From 859a6fb938bb9ee2a317c46dfa4fcc1af49608f0 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 18 Feb 2021 10:34:06 +0000
Subject: Add latest changes from gitlab-org/gitlab@13-9-stable-ee

---
 spec/requests/api/generic_packages_spec.rb | 75 ++++++++++++++++++++----------
 1 file changed, 50 insertions(+), 25 deletions(-)

(limited to 'spec/requests/api/generic_packages_spec.rb')

diff --git a/spec/requests/api/generic_packages_spec.rb b/spec/requests/api/generic_packages_spec.rb
index d162d288129..a47be1ead9c 100644
--- a/spec/requests/api/generic_packages_spec.rb
+++ b/spec/requests/api/generic_packages_spec.rb
@@ -4,6 +4,9 @@ require 'spec_helper'
 
 RSpec.describe API::GenericPackages do
   include HttpBasicAuthHelpers
+  using RSpec::Parameterized::TableSyntax
+
+  include_context 'workhorse headers'
 
   let_it_be(:personal_access_token) { create(:personal_access_token) }
   let_it_be(:project, reload: true) { create(:project) }
@@ -13,8 +16,6 @@ RSpec.describe API::GenericPackages do
   let_it_be(:project_deploy_token_ro) { create(:project_deploy_token, deploy_token: deploy_token_ro, project: project) }
   let_it_be(:deploy_token_wo) { create(:deploy_token, read_package_registry: false, write_package_registry: true) }
   let_it_be(:project_deploy_token_wo) { create(:project_deploy_token, deploy_token: deploy_token_wo, project: project) }
-  let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
-  let(:workhorse_header) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
   let(:user) { personal_access_token.user }
   let(:ci_build) { create(:ci_build, :running, user: user) }
 
@@ -76,8 +77,6 @@ RSpec.describe API::GenericPackages do
 
   describe 'PUT /api/v4/projects/:id/packages/generic/:package_name/:package_version/:file_name/authorize' do
     context 'with valid project' do
-      using RSpec::Parameterized::TableSyntax
-
       where(:project_visibility, :user_role, :member?, :authenticate_with, :expected_status) do
         'PUBLIC'  | :developer | true  | :personal_access_token         | :success
         'PUBLIC'  | :guest     | true  | :personal_access_token         | :forbidden
@@ -130,7 +129,7 @@ RSpec.describe API::GenericPackages do
         end
 
         it "responds with #{params[:expected_status]}" do
-          authorize_upload_file(workhorse_header.merge(auth_header))
+          authorize_upload_file(workhorse_headers.merge(auth_header))
 
           expect(response).to have_gitlab_http_status(expected_status)
         end
@@ -145,7 +144,7 @@ RSpec.describe API::GenericPackages do
 
       with_them do
         it "responds with #{params[:expected_status]}" do
-          authorize_upload_file(workhorse_header.merge(deploy_token_auth_header))
+          authorize_upload_file(workhorse_headers.merge(deploy_token_auth_header))
 
           expect(response).to have_gitlab_http_status(expected_status)
         end
@@ -163,7 +162,7 @@ RSpec.describe API::GenericPackages do
       end
 
       with_them do
-        subject { authorize_upload_file(workhorse_header.merge(personal_access_token_header), param_name => param_value) }
+        subject { authorize_upload_file(workhorse_headers.merge(personal_access_token_header), param_name => param_value) }
 
         it_behaves_like 'secure endpoint'
       end
@@ -174,7 +173,7 @@ RSpec.describe API::GenericPackages do
         stub_feature_flags(generic_packages: false)
         project.add_developer(user)
 
-        authorize_upload_file(workhorse_header.merge(personal_access_token_header))
+        authorize_upload_file(workhorse_headers.merge(personal_access_token_header))
 
         expect(response).to have_gitlab_http_status(:not_found)
       end
@@ -194,8 +193,6 @@ RSpec.describe API::GenericPackages do
     let(:params) { { file: file_upload } }
 
     context 'authentication' do
-      using RSpec::Parameterized::TableSyntax
-
       where(:project_visibility, :user_role, :member?, :authenticate_with, :expected_status) do
         'PUBLIC'  | :guest     | true  | :personal_access_token         | :forbidden
         'PUBLIC'  | :guest     | true  | :user_basic_auth               | :forbidden
@@ -242,7 +239,7 @@ RSpec.describe API::GenericPackages do
         end
 
         it "responds with #{params[:expected_status]}" do
-          headers = workhorse_header.merge(auth_header)
+          headers = workhorse_headers.merge(auth_header)
 
           upload_file(params, headers)
 
@@ -257,7 +254,7 @@ RSpec.describe API::GenericPackages do
 
       with_them do
         it "responds with #{params[:expected_status]}" do
-          headers = workhorse_header.merge(deploy_token_auth_header)
+          headers = workhorse_headers.merge(deploy_token_auth_header)
 
           upload_file(params, headers)
 
@@ -273,7 +270,7 @@ RSpec.describe API::GenericPackages do
 
       shared_examples 'creates a package and package file' do
         it 'creates a package and package file' do
-          headers = workhorse_header.merge(auth_header)
+          headers = workhorse_headers.merge(auth_header)
 
           expect { upload_file(params, headers) }
             .to change { project.packages.generic.count }.by(1)
@@ -284,6 +281,7 @@ RSpec.describe API::GenericPackages do
 
             package = project.packages.generic.last
             expect(package.name).to eq('mypackage')
+            expect(package.status).to eq('default')
             expect(package.version).to eq('0.0.1')
 
             if should_set_build_info
@@ -296,6 +294,39 @@ RSpec.describe API::GenericPackages do
             expect(package_file.file_name).to eq('myfile.tar.gz')
           end
         end
+
+        context 'with a status' do
+          context 'valid status' do
+            let(:params) { super().merge(status: 'hidden') }
+
+            it 'assigns the status to the package' do
+              headers = workhorse_headers.merge(auth_header)
+
+              upload_file(params, headers)
+
+              aggregate_failures do
+                expect(response).to have_gitlab_http_status(:created)
+
+                package = project.packages.find_by(name: 'mypackage')
+                expect(package).to be_hidden
+              end
+            end
+          end
+
+          context 'invalid status' do
+            let(:params) { super().merge(status: 'processing') }
+
+            it 'rejects the package' do
+              headers = workhorse_headers.merge(auth_header)
+
+              upload_file(params, headers)
+
+              aggregate_failures do
+                expect(response).to have_gitlab_http_status(:bad_request)
+              end
+            end
+          end
+        end
       end
 
       context 'when valid personal access token is used' do
@@ -327,26 +358,26 @@ RSpec.describe API::GenericPackages do
       end
 
       context 'event tracking' do
-        subject { upload_file(params, workhorse_header.merge(personal_access_token_header)) }
+        subject { upload_file(params, workhorse_headers.merge(personal_access_token_header)) }
 
         it_behaves_like 'a gitlab tracking event', described_class.name, 'push_package'
       end
 
       it 'rejects request without a file from workhorse' do
-        headers = workhorse_header.merge(personal_access_token_header)
+        headers = workhorse_headers.merge(personal_access_token_header)
         upload_file({}, headers)
 
         expect(response).to have_gitlab_http_status(:bad_request)
       end
 
       it 'rejects request without an auth token' do
-        upload_file(params, workhorse_header)
+        upload_file(params, workhorse_headers)
 
         expect(response).to have_gitlab_http_status(:unauthorized)
       end
 
       it 'rejects request without workhorse rewritten fields' do
-        headers = workhorse_header.merge(personal_access_token_header)
+        headers = workhorse_headers.merge(personal_access_token_header)
         upload_file(params, headers, send_rewritten_field: false)
 
         expect(response).to have_gitlab_http_status(:bad_request)
@@ -357,7 +388,7 @@ RSpec.describe API::GenericPackages do
           allow(uploaded_file).to receive(:size).and_return(project.actual_limits.generic_packages_max_file_size + 1)
         end
 
-        headers = workhorse_header.merge(personal_access_token_header)
+        headers = workhorse_headers.merge(personal_access_token_header)
         upload_file(params, headers)
 
         expect(response).to have_gitlab_http_status(:bad_request)
@@ -373,8 +404,6 @@ RSpec.describe API::GenericPackages do
     end
 
     context 'application security' do
-      using RSpec::Parameterized::TableSyntax
-
       where(:param_name, :param_value) do
         :package_name | 'my-package/../'
         :package_name | 'my-package%2f%2e%2e%2f'
@@ -383,7 +412,7 @@ RSpec.describe API::GenericPackages do
       end
 
       with_them do
-        subject { upload_file(params, workhorse_header.merge(personal_access_token_header), param_name => param_value) }
+        subject { upload_file(params, workhorse_headers.merge(personal_access_token_header), param_name => param_value) }
 
         it_behaves_like 'secure endpoint'
       end
@@ -404,8 +433,6 @@ RSpec.describe API::GenericPackages do
   end
 
   describe 'GET /api/v4/projects/:id/packages/generic/:package_name/:package_version/:file_name' do
-    using RSpec::Parameterized::TableSyntax
-
     let_it_be(:package) { create(:generic_package, project: project) }
     let_it_be(:package_file) { create(:package_file, :generic, package: package) }
 
@@ -527,8 +554,6 @@ RSpec.describe API::GenericPackages do
     end
 
     context 'application security' do
-      using RSpec::Parameterized::TableSyntax
-
       where(:param_name, :param_value) do
         :package_name | 'my-package/../'
         :package_name | 'my-package%2f%2e%2e%2f'
-- 
cgit v1.2.1