diff options
Diffstat (limited to 'spec/requests/api/internal/base_spec.rb')
-rw-r--r-- | spec/requests/api/internal/base_spec.rb | 267 |
1 files changed, 143 insertions, 124 deletions
diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb index e04f63befd0..86999c4adaa 100644 --- a/spec/requests/api/internal/base_spec.rb +++ b/spec/requests/api/internal/base_spec.rb @@ -50,41 +50,6 @@ RSpec.describe API::Internal::Base do end end - shared_examples 'actor key validations' do - context 'key id is not provided' do - let(:key_id) { nil } - - it 'returns an error message' do - subject - - expect(json_response['success']).to be_falsey - expect(json_response['message']).to eq('Could not find a user without a key') - end - end - - context 'key does not exist' do - let(:key_id) { non_existing_record_id } - - it 'returns an error message' do - subject - - expect(json_response['success']).to be_falsey - expect(json_response['message']).to eq('Could not find the given key') - end - end - - context 'key without user' do - let(:key_id) { create(:key, user: nil).id } - - it 'returns an error message' do - subject - - expect(json_response['success']).to be_falsey - expect(json_response['message']).to eq('Could not find a user for the given key') - end - end - end - describe 'GET /internal/two_factor_recovery_codes' do let(:key_id) { key.id } @@ -578,25 +543,51 @@ RSpec.describe API::Internal::Base do end context "git pull" do - before do - stub_feature_flags(gitaly_mep_mep: true) + context "with a feature flag enabled globally" do + before do + stub_feature_flags(gitaly_mep_mep: true) + end + + it "has the correct payload" do + pull(key, project) + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response["status"]).to be_truthy + expect(json_response["gl_repository"]).to eq("project-#{project.id}") + expect(json_response["gl_project_path"]).to eq(project.full_path) + expect(json_response["gitaly"]).not_to be_nil + expect(json_response["gitaly"]["repository"]).not_to be_nil + expect(json_response["gitaly"]["repository"]["storage_name"]).to eq(project.repository.gitaly_repository.storage_name) + expect(json_response["gitaly"]["repository"]["relative_path"]).to eq(project.repository.gitaly_repository.relative_path) + expect(json_response["gitaly"]["address"]).to eq(Gitlab::GitalyClient.address(project.repository_storage)) + expect(json_response["gitaly"]["token"]).to eq(Gitlab::GitalyClient.token(project.repository_storage)) + expect(json_response["gitaly"]["features"]).to eq('gitaly-feature-mep-mep' => 'true') + expect(user.reload.last_activity_on).to eql(Date.today) + end end - it "has the correct payload" do - pull(key, project) + context "with a feature flag enabled for a project" do + before do + stub_feature_flags(gitaly_mep_mep: project) + end - expect(response).to have_gitlab_http_status(:ok) - expect(json_response["status"]).to be_truthy - expect(json_response["gl_repository"]).to eq("project-#{project.id}") - expect(json_response["gl_project_path"]).to eq(project.full_path) - expect(json_response["gitaly"]).not_to be_nil - expect(json_response["gitaly"]["repository"]).not_to be_nil - expect(json_response["gitaly"]["repository"]["storage_name"]).to eq(project.repository.gitaly_repository.storage_name) - expect(json_response["gitaly"]["repository"]["relative_path"]).to eq(project.repository.gitaly_repository.relative_path) - expect(json_response["gitaly"]["address"]).to eq(Gitlab::GitalyClient.address(project.repository_storage)) - expect(json_response["gitaly"]["token"]).to eq(Gitlab::GitalyClient.token(project.repository_storage)) - expect(json_response["gitaly"]["features"]).to eq('gitaly-feature-mep-mep' => 'true') - expect(user.reload.last_activity_on).to eql(Date.today) + it "has the flag set to true for that project" do + pull(key, project) + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response["gl_repository"]).to eq("project-#{project.id}") + expect(json_response["gitaly"]["features"]).to eq('gitaly-feature-mep-mep' => 'true') + end + + it "has the flag set to false for other projects" do + other_project = create(:project, :public, :repository) + + pull(key, other_project) + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response["gl_repository"]).to eq("project-#{other_project.id}") + expect(json_response["gitaly"]["features"]).to eq('gitaly-feature-mep-mep' => 'false') + end end end @@ -1094,6 +1085,104 @@ RSpec.describe API::Internal::Base do expect(response).to have_gitlab_http_status(:unauthorized) end end + + context 'admin mode' do + shared_examples 'pushes succeed for ssh and http' do + it 'accepts the SSH push' do + push(key, project) + + expect(response).to have_gitlab_http_status(:ok) + end + + it 'accepts the HTTP push' do + push(key, project, 'http') + + expect(response).to have_gitlab_http_status(:ok) + end + end + + shared_examples 'pushes fail for ssh and http' do + it 'rejects the SSH push' do + push(key, project) + + expect(response).to have_gitlab_http_status(:not_found) + end + + it 'rejects the HTTP push' do + push(key, project, 'http') + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'feature flag :user_mode_in_session is enabled' do + context 'with an admin user' do + let(:user) { create(:admin) } + + context 'is member of the project' do + before do + project.add_developer(user) + end + + it_behaves_like 'pushes succeed for ssh and http' + end + + context 'is not member of the project' do + it_behaves_like 'pushes succeed for ssh and http' + end + end + + context 'with a regular user' do + context 'is member of the project' do + before do + project.add_developer(user) + end + + it_behaves_like 'pushes succeed for ssh and http' + end + + context 'is not member of the project' do + it_behaves_like 'pushes fail for ssh and http' + end + end + end + + context 'feature flag :user_mode_in_session is disabled' do + before do + stub_feature_flags(user_mode_in_session: false) + end + + context 'with an admin user' do + let(:user) { create(:admin) } + + context 'is member of the project' do + before do + project.add_developer(user) + end + + it_behaves_like 'pushes succeed for ssh and http' + end + + context 'is not member of the project' do + it_behaves_like 'pushes succeed for ssh and http' + end + end + + context 'with a regular user' do + context 'is member of the project' do + before do + project.add_developer(user) + end + + it_behaves_like 'pushes succeed for ssh and http' + end + + context 'is not member of the project' do + it_behaves_like 'pushes fail for ssh and http' + end + end + end + end end describe 'POST /internal/post_receive', :clean_gitlab_redis_shared_state do @@ -1308,10 +1397,6 @@ RSpec.describe API::Internal::Base do let(:key_id) { key.id } let(:otp) { '123456'} - before do - stub_feature_flags(two_factor_for_cli: true) - end - subject do post api('/internal/two_factor_otp_check'), params: { @@ -1321,76 +1406,10 @@ RSpec.describe API::Internal::Base do } end - it_behaves_like 'actor key validations' - - context 'when the key is a deploy key' do - let(:key_id) { create(:deploy_key).id } - - it 'returns an error message' do - subject - - expect(json_response['success']).to be_falsey - expect(json_response['message']).to eq('Deploy keys cannot be used for Two Factor') - end - end - - context 'when the two factor is enabled' do - before do - allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(true) - end - - context 'when the OTP is valid' do - it 'registers a new OTP session and returns success' do - allow_any_instance_of(Users::ValidateOtpService).to receive(:execute).with(otp).and_return(status: :success) - - expect_next_instance_of(::Gitlab::Auth::Otp::SessionEnforcer) do |session_enforcer| - expect(session_enforcer).to receive(:update_session).once - end - - subject - - expect(json_response['success']).to be_truthy - end - end - - context 'when the OTP is invalid' do - it 'is not success' do - allow_any_instance_of(Users::ValidateOtpService).to receive(:execute).with(otp).and_return(status: :error) - - subject - - expect(json_response['success']).to be_falsey - end - end - end - - context 'when the two factor is disabled' do - before do - allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(false) - end + it 'is not available' do + subject - it 'returns an error message' do - subject - - expect(json_response['success']).to be_falsey - expect(json_response['message']).to eq 'Two-factor authentication is not enabled for this user' - end - end - - context 'two_factor_for_cli feature is disabled' do - before do - stub_feature_flags(two_factor_for_cli: false) - end - - context 'when two-factor is enabled for the user' do - it 'returns user two factor config' do - allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(true) - - subject - - expect(json_response['success']).to be_falsey - end - end + expect(json_response['success']).to be_falsey end end |