1 files changed, 139 insertions, 0 deletions

diff --git a/spec/requests/api/rubygem_packages_spec.rb b/spec/requests/api/rubygem_packages_spec.rb
new file mode 100644
index 00000000000..5dd68bf9b10
--- /dev/null
+++ b/spec/requests/api/rubygem_packages_spec.rb
@@ -0,0 +1,139 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe API::RubygemPackages do
+  using RSpec::Parameterized::TableSyntax
+
+  let_it_be(:project) { create(:project) }
+  let_it_be(:personal_access_token) { create(:personal_access_token) }
+  let_it_be(:user) { personal_access_token.user }
+  let_it_be(:job) { create(:ci_build, :running, user: user) }
+  let_it_be(:deploy_token) { create(:deploy_token, read_package_registry: true, write_package_registry: true) }
+  let_it_be(:project_deploy_token) { create(:project_deploy_token, deploy_token: deploy_token, project: project) }
+  let_it_be(:headers) { {} }
+
+  shared_examples 'when feature flag is disabled' do
+    let(:headers) do
+      { 'HTTP_AUTHORIZATION' => personal_access_token.token }
+    end
+
+    before do
+      stub_feature_flags(rubygem_packages: false)
+    end
+
+    it_behaves_like 'returning response status', :not_found
+  end
+
+  shared_examples 'when package feature is disabled' do
+    before do
+      stub_config(packages: { enabled: false })
+    end
+
+    it_behaves_like 'returning response status', :not_found
+  end
+
+  shared_examples 'without authentication' do
+    it_behaves_like 'returning response status', :unauthorized
+  end
+
+  shared_examples 'with authentication' do
+    let(:headers) do
+      { 'HTTP_AUTHORIZATION' => token }
+    end
+
+    let(:tokens) do
+      {
+        personal_access_token: personal_access_token.token,
+        deploy_token: deploy_token.token,
+        job_token: job.token
+      }
+    end
+
+    where(:user_role, :token_type, :valid_token, :status) do
+      :guest     | :personal_access_token   | true  | :not_found
+      :guest     | :personal_access_token   | false | :unauthorized
+      :guest     | :deploy_token            | true  | :not_found
+      :guest     | :deploy_token            | false | :unauthorized
+      :guest     | :job_token               | true  | :not_found
+      :guest     | :job_token               | false | :unauthorized
+      :reporter  | :personal_access_token   | true  | :not_found
+      :reporter  | :personal_access_token   | false | :unauthorized
+      :reporter  | :deploy_token            | true  | :not_found
+      :reporter  | :deploy_token            | false | :unauthorized
+      :reporter  | :job_token               | true  | :not_found
+      :reporter  | :job_token               | false | :unauthorized
+      :developer | :personal_access_token   | true  | :not_found
+      :developer | :personal_access_token   | false | :unauthorized
+      :developer | :deploy_token            | true  | :not_found
+      :developer | :deploy_token            | false | :unauthorized
+      :developer | :job_token               | true  | :not_found
+      :developer | :job_token               | false | :unauthorized
+    end
+
+    with_them do
+      before do
+        project.send("add_#{user_role}", user) unless user_role == :anonymous
+      end
+
+      let(:token) { valid_token ? tokens[token_type] : 'invalid-token123' }
+
+      it_behaves_like 'returning response status', params[:status]
+    end
+  end
+
+  shared_examples 'an unimplemented route' do
+    it_behaves_like 'without authentication'
+    it_behaves_like 'with authentication'
+    it_behaves_like 'when feature flag is disabled'
+    it_behaves_like 'when package feature is disabled'
+  end
+
+  describe 'GET /api/v4/projects/:project_id/packages/rubygems/:filename' do
+    let(:url) { api("/projects/#{project.id}/packages/rubygems/specs.4.8.gz") }
+
+    subject { get(url, headers: headers) }
+
+    it_behaves_like 'an unimplemented route'
+  end
+
+  describe 'GET /api/v4/projects/:project_id/packages/rubygems/quick/Marshal.4.8/:file_name' do
+    let(:url) { api("/projects/#{project.id}/packages/rubygems/quick/Marshal.4.8/my_gem-1.0.0.gemspec.rz") }
+
+    subject { get(url, headers: headers) }
+
+    it_behaves_like 'an unimplemented route'
+  end
+
+  describe 'GET /api/v4/projects/:project_id/packages/rubygems/gems/:file_name' do
+    let(:url) { api("/projects/#{project.id}/packages/rubygems/gems/my_gem-1.0.0.gem") }
+
+    subject { get(url, headers: headers) }
+
+    it_behaves_like 'an unimplemented route'
+  end
+
+  describe 'POST /api/v4/projects/:project_id/packages/rubygems/api/v1/gems/authorize' do
+    let(:url) { api("/projects/#{project.id}/packages/rubygems/api/v1/gems/authorize") }
+
+    subject { post(url, headers: headers) }
+
+    it_behaves_like 'an unimplemented route'
+  end
+
+  describe 'POST /api/v4/projects/:project_id/packages/rubygems/api/v1/gems' do
+    let(:url) { api("/projects/#{project.id}/packages/rubygems/api/v1/gems") }
+
+    subject { post(url, headers: headers) }
+
+    it_behaves_like 'an unimplemented route'
+  end
+
+  describe 'GET /api/v4/projects/:project_id/packages/rubygems/api/v1/dependencies' do
+    let(:url) { api("/projects/#{project.id}/packages/rubygems/api/v1/dependencies") }
+
+    subject { get(url, headers: headers) }
+
+    it_behaves_like 'an unimplemented route'
+  end
+end