Merge branch 'hvlad/gitlab-ce-feature/add_test_for_git_http_ldap_user' into 'master'

Added git http requests tests for user with LDAP identity ## What does this MR do? Added tests to git http request for a user with ldap identity. ## Are there points in the code the reviewer needs to double check? In order to stick to the way the existing tests are defined in spec files, I have added the new tests in the same spec file that coveres the git http request feature and thus it seems to be a lot of changes in the git_http_spec.rb when looking at the commit git in Gitlab, but the largest change is indentation so please check with a better diff tool (i.e. kdiff3). Let me know if this is OK with you or do you want to have a new file introduced (i.e. `git_http_ldap_spec.rb`) ## Why was this MR needed? To increase test coverage and to make sure the changes that will be introduced by #20820 will not introduce any regressions. ## What are the relevant issue numbers? #20820 See merge request !6559

Merge branch 'hvlad/gitlab-ce-feature/add_test_for_git_http_ldap_user' into 'master'
Added git http requests tests for user with LDAP identity ## What does this MR do? Added tests to git http request for a user with ldap identity. ## Are there points in the code the reviewer needs to double check? In order to stick to the way the existing tests are defined in spec files, I have added the new tests in the same spec file that coveres the git http request feature and thus it seems to be a lot of changes in the git_http_spec.rb when looking at the commit git in Gitlab, but the largest change is indentation so please check with a better diff tool (i.e. kdiff3). Let me know if this is OK with you or do you want to have a new file introduced (i.e. `git_http_ldap_spec.rb`) ## Why was this MR needed? To increase test coverage and to make sure the changes that will be introduced by #20820 will not introduce any regressions. ## What are the relevant issue numbers? #20820 See merge request !6559
f4ded8a8 · Rémy Coutable · 684baf7e · dc15201c · f4ded8a8 · f4ded8a8
Commit f4ded8a8 authored Sep 28, 2016 by Rémy Coutable
Show whitespace changes
Inline Side-by-side

Showing with 381 additions and 324 deletions

spec/requests/git_http_spec.rb spec/requests/git_http_spec.rb +333 -324

spec/support/git_http_helpers.rb spec/support/git_http_helpers.rb +48 -0

No files found.
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
 require "spec_helper"

 describe 'Git HTTP requests', lib: true do
+  include GitHttpHelpers
  include WorkhorseHelpers

-  let(:user)    { create(:user) }
-  let(:project) { create(:project, path: 'project.git-project') }
-
  it "gives WWW-Authenticate hints" do
    clone_get('doesnt/exist.git')

    expect(response.header['WWW-Authenticate']).to start_with('Basic ')
  end

+  describe "User with no identities" do
+    let(:user)    { create(:user) }
+    let(:project) { create(:project, path: 'project.git-project') }
+
    context "when the project doesn't exist" do
      context "when no authentication is provided" do
        it "responds with status 401 (no project existence information leak)" do
@@ -458,51 +460,58 @@ describe 'Git HTTP requests', lib: true do
        end
      end
    end
-
-  def clone_get(project, options = {})
-    get "/#{project}/info/refs", { service: 'git-upload-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
  end

-  def clone_post(project, options = {})
-    post "/#{project}/git-upload-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
-  end
+  describe "User with LDAP identity" do
+    let(:user) { create(:omniauth_user, extern_uid: dn) }
+    let(:dn) { 'uid=john,ou=people,dc=example,dc=com' }

-  def push_get(project, options = {})
-    get "/#{project}/info/refs", { service: 'git-receive-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
+    before do
+      allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true)
+      allow(Gitlab::LDAP::Authentication).to receive(:login).and_return(nil)
+      allow(Gitlab::LDAP::Authentication).to receive(:login).with(user.username, user.password).and_return(user)
    end

-  def push_post(project, options = {})
-    post "/#{project}/git-receive-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
+    context "when authentication fails" do
+      context "when no authentication is provided" do
+        it "responds with status 401" do
+          download('doesnt/exist.git') do |response|
+            expect(response).to have_http_status(401)
+          end
+        end
      end

-  def download(project, user: nil, password: nil, spnego_request_token: nil)
-    args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
-
-    clone_get(*args)
-    yield response
-
-    clone_post(*args)
-    yield response
+      context "when username and invalid password are provided" do
+        it "responds with status 401" do
+          download('doesnt/exist.git', user: user.username, password: "nope") do |response|
+            expect(response).to have_http_status(401)
+          end
+        end
+      end
    end

-  def upload(project, user: nil, password: nil, spnego_request_token: nil)
-    args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
+    context "when authentication succeeds" do
+      context "when the project doesn't exist" do
+        it "responds with status 404" do
+          download('/doesnt/exist.git', user: user.username, password: user.password) do |response|
+            expect(response).to have_http_status(404)
+          end
+        end
+      end

-    push_get(*args)
-    yield response
+      context "when the project exists" do
+        let(:project) { create(:project, path: 'project.git-project') }

-    push_post(*args)
-    yield response
+        before do
+          project.team << [user, :master]
        end

-  def auth_env(user, password, spnego_request_token)
-    env = workhorse_internal_api_request_header
-    if user && password
-      env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user, password)
-    elsif spnego_request_token
-      env['HTTP_AUTHORIZATION'] = "Negotiate #{::Base64.strict_encode64('opaque_request_token')}"
+        it "responds with status 200" do
+          clone_get(path, user: user.username, password: user.password) do |response|
+            expect(response).to have_http_status(200)
+          end
+        end
+      end
    end
-
-    env
  end
 end
--- a/spec/support/git_http_helpers.rb
+++ b/spec/support/git_http_helpers.rb
+module GitHttpHelpers
+  def clone_get(project, options = {})
+    get "/#{project}/info/refs", { service: 'git-upload-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
+  end
+
+  def clone_post(project, options = {})
+    post "/#{project}/git-upload-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
+  end
+
+  def push_get(project, options = {})
+    get "/#{project}/info/refs", { service: 'git-receive-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
+  end
+
+  def push_post(project, options = {})
+    post "/#{project}/git-receive-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
+  end
+
+  def download(project, user: nil, password: nil, spnego_request_token: nil)
+    args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
+
+    clone_get(*args)
+    yield response
+
+    clone_post(*args)
+    yield response
+  end
+
+  def upload(project, user: nil, password: nil, spnego_request_token: nil)
+    args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
+
+    push_get(*args)
+    yield response
+
+    push_post(*args)
+    yield response
+  end
+
+  def auth_env(user, password, spnego_request_token)
+    env = workhorse_internal_api_request_header
+    if user && password
+      env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user, password)
+    elsif spnego_request_token
+      env['HTTP_AUTHORIZATION'] = "Negotiate #{::Base64.strict_encode64('opaque_request_token')}"
+    end
+
+    env
+  end
+end