From ccb29955c9d7de69d99fe91425d6246cc723def4 Mon Sep 17 00:00:00 2001 From: Jacob Vosmaer Date: Wed, 6 Apr 2016 18:58:19 +0200 Subject: More tests, better descriptions --- spec/requests/git_http_spec.rb | 39 +++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb index 5d41d973083..8b217684911 100644 --- a/spec/requests/git_http_spec.rb +++ b/spec/requests/git_http_spec.rb @@ -12,7 +12,7 @@ describe 'Git HTTP requests', lib: true do context "when the project doesn't exist" do context "when no authentication is provided" do - it "responds with status 401" do + it "responds with status 401 (no project existence information leak)" do download('doesnt/exist.git') do |response| expect(response.status).to eq(401) end @@ -72,7 +72,7 @@ describe 'Git HTTP requests', lib: true do expect(response.status).to eq(401) end end - + context "with correct credentials" do let(:env) { { user: user.username, password: user.password } } @@ -81,11 +81,11 @@ describe 'Git HTTP requests', lib: true do expect(response.status).to eq(200) end end - + context 'but git-receive-pack is disabled' do it "responds with status 404" do allow(Gitlab.config.gitlab_shell).to receive(:receive_pack).and_return(false) - + upload(path, env) do |response| expect(response.status).to eq(404) end @@ -110,11 +110,17 @@ describe 'Git HTTP requests', lib: true do end context "when no authentication is provided" do - it "responds with status 401" do + it "responds with status 401 to downloads" do download(path, env) do |response| expect(response.status).to eq(401) end end + + it "responds with status 401 to uploads" do + upload(path, env) do |response| + expect(response.status).to eq(401) + end + end end context "when username and password are provided" do @@ -159,18 +165,18 @@ describe 'Git HTTP requests', lib: true do end context "when the user isn't blocked" do - it "downloads status 200" do + it "downloads get status 200" do expect(Rack::Attack::Allow2Ban).to receive(:reset) clone_get(path, env) expect(response.status).to eq(200) end - + it "uploads get status 200" do upload(path, env) do |response| expect(response.status).to eq(200) - end + end end end @@ -211,7 +217,7 @@ describe 'Git HTTP requests', lib: true do expect(response.status).to eq(404) end end - + it "uploads get status 200 (because Git hooks do the real check)" do upload(path, user: user.username, password: user.password) do |response| expect(response.status).to eq(200) @@ -222,15 +228,24 @@ describe 'Git HTTP requests', lib: true do end context "when a gitlab ci token is provided" do - it "responds with status 200" do - token = "123" - project = FactoryGirl.create :empty_project + let(:token) { 123 } + let(:project) { FactoryGirl.create :empty_project } + + before do project.update_attributes(runners_token: token, builds_enabled: true) + end + it "downloads get status 200" do clone_get "#{project.path_with_namespace}.git", user: 'gitlab-ci-token', password: token expect(response.status).to eq(200) end + + it "uploads get status 401 (no project existence information leak)" do + push_get "#{project.path_with_namespace}.git", user: 'gitlab-ci-token', password: token + + expect(response.status).to eq(401) + end end end end -- cgit v1.2.1