diff options
Diffstat (limited to 'spec/requests/api/pypi_packages_spec.rb')
-rw-r--r-- | spec/requests/api/pypi_packages_spec.rb | 313 |
1 files changed, 153 insertions, 160 deletions
diff --git a/spec/requests/api/pypi_packages_spec.rb b/spec/requests/api/pypi_packages_spec.rb index b4e83c8caab..e2cfd87b507 100644 --- a/spec/requests/api/pypi_packages_spec.rb +++ b/spec/requests/api/pypi_packages_spec.rb @@ -4,6 +4,7 @@ require 'spec_helper' RSpec.describe API::PypiPackages do include WorkhorseHelpers include PackagesManagerApiSpecHelpers + include HttpBasicAuthHelpers let_it_be(:user) { create(:user) } let_it_be(:project, reload: true) { create(:project, :public) } @@ -17,49 +18,47 @@ RSpec.describe API::PypiPackages do subject { get api(url) } - context 'without the need for a license' do - context 'with valid project' do - using RSpec::Parameterized::TableSyntax - - where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do - 'PUBLIC' | :developer | true | true | 'PyPi package versions' | :success - 'PUBLIC' | :guest | true | true | 'PyPi package versions' | :success - 'PUBLIC' | :developer | true | false | 'PyPi package versions' | :success - 'PUBLIC' | :guest | true | false | 'PyPi package versions' | :success - 'PUBLIC' | :developer | false | true | 'PyPi package versions' | :success - 'PUBLIC' | :guest | false | true | 'PyPi package versions' | :success - 'PUBLIC' | :developer | false | false | 'PyPi package versions' | :success - 'PUBLIC' | :guest | false | false | 'PyPi package versions' | :success - 'PUBLIC' | :anonymous | false | true | 'PyPi package versions' | :success - 'PRIVATE' | :developer | true | true | 'PyPi package versions' | :success - 'PRIVATE' | :guest | true | true | 'process PyPi api request' | :forbidden - 'PRIVATE' | :developer | true | false | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :guest | true | false | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :developer | false | true | 'process PyPi api request' | :not_found - 'PRIVATE' | :guest | false | true | 'process PyPi api request' | :not_found - 'PRIVATE' | :developer | false | false | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :guest | false | false | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :anonymous | false | true | 'process PyPi api request' | :unauthorized - end - - with_them do - let(:token) { user_token ? personal_access_token.token : 'wrong' } - let(:headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) } + context 'with valid project' do + using RSpec::Parameterized::TableSyntax + + where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do + 'PUBLIC' | :developer | true | true | 'PyPi package versions' | :success + 'PUBLIC' | :guest | true | true | 'PyPi package versions' | :success + 'PUBLIC' | :developer | true | false | 'PyPi package versions' | :success + 'PUBLIC' | :guest | true | false | 'PyPi package versions' | :success + 'PUBLIC' | :developer | false | true | 'PyPi package versions' | :success + 'PUBLIC' | :guest | false | true | 'PyPi package versions' | :success + 'PUBLIC' | :developer | false | false | 'PyPi package versions' | :success + 'PUBLIC' | :guest | false | false | 'PyPi package versions' | :success + 'PUBLIC' | :anonymous | false | true | 'PyPi package versions' | :success + 'PRIVATE' | :developer | true | true | 'PyPi package versions' | :success + 'PRIVATE' | :guest | true | true | 'process PyPi api request' | :forbidden + 'PRIVATE' | :developer | true | false | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :guest | true | false | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :developer | false | true | 'process PyPi api request' | :not_found + 'PRIVATE' | :guest | false | true | 'process PyPi api request' | :not_found + 'PRIVATE' | :developer | false | false | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :guest | false | false | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :anonymous | false | true | 'process PyPi api request' | :unauthorized + end - subject { get api(url), headers: headers } + with_them do + let(:token) { user_token ? personal_access_token.token : 'wrong' } + let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) } - before do - project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false)) - end + subject { get api(url), headers: headers } - it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member] + before do + project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false)) end + + it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member] end + end - it_behaves_like 'deploy token for package GET requests' + it_behaves_like 'deploy token for package GET requests' - it_behaves_like 'rejects PyPI access with unknown project id' - end + it_behaves_like 'rejects PyPI access with unknown project id' end describe 'POST /api/v4/projects/:id/packages/pypi/authorize' do @@ -70,48 +69,46 @@ RSpec.describe API::PypiPackages do subject { post api(url), headers: headers } - context 'without the need for a license' do - context 'with valid project' do - using RSpec::Parameterized::TableSyntax - - where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do - 'PUBLIC' | :developer | true | true | 'process PyPi api request' | :success - 'PUBLIC' | :guest | true | true | 'process PyPi api request' | :forbidden - 'PUBLIC' | :developer | true | false | 'process PyPi api request' | :unauthorized - 'PUBLIC' | :guest | true | false | 'process PyPi api request' | :unauthorized - 'PUBLIC' | :developer | false | true | 'process PyPi api request' | :forbidden - 'PUBLIC' | :guest | false | true | 'process PyPi api request' | :forbidden - 'PUBLIC' | :developer | false | false | 'process PyPi api request' | :unauthorized - 'PUBLIC' | :guest | false | false | 'process PyPi api request' | :unauthorized - 'PUBLIC' | :anonymous | false | true | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :developer | true | true | 'process PyPi api request' | :success - 'PRIVATE' | :guest | true | true | 'process PyPi api request' | :forbidden - 'PRIVATE' | :developer | true | false | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :guest | true | false | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :developer | false | true | 'process PyPi api request' | :not_found - 'PRIVATE' | :guest | false | true | 'process PyPi api request' | :not_found - 'PRIVATE' | :developer | false | false | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :guest | false | false | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :anonymous | false | true | 'process PyPi api request' | :unauthorized - end - - with_them do - let(:token) { user_token ? personal_access_token.token : 'wrong' } - let(:user_headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) } - let(:headers) { user_headers.merge(workhorse_header) } + context 'with valid project' do + using RSpec::Parameterized::TableSyntax + + where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do + 'PUBLIC' | :developer | true | true | 'process PyPi api request' | :success + 'PUBLIC' | :guest | true | true | 'process PyPi api request' | :forbidden + 'PUBLIC' | :developer | true | false | 'process PyPi api request' | :unauthorized + 'PUBLIC' | :guest | true | false | 'process PyPi api request' | :unauthorized + 'PUBLIC' | :developer | false | true | 'process PyPi api request' | :forbidden + 'PUBLIC' | :guest | false | true | 'process PyPi api request' | :forbidden + 'PUBLIC' | :developer | false | false | 'process PyPi api request' | :unauthorized + 'PUBLIC' | :guest | false | false | 'process PyPi api request' | :unauthorized + 'PUBLIC' | :anonymous | false | true | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :developer | true | true | 'process PyPi api request' | :success + 'PRIVATE' | :guest | true | true | 'process PyPi api request' | :forbidden + 'PRIVATE' | :developer | true | false | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :guest | true | false | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :developer | false | true | 'process PyPi api request' | :not_found + 'PRIVATE' | :guest | false | true | 'process PyPi api request' | :not_found + 'PRIVATE' | :developer | false | false | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :guest | false | false | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :anonymous | false | true | 'process PyPi api request' | :unauthorized + end - before do - project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false)) - end + with_them do + let(:token) { user_token ? personal_access_token.token : 'wrong' } + let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) } + let(:headers) { user_headers.merge(workhorse_header) } - it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member] + before do + project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false)) end + + it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member] end + end - it_behaves_like 'deploy token for package uploads' + it_behaves_like 'deploy token for package uploads' - it_behaves_like 'rejects PyPI access with unknown project id' - end + it_behaves_like 'rejects PyPI access with unknown project id' end describe 'POST /api/v4/projects/:id/packages/pypi' do @@ -135,61 +132,59 @@ RSpec.describe API::PypiPackages do ) end - context 'without the need for a license' do - context 'with valid project' do - using RSpec::Parameterized::TableSyntax - - where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do - 'PUBLIC' | :developer | true | true | 'PyPi package creation' | :created - 'PUBLIC' | :guest | true | true | 'process PyPi api request' | :forbidden - 'PUBLIC' | :developer | true | false | 'process PyPi api request' | :unauthorized - 'PUBLIC' | :guest | true | false | 'process PyPi api request' | :unauthorized - 'PUBLIC' | :developer | false | true | 'process PyPi api request' | :forbidden - 'PUBLIC' | :guest | false | true | 'process PyPi api request' | :forbidden - 'PUBLIC' | :developer | false | false | 'process PyPi api request' | :unauthorized - 'PUBLIC' | :guest | false | false | 'process PyPi api request' | :unauthorized - 'PUBLIC' | :anonymous | false | true | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :developer | true | true | 'process PyPi api request' | :created - 'PRIVATE' | :guest | true | true | 'process PyPi api request' | :forbidden - 'PRIVATE' | :developer | true | false | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :guest | true | false | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :developer | false | true | 'process PyPi api request' | :not_found - 'PRIVATE' | :guest | false | true | 'process PyPi api request' | :not_found - 'PRIVATE' | :developer | false | false | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :guest | false | false | 'process PyPi api request' | :unauthorized - 'PRIVATE' | :anonymous | false | true | 'process PyPi api request' | :unauthorized - end - - with_them do - let(:token) { user_token ? personal_access_token.token : 'wrong' } - let(:user_headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) } - let(:headers) { user_headers.merge(workhorse_header) } - - before do - project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false)) - end - - it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member] - end + context 'with valid project' do + using RSpec::Parameterized::TableSyntax + + where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do + 'PUBLIC' | :developer | true | true | 'PyPi package creation' | :created + 'PUBLIC' | :guest | true | true | 'process PyPi api request' | :forbidden + 'PUBLIC' | :developer | true | false | 'process PyPi api request' | :unauthorized + 'PUBLIC' | :guest | true | false | 'process PyPi api request' | :unauthorized + 'PUBLIC' | :developer | false | true | 'process PyPi api request' | :forbidden + 'PUBLIC' | :guest | false | true | 'process PyPi api request' | :forbidden + 'PUBLIC' | :developer | false | false | 'process PyPi api request' | :unauthorized + 'PUBLIC' | :guest | false | false | 'process PyPi api request' | :unauthorized + 'PUBLIC' | :anonymous | false | true | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :developer | true | true | 'process PyPi api request' | :created + 'PRIVATE' | :guest | true | true | 'process PyPi api request' | :forbidden + 'PRIVATE' | :developer | true | false | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :guest | true | false | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :developer | false | true | 'process PyPi api request' | :not_found + 'PRIVATE' | :guest | false | true | 'process PyPi api request' | :not_found + 'PRIVATE' | :developer | false | false | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :guest | false | false | 'process PyPi api request' | :unauthorized + 'PRIVATE' | :anonymous | false | true | 'process PyPi api request' | :unauthorized end - context 'with an invalid package' do - let(:token) { personal_access_token.token } - let(:user_headers) { build_basic_auth_header(user.username, token) } + with_them do + let(:token) { user_token ? personal_access_token.token : 'wrong' } + let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) } let(:headers) { user_headers.merge(workhorse_header) } before do - params[:name] = '.$/@!^*' - project.add_developer(user) + project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false)) end - it_behaves_like 'returning response status', :bad_request + it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member] end + end - it_behaves_like 'deploy token for package uploads' + context 'with an invalid package' do + let(:token) { personal_access_token.token } + let(:user_headers) { basic_auth_header(user.username, token) } + let(:headers) { user_headers.merge(workhorse_header) } + + before do + params[:name] = '.$/@!^*' + project.add_developer(user) + end - it_behaves_like 'rejects PyPI access with unknown project id' + it_behaves_like 'returning response status', :bad_request end + + it_behaves_like 'deploy token for package uploads' + + it_behaves_like 'rejects PyPI access with unknown project id' end describe 'GET /api/v4/projects/:id/packages/pypi/files/:sha256/*file_identifier' do @@ -200,60 +195,58 @@ RSpec.describe API::PypiPackages do subject { get api(url) } - context 'without the need for a license' do - context 'with valid project' do - using RSpec::Parameterized::TableSyntax - - where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do - 'PUBLIC' | :developer | true | true | 'PyPi package download' | :success - 'PUBLIC' | :guest | true | true | 'PyPi package download' | :success - 'PUBLIC' | :developer | true | false | 'PyPi package download' | :success - 'PUBLIC' | :guest | true | false | 'PyPi package download' | :success - 'PUBLIC' | :developer | false | true | 'PyPi package download' | :success - 'PUBLIC' | :guest | false | true | 'PyPi package download' | :success - 'PUBLIC' | :developer | false | false | 'PyPi package download' | :success - 'PUBLIC' | :guest | false | false | 'PyPi package download' | :success - 'PUBLIC' | :anonymous | false | true | 'PyPi package download' | :success - 'PRIVATE' | :developer | true | true | 'PyPi package download' | :success - 'PRIVATE' | :guest | true | true | 'PyPi package download' | :success - 'PRIVATE' | :developer | true | false | 'PyPi package download' | :success - 'PRIVATE' | :guest | true | false | 'PyPi package download' | :success - 'PRIVATE' | :developer | false | true | 'PyPi package download' | :success - 'PRIVATE' | :guest | false | true | 'PyPi package download' | :success - 'PRIVATE' | :developer | false | false | 'PyPi package download' | :success - 'PRIVATE' | :guest | false | false | 'PyPi package download' | :success - 'PRIVATE' | :anonymous | false | true | 'PyPi package download' | :success - end - - with_them do - let(:token) { user_token ? personal_access_token.token : 'wrong' } - let(:headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) } + context 'with valid project' do + using RSpec::Parameterized::TableSyntax + + where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do + 'PUBLIC' | :developer | true | true | 'PyPi package download' | :success + 'PUBLIC' | :guest | true | true | 'PyPi package download' | :success + 'PUBLIC' | :developer | true | false | 'PyPi package download' | :success + 'PUBLIC' | :guest | true | false | 'PyPi package download' | :success + 'PUBLIC' | :developer | false | true | 'PyPi package download' | :success + 'PUBLIC' | :guest | false | true | 'PyPi package download' | :success + 'PUBLIC' | :developer | false | false | 'PyPi package download' | :success + 'PUBLIC' | :guest | false | false | 'PyPi package download' | :success + 'PUBLIC' | :anonymous | false | true | 'PyPi package download' | :success + 'PRIVATE' | :developer | true | true | 'PyPi package download' | :success + 'PRIVATE' | :guest | true | true | 'PyPi package download' | :success + 'PRIVATE' | :developer | true | false | 'PyPi package download' | :success + 'PRIVATE' | :guest | true | false | 'PyPi package download' | :success + 'PRIVATE' | :developer | false | true | 'PyPi package download' | :success + 'PRIVATE' | :guest | false | true | 'PyPi package download' | :success + 'PRIVATE' | :developer | false | false | 'PyPi package download' | :success + 'PRIVATE' | :guest | false | false | 'PyPi package download' | :success + 'PRIVATE' | :anonymous | false | true | 'PyPi package download' | :success + end - subject { get api(url), headers: headers } + with_them do + let(:token) { user_token ? personal_access_token.token : 'wrong' } + let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) } - before do - project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false)) - end + subject { get api(url), headers: headers } - it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member] + before do + project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false)) end + + it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member] end + end - context 'with deploy token headers' do - let(:headers) { build_basic_auth_header(deploy_token.username, deploy_token.token) } + context 'with deploy token headers' do + let(:headers) { basic_auth_header(deploy_token.username, deploy_token.token) } - context 'valid token' do - it_behaves_like 'returning response status', :success - end + context 'valid token' do + it_behaves_like 'returning response status', :success + end - context 'invalid token' do - let(:headers) { build_basic_auth_header('foo', 'bar') } + context 'invalid token' do + let(:headers) { basic_auth_header('foo', 'bar') } - it_behaves_like 'returning response status', :success - end + it_behaves_like 'returning response status', :success end - - it_behaves_like 'rejects PyPI access with unknown project id' end + + it_behaves_like 'rejects PyPI access with unknown project id' end end |