } let(:project_visibility) { Gitlab::VisibilityLevel::PUBLIC } let(:merge_requests_access_level) { ProjectFeature::ENABLED } @@ -421,6 +424,41 @@ RSpec.describe Projects::NotesController do end end + context 'when creating a confidential note' do + let(:extra_request_params) { { format: :json } } + + context 'when `confidential` parameter is not provided' do + it 'sets `confidential` to `false` in JSON response' do + create! + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['confidential']).to be false + end + end + + context 'when `confidential` parameter is `false`' do + let(:extra_note_params) { { confidential: false } } + + it 'sets `confidential` to `false` in JSON response' do + create! + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['confidential']).to be false + end + end + + context 'when `confidential` parameter is `true`' do + let(:extra_note_params) { { confidential: true } } + + it 'sets `confidential` to `true` in JSON response' do + create! + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['confidential']).to be true + end + end + end + context 'when creating a note with quick actions' do context 'with commands that return changes' do let(:note_text) { "/award :thumbsup:\n/estimate 1d\n/spend 3h" } @@ -725,6 +763,51 @@ RSpec.describe Projects::NotesController do end end end + + context 'when the endpoint receives requests above the limit' do + before do + stub_application_setting(notes_create_limit: 3) + end + + it 'prevents from creating more notes', :request_store do + 3.times { create! } + + expect { create! } + .to change { Gitlab::GitalyClient.get_request_count }.by(0) + + create! + expect(response.body).to eq(_('This endpoint has been requested too many times. Try again later.')) + expect(response).to have_gitlab_http_status(:too_many_requests) + end + + it 'logs the event in auth.log' do + attributes = { + message: 'Application_Rate_Limiter_Request', + env: :notes_create_request_limit, + remote_ip: '0.0.0.0', + request_method: 'POST', + path: "/#{project.full_path}/notes", + user_id: user.id, + username: user.username + } + + expect(Gitlab::AuthLogger).to receive(:error).with(attributes).once + + project.add_developer(user) + sign_in(user) + + 4.times { create! } + end + + it 'allows user in allow-list to create notes, even if the case is different' do + user.update_attribute(:username, user.username.titleize) + stub_application_setting(notes_create_limit_allowlist: ["#{user.username.downcase}"]) + 3.times { create! } + + create! + expect(response).to have_gitlab_http_status(:found) + end + end end describe 'PUT update' do |