summaryrefslogtreecommitdiff
path: root/spec/controllers/projects
diff options
context:
space:
mode:
Diffstat (limited to 'spec/controllers/projects')
-rw-r--r--spec/controllers/projects/blob_controller_spec.rb83
-rw-r--r--spec/controllers/projects/imports_controller_spec.rb9
-rw-r--r--spec/controllers/projects/issues_controller_spec.rb11
-rw-r--r--spec/controllers/projects/merge_requests_controller_spec.rb12
-rw-r--r--spec/controllers/projects/registry/repositories_controller_spec.rb84
5 files changed, 191 insertions, 8 deletions
diff --git a/spec/controllers/projects/blob_controller_spec.rb b/spec/controllers/projects/blob_controller_spec.rb
index ec36a64b415..3e9f272a0d8 100644
--- a/spec/controllers/projects/blob_controller_spec.rb
+++ b/spec/controllers/projects/blob_controller_spec.rb
@@ -2,15 +2,10 @@ require 'rails_helper'
describe Projects::BlobController do
let(:project) { create(:project, :public, :repository) }
- let(:user) { create(:user) }
-
- before do
- project.team << [user, :master]
-
- sign_in(user)
- end
describe 'GET diff' do
+ let(:user) { create(:user) }
+
render_views
def do_get(opts = {})
@@ -20,6 +15,12 @@ describe Projects::BlobController do
get :diff, params.merge(opts)
end
+ before do
+ project.team << [user, :master]
+
+ sign_in(user)
+ end
+
context 'when essential params are missing' do
it 'renders nothing' do
do_get
@@ -37,7 +38,69 @@ describe Projects::BlobController do
end
end
+ describe 'GET edit' do
+ let(:default_params) do
+ {
+ namespace_id: project.namespace,
+ project_id: project,
+ id: 'master/CHANGELOG'
+ }
+ end
+
+ context 'anonymous' do
+ before do
+ get :edit, default_params
+ end
+
+ it 'redirects to sign in and returns' do
+ expect(response).to redirect_to(new_user_session_path)
+ end
+ end
+
+ context 'as guest' do
+ let(:guest) { create(:user) }
+
+ before do
+ sign_in(guest)
+ get :edit, default_params
+ end
+
+ it 'redirects to blob show' do
+ expect(response).to redirect_to(namespace_project_blob_path(project.namespace, project, 'master/CHANGELOG'))
+ end
+ end
+
+ context 'as developer' do
+ let(:developer) { create(:user) }
+
+ before do
+ project.team << [developer, :developer]
+ sign_in(developer)
+ get :edit, default_params
+ end
+
+ it 'redirects to blob show' do
+ expect(response).to have_http_status(200)
+ end
+ end
+
+ context 'as master' do
+ let(:master) { create(:user) }
+
+ before do
+ project.team << [master, :master]
+ sign_in(master)
+ get :edit, default_params
+ end
+
+ it 'redirects to blob show' do
+ expect(response).to have_http_status(200)
+ end
+ end
+ end
+
describe 'PUT update' do
+ let(:user) { create(:user) }
let(:default_params) do
{
namespace_id: project.namespace,
@@ -53,6 +116,12 @@ describe Projects::BlobController do
namespace_project_blob_path(project.namespace, project, 'master/CHANGELOG')
end
+ before do
+ project.team << [user, :master]
+
+ sign_in(user)
+ end
+
it 'redirects to blob' do
put :update, default_params
diff --git a/spec/controllers/projects/imports_controller_spec.rb b/spec/controllers/projects/imports_controller_spec.rb
index 7c75815f3c4..6724b474179 100644
--- a/spec/controllers/projects/imports_controller_spec.rb
+++ b/spec/controllers/projects/imports_controller_spec.rb
@@ -96,12 +96,19 @@ describe Projects::ImportsController do
}
end
- it 'redirects to params[:to]' do
+ it 'redirects to internal params[:to]' do
get :show, namespace_id: project.namespace.to_param, project_id: project, continue: params
expect(flash[:notice]).to eq params[:notice]
expect(response).to redirect_to params[:to]
end
+
+ it 'does not redirect to external params[:to]' do
+ params[:to] = "//google.com"
+
+ get :show, namespace_id: project.namespace.to_param, project_id: project, continue: params
+ expect(response).not_to redirect_to params[:to]
+ end
end
end
diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb
index 734966d50b2..d5f1d46bf7f 100644
--- a/spec/controllers/projects/issues_controller_spec.rb
+++ b/spec/controllers/projects/issues_controller_spec.rb
@@ -83,6 +83,17 @@ describe Projects::IssuesController do
expect(assigns(:issues).current_page).to eq(last_page)
expect(response).to have_http_status(200)
end
+
+ it 'does not redirect to external sites when provided a host field' do
+ external_host = "www.example.com"
+ get :index,
+ namespace_id: project.namespace.to_param,
+ project_id: project,
+ page: (last_page + 1).to_param,
+ host: external_host
+
+ expect(response).to redirect_to(namespace_project_issues_path(page: last_page, state: controller.params[:state], scope: controller.params[:scope]))
+ end
end
end
diff --git a/spec/controllers/projects/merge_requests_controller_spec.rb b/spec/controllers/projects/merge_requests_controller_spec.rb
index 72f41f7209a..99d5583e683 100644
--- a/spec/controllers/projects/merge_requests_controller_spec.rb
+++ b/spec/controllers/projects/merge_requests_controller_spec.rb
@@ -176,6 +176,18 @@ describe Projects::MergeRequestsController do
expect(assigns(:merge_requests).current_page).to eq(last_page)
expect(response).to have_http_status(200)
end
+
+ it 'does not redirect to external sites when provided a host field' do
+ external_host = "www.example.com"
+ get :index,
+ namespace_id: project.namespace.to_param,
+ project_id: project,
+ state: 'opened',
+ page: (last_page + 1).to_param,
+ host: external_host
+
+ expect(response).to redirect_to(namespace_project_merge_requests_path(page: last_page, state: controller.params[:state], scope: controller.params[:scope]))
+ end
end
context 'when filtering by opened state' do
diff --git a/spec/controllers/projects/registry/repositories_controller_spec.rb b/spec/controllers/projects/registry/repositories_controller_spec.rb
new file mode 100644
index 00000000000..464302824a8
--- /dev/null
+++ b/spec/controllers/projects/registry/repositories_controller_spec.rb
@@ -0,0 +1,84 @@
+require 'spec_helper'
+
+describe Projects::Registry::RepositoriesController do
+ let(:user) { create(:user) }
+ let(:project) { create(:empty_project, :private) }
+
+ before do
+ sign_in(user)
+ stub_container_registry_config(enabled: true)
+ end
+
+ context 'when user has access to registry' do
+ before do
+ project.add_developer(user)
+ end
+
+ describe 'GET index' do
+ context 'when root container repository exists' do
+ before do
+ create(:container_repository, :root, project: project)
+ end
+
+ it 'does not create root container repository' do
+ expect { go_to_index }.not_to change { ContainerRepository.all.count }
+ end
+ end
+
+ context 'when root container repository is not created' do
+ context 'when there are tags for this repository' do
+ before do
+ stub_container_registry_tags(repository: project.full_path,
+ tags: %w[rc1 latest])
+ end
+
+ it 'successfully renders container repositories' do
+ go_to_index
+
+ expect(response).to have_http_status(:ok)
+ end
+
+ it 'creates a root container repository' do
+ expect { go_to_index }.to change { ContainerRepository.all.count }.by(1)
+ expect(ContainerRepository.first).to be_root_repository
+ end
+ end
+
+ context 'when there are no tags for this repository' do
+ before do
+ stub_container_registry_tags(repository: :any, tags: [])
+ end
+
+ it 'successfully renders container repositories' do
+ go_to_index
+
+ expect(response).to have_http_status(:ok)
+ end
+
+ it 'does not ensure root container repository' do
+ expect { go_to_index }.not_to change { ContainerRepository.all.count }
+ end
+ end
+ end
+ end
+ end
+
+ context 'when user does not have access to registry' do
+ describe 'GET index' do
+ it 'responds with 404' do
+ go_to_index
+
+ expect(response).to have_http_status(:not_found)
+ end
+
+ it 'does not ensure root container repository' do
+ expect { go_to_index }.not_to change { ContainerRepository.all.count }
+ end
+ end
+ end
+
+ def go_to_index
+ get :index, namespace_id: project.namespace,
+ project_id: project
+ end
+end