diff options
Diffstat (limited to 'spec/requests/api/maven_packages_spec.rb')
-rw-r--r-- | spec/requests/api/maven_packages_spec.rb | 74 |
1 files changed, 59 insertions, 15 deletions
diff --git a/spec/requests/api/maven_packages_spec.rb b/spec/requests/api/maven_packages_spec.rb index 0a23aed109b..37748fe5ea7 100644 --- a/spec/requests/api/maven_packages_spec.rb +++ b/spec/requests/api/maven_packages_spec.rb @@ -15,10 +15,13 @@ RSpec.describe API::MavenPackages do let_it_be(:job, reload: true) { create(:ci_build, user: user, status: :running) } let_it_be(:deploy_token) { create(:deploy_token, read_package_registry: true, write_package_registry: true) } let_it_be(:project_deploy_token) { create(:project_deploy_token, deploy_token: deploy_token, project: project) } + let_it_be(:deploy_token_for_group) { create(:deploy_token, :group, read_package_registry: true, write_package_registry: true) } + let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: deploy_token_for_group, group: group) } let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') } let(:headers) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } } let(:headers_with_token) { headers.merge('Private-Token' => personal_access_token.token) } + let(:group_deploy_token_headers) { { Gitlab::Auth::AuthFinders::DEPLOY_TOKEN_HEADER => deploy_token_for_group.token } } let(:headers_with_deploy_token) do headers.merge( @@ -36,7 +39,7 @@ RSpec.describe API::MavenPackages do context 'with jar file' do let_it_be(:package_file) { jar_file } - it_behaves_like 'a gitlab tracking event', described_class.name, 'pull_package' + it_behaves_like 'a package tracking event', described_class.name, 'pull_package' end end @@ -342,6 +345,17 @@ RSpec.describe API::MavenPackages do it_behaves_like 'downloads with a job token' it_behaves_like 'downloads with a deploy token' + + context 'with group deploy token' do + subject { download_file_with_token(package_file.file_name, {}, group_deploy_token_headers) } + + it 'returns the file' do + subject + + expect(response).to have_gitlab_http_status(:ok) + expect(response.media_type).to eq('application/octet-stream') + end + end end def download_file(file_name, params = {}, request_headers = headers) @@ -548,7 +562,7 @@ RSpec.describe API::MavenPackages do allow(uploaded_file).to receive(:size).and_return(project.actual_limits.maven_max_file_size + 1) end - upload_file_with_token(params) + upload_file_with_token(params: params) expect(response).to have_gitlab_http_status(:bad_request) end @@ -563,19 +577,19 @@ RSpec.describe API::MavenPackages do context 'without workhorse header' do let(:workhorse_header) { {} } - subject { upload_file_with_token(params) } + subject { upload_file_with_token(params: params) } it_behaves_like 'package workhorse uploads' end context 'event tracking' do - subject { upload_file_with_token(params) } + subject { upload_file_with_token(params: params) } - it_behaves_like 'a gitlab tracking event', described_class.name, 'push_package' + it_behaves_like 'a package tracking event', described_class.name, 'push_package' end it 'creates package and stores package file' do - expect { upload_file_with_token(params) }.to change { project.packages.count }.by(1) + expect { upload_file_with_token(params: params) }.to change { project.packages.count }.by(1) .and change { Packages::Maven::Metadatum.count }.by(1) .and change { Packages::PackageFile.count }.by(1) @@ -584,7 +598,7 @@ RSpec.describe API::MavenPackages do end it 'allows upload with running job token' do - upload_file(params.merge(job_token: job.token)) + upload_file(params: params.merge(job_token: job.token)) expect(response).to have_gitlab_http_status(:ok) expect(project.reload.packages.last.build_info.pipeline).to eq job.pipeline @@ -592,13 +606,13 @@ RSpec.describe API::MavenPackages do it 'rejects upload without running job token' do job.update!(status: :failed) - upload_file(params.merge(job_token: job.token)) + upload_file(params: params.merge(job_token: job.token)) expect(response).to have_gitlab_http_status(:unauthorized) end it 'allows upload with deploy token' do - upload_file(params, headers_with_deploy_token) + upload_file(params: params, request_headers: headers_with_deploy_token) expect(response).to have_gitlab_http_status(:ok) end @@ -612,7 +626,10 @@ RSpec.describe API::MavenPackages do # We force the id of the deploy token and the user to be the same unauthorized_deploy_token.update!(id: another_user.id) - upload_file(params, headers.merge(Gitlab::Auth::AuthFinders::DEPLOY_TOKEN_HEADER => unauthorized_deploy_token.token)) + upload_file( + params: params, + request_headers: headers.merge(Gitlab::Auth::AuthFinders::DEPLOY_TOKEN_HEADER => unauthorized_deploy_token.token) + ) expect(response).to have_gitlab_http_status(:forbidden) end @@ -621,16 +638,43 @@ RSpec.describe API::MavenPackages do let(:version) { '$%123' } it 'rejects request' do - expect { upload_file_with_token(params) }.not_to change { project.packages.count } + expect { upload_file_with_token(params: params) }.not_to change { project.packages.count } expect(response).to have_gitlab_http_status(:bad_request) expect(json_response['message']).to include('Validation failed') end end + + context 'for sha1 file' do + let(:dummy_package) { double(Packages::Package) } + + it 'checks the sha1' do + # The sha verification done by the maven api is between: + # - the sha256 set by workhorse helpers + # - the sha256 of the sha1 of the uploaded package file + # We're going to send `file_upload` for the sha1 and stub the sha1 of the package file so that + # both sha256 being the same + expect(::Packages::PackageFileFinder).to receive(:new).and_return(double(execute!: dummy_package)) + expect(dummy_package).to receive(:file_sha1).and_return(File.read(file_upload.path)) + + upload_file_with_token(params: params, file_extension: 'jar.sha1') + + expect(response).to have_gitlab_http_status(:no_content) + end + end + + context 'for md5 file' do + it 'returns an empty body' do + upload_file_with_token(params: params, file_extension: 'jar.md5') + + expect(response.body).to eq('') + expect(response).to have_gitlab_http_status(:ok) + end + end end - def upload_file(params = {}, request_headers = headers) - url = "/projects/#{project.id}/packages/maven/com/example/my-app/#{version}/my-app-1.0-20180724.124855-1.jar" + def upload_file(params: {}, request_headers: headers, file_extension: 'jar') + url = "/projects/#{project.id}/packages/maven/com/example/my-app/#{version}/my-app-1.0-20180724.124855-1.#{file_extension}" workhorse_finalize( api(url), method: :put, @@ -641,8 +685,8 @@ RSpec.describe API::MavenPackages do ) end - def upload_file_with_token(params = {}, request_headers = headers_with_token) - upload_file(params, request_headers) + def upload_file_with_token(params: {}, request_headers: headers_with_token, file_extension: 'jar') + upload_file(params: params, request_headers: request_headers, file_extension: file_extension) end end end |