diff options
Diffstat (limited to 'spec/lib/gitlab/middleware')
9 files changed, 87 insertions, 9 deletions
diff --git a/spec/lib/gitlab/middleware/basic_health_check_spec.rb b/spec/lib/gitlab/middleware/basic_health_check_spec.rb index 07fda691ac8..0ca96de38da 100644 --- a/spec/lib/gitlab/middleware/basic_health_check_spec.rb +++ b/spec/lib/gitlab/middleware/basic_health_check_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Middleware::BasicHealthCheck do +RSpec.describe Gitlab::Middleware::BasicHealthCheck do let(:app) { double(:app) } let(:middleware) { described_class.new(app) } let(:env) { {} } diff --git a/spec/lib/gitlab/middleware/go_spec.rb b/spec/lib/gitlab/middleware/go_spec.rb index 43a489f6df0..1fffef53a82 100644 --- a/spec/lib/gitlab/middleware/go_spec.rb +++ b/spec/lib/gitlab/middleware/go_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Middleware::Go do +RSpec.describe Gitlab::Middleware::Go do let(:app) { double(:app) } let(:middleware) { described_class.new(app) } let(:env) do diff --git a/spec/lib/gitlab/middleware/handle_ip_spoof_attack_error_spec.rb b/spec/lib/gitlab/middleware/handle_ip_spoof_attack_error_spec.rb index ccfc5e93887..553ee589c62 100644 --- a/spec/lib/gitlab/middleware/handle_ip_spoof_attack_error_spec.rb +++ b/spec/lib/gitlab/middleware/handle_ip_spoof_attack_error_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Middleware::HandleIpSpoofAttackError do +RSpec.describe Gitlab::Middleware::HandleIpSpoofAttackError do let(:spoof_error) { ActionDispatch::RemoteIp::IpSpoofAttackError.new('sensitive') } let(:standard_error) { StandardError.new('error') } let(:app) { -> (env) { env.is_a?(Exception) ? raise(env) : env } } diff --git a/spec/lib/gitlab/middleware/multipart_spec.rb b/spec/lib/gitlab/middleware/multipart_spec.rb index 705164d5445..3b64fe335e8 100644 --- a/spec/lib/gitlab/middleware/multipart_spec.rb +++ b/spec/lib/gitlab/middleware/multipart_spec.rb @@ -4,7 +4,7 @@ require 'spec_helper' require 'tempfile' -describe Gitlab::Middleware::Multipart do +RSpec.describe Gitlab::Middleware::Multipart do include_context 'multipart middleware context' RSpec.shared_examples_for 'multipart upload files' do @@ -232,4 +232,82 @@ describe Gitlab::Middleware::Multipart do middleware.call(env) end end + + describe '#call' do + context 'with packages storage' do + using RSpec::Parameterized::TableSyntax + + let(:storage_path) { 'shared/packages' } + + RSpec.shared_examples 'allowing the multipart upload' do + it 'allows files to be uploaded' do + with_tmp_dir('tmp/uploads', storage_path) do |dir, env| + allow(Packages::PackageFileUploader).to receive(:root).and_return(File.join(dir, storage_path)) + + expect(app).to receive(:call) do |env| + expect(get_params(env)['file']).to be_a(::UploadedFile) + end + + middleware.call(env) + end + end + end + + RSpec.shared_examples 'not allowing the multipart upload when package upload path is used' do + it 'does not allow files to be uploaded' do + with_tmp_dir('tmp/uploads', storage_path) do |dir, env| + # with_tmp_dir sets the same workhorse_upload_path for all Uploaders, + # so we have to prevent JobArtifactUploader and LfsObjectUploader to + # allow the tested path + allow(JobArtifactUploader).to receive(:workhorse_upload_path).and_return(Dir.tmpdir) + allow(LfsObjectUploader).to receive(:workhorse_upload_path).and_return(Dir.tmpdir) + + status, headers, body = middleware.call(env) + + expect(status).to eq(400) + expect(headers).to eq({ 'Content-Type' => 'text/plain' }) + expect(body).to start_with('insecure path used') + end + end + end + + RSpec.shared_examples 'adding package storage to multipart allowed paths' do + before do + expect(::Packages::PackageFileUploader).to receive(:workhorse_upload_path).and_call_original + end + + it_behaves_like 'allowing the multipart upload' + end + + RSpec.shared_examples 'not adding package storage to multipart allowed paths' do + before do + expect(::Packages::PackageFileUploader).not_to receive(:workhorse_upload_path) + end + + it_behaves_like 'not allowing the multipart upload when package upload path is used' + end + + where(:object_storage_enabled, :direct_upload_enabled, :example_name) do + false | true | 'adding package storage to multipart allowed paths' + false | false | 'adding package storage to multipart allowed paths' + true | true | 'not adding package storage to multipart allowed paths' + true | false | 'adding package storage to multipart allowed paths' + end + + with_them do + before do + stub_config(packages: { + enabled: true, + object_store: { + enabled: object_storage_enabled, + direct_upload: direct_upload_enabled + }, + storage_path: storage_path + }) + end + + it_behaves_like params[:example_name] + end + end + end end diff --git a/spec/lib/gitlab/middleware/rails_queue_duration_spec.rb b/spec/lib/gitlab/middleware/rails_queue_duration_spec.rb index 4f21bd14122..8f9b0aec9eb 100644 --- a/spec/lib/gitlab/middleware/rails_queue_duration_spec.rb +++ b/spec/lib/gitlab/middleware/rails_queue_duration_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Middleware::RailsQueueDuration do +RSpec.describe Gitlab::Middleware::RailsQueueDuration do let(:app) { double(:app) } let(:middleware) { described_class.new(app) } let(:env) { {} } diff --git a/spec/lib/gitlab/middleware/read_only_spec.rb b/spec/lib/gitlab/middleware/read_only_spec.rb index c7e9b38e3ca..3bdf2a5077f 100644 --- a/spec/lib/gitlab/middleware/read_only_spec.rb +++ b/spec/lib/gitlab/middleware/read_only_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Middleware::ReadOnly do +RSpec.describe Gitlab::Middleware::ReadOnly do include Rack::Test::Methods using RSpec::Parameterized::TableSyntax diff --git a/spec/lib/gitlab/middleware/release_env_spec.rb b/spec/lib/gitlab/middleware/release_env_spec.rb index 3ca40f4ebd0..ca0ec0b9d83 100644 --- a/spec/lib/gitlab/middleware/release_env_spec.rb +++ b/spec/lib/gitlab/middleware/release_env_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Middleware::ReleaseEnv do +RSpec.describe Gitlab::Middleware::ReleaseEnv do let(:inner_app) { double(:app, call: 'yay') } let(:app) { described_class.new(inner_app) } let(:env) { { 'action_controller.instance' => 'something' } } diff --git a/spec/lib/gitlab/middleware/request_context_spec.rb b/spec/lib/gitlab/middleware/request_context_spec.rb index 1ed06a97c1e..431f4453e37 100644 --- a/spec/lib/gitlab/middleware/request_context_spec.rb +++ b/spec/lib/gitlab/middleware/request_context_spec.rb @@ -4,7 +4,7 @@ require 'rack' require 'request_store' require_relative '../../../support/helpers/next_instance_of' -describe Gitlab::Middleware::RequestContext do +RSpec.describe Gitlab::Middleware::RequestContext do include NextInstanceOf let(:app) { -> (env) {} } diff --git a/spec/lib/gitlab/middleware/same_site_cookies_spec.rb b/spec/lib/gitlab/middleware/same_site_cookies_spec.rb index 0cf1028a930..7c5262ca318 100644 --- a/spec/lib/gitlab/middleware/same_site_cookies_spec.rb +++ b/spec/lib/gitlab/middleware/same_site_cookies_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Gitlab::Middleware::SameSiteCookies do +RSpec.describe Gitlab::Middleware::SameSiteCookies do include Rack::Test::Methods let(:mock_app) do |