diff options
Diffstat (limited to 'spec/graphql/mutations')
4 files changed, 187 insertions, 78 deletions
diff --git a/spec/graphql/mutations/boards/lists/create_spec.rb b/spec/graphql/mutations/boards/lists/create_spec.rb index 894dd1f34b4..815064e7c58 100644 --- a/spec/graphql/mutations/boards/lists/create_spec.rb +++ b/spec/graphql/mutations/boards/lists/create_spec.rb @@ -3,84 +3,8 @@ require 'spec_helper' RSpec.describe Mutations::Boards::Lists::Create do - include GraphqlHelpers - let_it_be(:group) { create(:group, :private) } let_it_be(:board) { create(:board, group: group) } - let_it_be(:user) { create(:user) } - let_it_be(:guest) { create(:user) } - - let(:current_user) { user } - let(:mutation) { described_class.new(object: nil, context: { current_user: current_user }, field: nil) } - let(:list_create_params) { {} } - - before_all do - group.add_reporter(user) - group.add_guest(guest) - end - - subject { mutation.resolve(board_id: board.to_global_id.to_s, **list_create_params) } - - describe '#ready?' do - it 'raises an error if required arguments are missing' do - expect { mutation.ready?(board_id: 'some id') } - .to raise_error(Gitlab::Graphql::Errors::ArgumentError, /one and only one of/) - end - - it 'raises an error if too many required arguments are specified' do - expect { mutation.ready?(board_id: 'some id', backlog: true, label_id: 'some label') } - .to raise_error(Gitlab::Graphql::Errors::ArgumentError, /one and only one of/) - end - end - - describe '#resolve' do - context 'with proper permissions' do - describe 'backlog list' do - let(:list_create_params) { { backlog: true } } - - it 'creates one and only one backlog' do - expect { subject }.to change { board.lists.backlog.count }.from(0).to(1) - expect(board.lists.backlog.first.list_type).to eq 'backlog' - - backlog_id = board.lists.backlog.first.id - - expect { subject }.not_to change { board.lists.backlog.count } - expect(board.lists.backlog.last.id).to eq backlog_id - end - end - - describe 'label list' do - let_it_be(:dev_label) do - create(:group_label, title: 'Development', color: '#FFAABB', group: group) - end - - let(:list_create_params) { { label_id: dev_label.to_global_id.to_s } } - - it 'creates a new issue board list for labels' do - expect { subject }.to change { board.lists.count }.from(1).to(2) - - new_list = subject[:list] - - expect(new_list.title).to eq dev_label.title - expect(new_list.position).to eq 0 - end - - context 'when label not found' do - let(:list_create_params) { { label_id: "gid://gitlab/Label/#{non_existing_record_id}" } } - - it 'returns an error' do - expect(subject[:errors]).to include 'Label not found' - end - end - end - end - - context 'without proper permissions' do - let(:current_user) { guest } - it 'raises an error' do - expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) - end - end - end + it_behaves_like 'board lists create mutation' end diff --git a/spec/graphql/mutations/concerns/mutations/can_mutate_spammable_spec.rb b/spec/graphql/mutations/concerns/mutations/can_mutate_spammable_spec.rb new file mode 100644 index 00000000000..ee8db7a1f31 --- /dev/null +++ b/spec/graphql/mutations/concerns/mutations/can_mutate_spammable_spec.rb @@ -0,0 +1,46 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Mutations::CanMutateSpammable do + let(:mutation_class) do + Class.new(Mutations::BaseMutation) do + include Mutations::CanMutateSpammable + end + end + + let(:request) { double(:request) } + let(:query) { double(:query, schema: GitlabSchema) } + let(:context) { GraphQL::Query::Context.new(query: query, object: nil, values: { request: request }) } + + subject(:mutation) { mutation_class.new(object: nil, context: context, field: nil) } + + describe '#additional_spam_params' do + it 'returns additional spam-related params' do + expect(subject.send(:additional_spam_params)).to eq({ api: true, request: request }) + end + end + + describe '#with_spam_action_fields' do + let(:spam_log) { double(:spam_log, id: 1) } + let(:spammable) { double(:spammable, spam?: true, render_recaptcha?: true, spam_log: spam_log) } + + before do + allow(Gitlab::CurrentSettings).to receive(:recaptcha_site_key) { 'abc123' } + end + + it 'merges in spam action fields from spammable' do + result = subject.send(:with_spam_action_fields, spammable) do + { other_field: true } + end + expect(result) + .to eq({ + spam: true, + needs_captcha_response: true, + spam_log_id: 1, + captcha_site_key: 'abc123', + other_field: true + }) + end + end +end diff --git a/spec/graphql/mutations/merge_requests/update_spec.rb b/spec/graphql/mutations/merge_requests/update_spec.rb index 8acd2562ea8..206abaf34ce 100644 --- a/spec/graphql/mutations/merge_requests/update_spec.rb +++ b/spec/graphql/mutations/merge_requests/update_spec.rb @@ -12,10 +12,11 @@ RSpec.describe Mutations::MergeRequests::Update do describe '#resolve' do let(:attributes) { { title: 'new title', description: 'new description', target_branch: 'new-branch' } } + let(:arguments) { attributes } let(:mutated_merge_request) { subject[:merge_request] } subject do - mutation.resolve(project_path: merge_request.project.full_path, iid: merge_request.iid, **attributes) + mutation.resolve(project_path: merge_request.project.full_path, iid: merge_request.iid, **arguments) end it_behaves_like 'permission level for merge request mutation is correctly verified' @@ -61,6 +62,24 @@ RSpec.describe Mutations::MergeRequests::Update do expect(mutated_merge_request).to have_attributes(attributes) end end + + context 'when closing the MR' do + let(:arguments) { { state_event: ::Types::MergeRequestStateEventEnum.values['CLOSED'].value } } + + it 'closes the MR' do + expect(mutated_merge_request).to be_closed + end + end + + context 'when re-opening the MR' do + let(:arguments) { { state_event: ::Types::MergeRequestStateEventEnum.values['OPEN'].value } } + + it 'closes the MR' do + merge_request.close! + + expect(mutated_merge_request).to be_open + end + end end end end diff --git a/spec/graphql/mutations/security/ci_configuration/configure_sast_spec.rb b/spec/graphql/mutations/security/ci_configuration/configure_sast_spec.rb new file mode 100644 index 00000000000..ed03a1cb906 --- /dev/null +++ b/spec/graphql/mutations/security/ci_configuration/configure_sast_spec.rb @@ -0,0 +1,120 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Mutations::Security::CiConfiguration::ConfigureSast do + subject(:mutation) { described_class.new(object: nil, context: context, field: nil) } + + let_it_be(:project) { create(:project, :public, :repository) } + let_it_be(:user) { create(:user) } + + let_it_be(:service_result_json) do + { + status: "success", + success_path: "http://127.0.0.1:3000/root/demo-historic-secrets/-/merge_requests/new?", + errors: nil + } + end + + let_it_be(:service_error_result_json) do + { + status: "error", + success_path: nil, + errors: %w(error1 error2) + } + end + + let(:context) do + GraphQL::Query::Context.new( + query: OpenStruct.new(schema: nil), + values: { current_user: user }, + object: nil + ) + end + + specify { expect(described_class).to require_graphql_authorizations(:push_code) } + + describe '#resolve' do + subject { mutation.resolve(project_path: project.full_path, configuration: {}) } + + let(:result) { subject } + + it 'raises an error if the resource is not accessible to the user' do + expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) + end + + context 'when user does not have enough permissions' do + before do + project.add_guest(user) + end + + it 'raises an error' do + expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) + end + end + + context 'when user is a maintainer of a different project' do + before do + create(:project_empty_repo).add_maintainer(user) + end + + it 'raises an error' do + expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) + end + end + + context 'when the user does not have permission to create a new branch' do + before_all do + project.add_developer(user) + end + + let(:error_message) { 'You are not allowed to create protected branches on this project.' } + + it 'returns an array of errors' do + allow_next_instance_of(::Files::MultiService) do |multi_service| + allow(multi_service).to receive(:execute).and_raise(Gitlab::Git::PreReceiveError.new("GitLab: #{error_message}")) + end + + expect(result).to match( + status: :error, + success_path: nil, + errors: match_array([error_message]) + ) + end + end + + context 'when the user can create a merge request' do + before_all do + project.add_developer(user) + end + + context 'when service successfully generates a path to create a new merge request' do + it 'returns a success path' do + allow_next_instance_of(::Security::CiConfiguration::SastCreateService) do |service| + allow(service).to receive(:execute).and_return(service_result_json) + end + + expect(result).to match( + status: 'success', + success_path: service_result_json[:success_path], + errors: [] + ) + end + end + + context 'when service can not generate any path to create a new merge request' do + it 'returns an array of errors' do + allow_next_instance_of(::Security::CiConfiguration::SastCreateService) do |service| + allow(service).to receive(:execute).and_return(service_error_result_json) + end + + expect(result).to match( + status: 'error', + success_path: be_nil, + errors: match_array(service_error_result_json[:errors]) + ) + end + end + end + end +end |