From 877eefdb6d765fd9fd437b8328ecbe00cb07438a Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Fri, 6 Jan 2023 22:34:08 +0000 Subject: Add latest changes from gitlab-org/security/gitlab@15-7-stable-ee --- .../error_tracking/list_projects_service.rb | 16 +++--------- .../error_tracking/list_projects_service_spec.rb | 30 +++++----------------- 2 files changed, 9 insertions(+), 37 deletions(-) diff --git a/app/services/error_tracking/list_projects_service.rb b/app/services/error_tracking/list_projects_service.rb index d52306ef805..2f23d47029c 100644 --- a/app/services/error_tracking/list_projects_service.rb +++ b/app/services/error_tracking/list_projects_service.rb @@ -2,8 +2,6 @@ module ErrorTracking class ListProjectsService < ErrorTracking::BaseService - MASKED_TOKEN_REGEX = /\A\*+\z/.freeze - private def perform @@ -22,31 +20,23 @@ module ErrorTracking def project_error_tracking_setting (super || project.build_error_tracking_setting).tap do |setting| - url_changed = !setting.api_url&.start_with?(params[:api_host]) - setting.api_url = ErrorTracking::ProjectErrorTrackingSetting.build_api_url_from( api_host: params[:api_host], organization_slug: 'org', project_slug: 'proj' ) - setting.token = token(setting, url_changed) + setting.token = token(setting) setting.enabled = true end end strong_memoize_attr :project_error_tracking_setting - def token(setting, url_changed) - return if url_changed && masked_token? - + def token(setting) # Use param token if not masked, otherwise use database token - return params[:token] unless masked_token? + return params[:token] unless /\A\*+\z/.match?(params[:token]) setting.token end - - def masked_token? - MASKED_TOKEN_REGEX.match?(params[:token]) - end end end diff --git a/spec/services/error_tracking/list_projects_service_spec.rb b/spec/services/error_tracking/list_projects_service_spec.rb index 8408adcc21d..ce391bd1ca0 100644 --- a/spec/services/error_tracking/list_projects_service_spec.rb +++ b/spec/services/error_tracking/list_projects_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe ErrorTracking::ListProjectsService, feature_category: :integrations do +RSpec.describe ErrorTracking::ListProjectsService do let_it_be(:user) { create(:user) } let_it_be(:project, reload: true) { create(:project) } @@ -51,33 +51,15 @@ RSpec.describe ErrorTracking::ListProjectsService, feature_category: :integratio end context 'masked param token' do - let(:params) { ActionController::Parameters.new(token: "*********", api_host: api_host) } + let(:params) { ActionController::Parameters.new(token: "*********", api_host: new_api_host) } - context 'with the current api host' do - let(:api_host) { 'https://sentrytest.gitlab.com' } - - before do - expect(error_tracking_setting).to receive(:list_sentry_projects) + before do + expect(error_tracking_setting).to receive(:list_sentry_projects) .and_return({ projects: [] }) - end - - it 'uses database token' do - expect { subject.execute }.not_to change { error_tracking_setting.token } - end end - context 'with a new api host' do - let(:api_host) { new_api_host } - - it 'returns an error' do - expect(result[:message]).to start_with('Token is a required field') - expect(error_tracking_setting).not_to be_valid - expect(error_tracking_setting).not_to receive(:list_sentry_projects) - end - - it 'resets the token' do - expect { subject.execute }.to change { error_tracking_setting.token }.from(token).to(nil) - end + it 'uses database token' do + expect { subject.execute }.not_to change { error_tracking_setting.token } end end -- cgit v1.2.1