Commit f4ded8a8 authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'hvlad/gitlab-ce-feature/add_test_for_git_http_ldap_user' into 'master'

Added git http requests tests for user with LDAP identity

## What does this MR do?

Added tests to git http request for a user with ldap identity.

## Are there points in the code the reviewer needs to double check?

In order to stick to the way the existing tests are defined in spec files, I have added the new tests in the same spec file that coveres the git http request feature and thus it seems to be a lot of changes in the git_http_spec.rb when looking at the commit git in Gitlab, but the largest change is indentation so please check with a better diff tool (i.e. kdiff3).

Let me know if this is OK with you or do you want to have a new file introduced (i.e. `git_http_ldap_spec.rb`)

## Why was this MR needed?

To increase test coverage and to make sure  the changes that will be introduced by #20820 will not introduce any regressions.

## What are the relevant issue numbers?

#20820

See merge request !6559
parents 684baf7e dc15201c
require "spec_helper"
describe 'Git HTTP requests', lib: true do
include GitHttpHelpers
include WorkhorseHelpers
let(:user) { create(:user) }
let(:project) { create(:project, path: 'project.git-project') }
it "gives WWW-Authenticate hints" do
clone_get('doesnt/exist.git')
expect(response.header['WWW-Authenticate']).to start_with('Basic ')
end
describe "User with no identities" do
let(:user) { create(:user) }
let(:project) { create(:project, path: 'project.git-project') }
context "when the project doesn't exist" do
context "when no authentication is provided" do
it "responds with status 401 (no project existence information leak)" do
......@@ -458,51 +460,58 @@ describe 'Git HTTP requests', lib: true do
end
end
end
def clone_get(project, options = {})
get "/#{project}/info/refs", { service: 'git-upload-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
end
def clone_post(project, options = {})
post "/#{project}/git-upload-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
end
describe "User with LDAP identity" do
let(:user) { create(:omniauth_user, extern_uid: dn) }
let(:dn) { 'uid=john,ou=people,dc=example,dc=com' }
def push_get(project, options = {})
get "/#{project}/info/refs", { service: 'git-receive-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
before do
allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true)
allow(Gitlab::LDAP::Authentication).to receive(:login).and_return(nil)
allow(Gitlab::LDAP::Authentication).to receive(:login).with(user.username, user.password).and_return(user)
end
def push_post(project, options = {})
post "/#{project}/git-receive-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
context "when authentication fails" do
context "when no authentication is provided" do
it "responds with status 401" do
download('doesnt/exist.git') do |response|
expect(response).to have_http_status(401)
end
end
end
def download(project, user: nil, password: nil, spnego_request_token: nil)
args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
clone_get(*args)
yield response
clone_post(*args)
yield response
context "when username and invalid password are provided" do
it "responds with status 401" do
download('doesnt/exist.git', user: user.username, password: "nope") do |response|
expect(response).to have_http_status(401)
end
end
end
end
def upload(project, user: nil, password: nil, spnego_request_token: nil)
args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
context "when authentication succeeds" do
context "when the project doesn't exist" do
it "responds with status 404" do
download('/doesnt/exist.git', user: user.username, password: user.password) do |response|
expect(response).to have_http_status(404)
end
end
end
push_get(*args)
yield response
context "when the project exists" do
let(:project) { create(:project, path: 'project.git-project') }
push_post(*args)
yield response
before do
project.team << [user, :master]
end
def auth_env(user, password, spnego_request_token)
env = workhorse_internal_api_request_header
if user && password
env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user, password)
elsif spnego_request_token
env['HTTP_AUTHORIZATION'] = "Negotiate #{::Base64.strict_encode64('opaque_request_token')}"
it "responds with status 200" do
clone_get(path, user: user.username, password: user.password) do |response|
expect(response).to have_http_status(200)
end
end
end
end
env
end
end
module GitHttpHelpers
def clone_get(project, options = {})
get "/#{project}/info/refs", { service: 'git-upload-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
end
def clone_post(project, options = {})
post "/#{project}/git-upload-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
end
def push_get(project, options = {})
get "/#{project}/info/refs", { service: 'git-receive-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
end
def push_post(project, options = {})
post "/#{project}/git-receive-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
end
def download(project, user: nil, password: nil, spnego_request_token: nil)
args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
clone_get(*args)
yield response
clone_post(*args)
yield response
end
def upload(project, user: nil, password: nil, spnego_request_token: nil)
args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
push_get(*args)
yield response
push_post(*args)
yield response
end
def auth_env(user, password, spnego_request_token)
env = workhorse_internal_api_request_header
if user && password
env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user, password)
elsif spnego_request_token
env['HTTP_AUTHORIZATION'] = "Negotiate #{::Base64.strict_encode64('opaque_request_token')}"
end
env
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment