Add some upload specs

5fe06d73 · Jacob Vosmaer · 5f370841 · 5fe06d73 · 5fe06d73
Commit 5fe06d73 authored Mar 24, 2016 by Jacob Vosmaer
Show whitespace changes
Inline Side-by-side

Showing with 89 additions and 10 deletions

app/controllers/projects/git_http_controller.rb app/controllers/projects/git_http_controller.rb +29 -7

spec/requests/git_http_spec.rb spec/requests/git_http_spec.rb +60 -3

No files found.
--- a/app/controllers/projects/git_http_controller.rb
+++ b/app/controllers/projects/git_http_controller.rb
@@ -5,11 +5,13 @@ class Projects::GitHttpController < Projects::ApplicationController
  def git_rpc
    if upload_pack? && upload_pack_allowed?
-      render_ok and return
+      render_ok
-    end
+    elsif receive_pack? && receive_pack_allowed?
+      render_ok
+    else
      render_not_found
    end
+  end
  %i{info_refs git_receive_pack git_upload_pack}.each do |method|
    alias_method method, :git_rpc
@@ -30,7 +32,7 @@ class Projects::GitHttpController < Projects::ApplicationController
  end
  def project_found?
-    render_not_found if project.nil?
+    render_not_found if project.blank?
  end
  def ci_request?(login, password)
@@ -124,10 +126,18 @@ class Projects::GitHttpController < Projects::ApplicationController
  end
  def upload_pack?
+    rpc == 'git-upload-pack'
+  end
+  def receive_pack?
+    rpc == 'git-receive-pack'
+  end
+  def rpc
    if action_name == 'info_refs'
-      params[:service] == 'git-upload-pack'
+      params[:service]
    else
-      action_name == 'git_upload_pack'
+      action_name.gsub('_', '-')
    end
  end
@@ -164,4 +174,16 @@ class Projects::GitHttpController < Projects::ApplicationController
      false
    end
  end
+  def receive_pack_allowed?
+    if !Gitlab.config.gitlab_shell.receive_pack
+      false
+    elsif user
+      # Skip user authorization on upload request.
+      # It will be done by the pre-receive hook in the repository.
+      true
+    else
+      false
+    end
+  end
 end
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -61,12 +61,38 @@ describe 'Git HTTP requests', lib: true do
        project.update_attribute(:visibility_level, Project::PUBLIC)
      end
-      it "responds with status 200" do
+      it "downloads get status 200" do
        download(path, env) do |response|
          expect(response.status).to eq(200)
        end
      end
+      it "uploads get status 401" do
+        upload(path, env) do |response|
+          expect(response.status).to eq(401)
+        end
+      end
+      context "with correct credentials" do
+        let(:env) { { user: user.username, password: user.password } }
+        it "uploads get status 200 (because Git hooks do the real check)" do
+          upload(path, env) do |response|
+            expect(response.status).to eq(200)
+          end
+        end
+        context 'but git-receive-pack is disabled' do
+          it "responds with status 404" do
+            allow(Gitlab.config.gitlab_shell).to receive(:receive_pack).and_return(false)
+            upload(path, env) do |response|
+              expect(response.status).to eq(404)
+            end
+          end
+        end
+      end
      context 'but git-upload-pack is disabled' do
        it "responds with status 404" do
          allow(Gitlab.config.gitlab_shell).to receive(:upload_pack).and_return(false)
@@ -133,13 +159,19 @@ describe 'Git HTTP requests', lib: true do
            end
            context "when the user isn't blocked" do
-              it "responds with status 200" do
+              it "downloads status 200" do
                expect(Rack::Attack::Allow2Ban).to receive(:reset)
                clone_get(path, env)
                expect(response.status).to eq(200)
              end
+              it "uploads get status 200" do
+                upload(path, env) do |response|
+                  expect(response.status).to eq(200)
+                end      
+              end
            end
            context "when blank password attempts follow a valid login" do
@@ -174,11 +206,17 @@ describe 'Git HTTP requests', lib: true do
          end
          context "when the user doesn't have access to the project" do
-            it "responds with status 404" do
+            it "downloads get status 404" do
              download(path, user: user.username, password: user.password) do |response|
                expect(response.status).to eq(404)
              end
            end
+            it "uploads get status 200 (because Git hooks do the real check)" do
+              upload(path, user: user.username, password: user.password) do |response|
+                expect(response.status).to eq(200)
+              end
+            end
          end
        end
      end
@@ -196,6 +234,7 @@ describe 'Git HTTP requests', lib: true do
      end
    end
  end
  def clone_get(project, options={})
    get "/#{project}/info/refs", { service: 'git-upload-pack' }, auth_env(*options.values_at(:user, :password))
  end
@@ -204,6 +243,14 @@ describe 'Git HTTP requests', lib: true do
    post "/#{project}/git-upload-pack", {}, auth_env(*options.values_at(:user, :password))
  end
+  def push_get(project, options={})
+    get "/#{project}/info/refs", { service: 'git-receive-pack' }, auth_env(*options.values_at(:user, :password))
+  end
+  def push_post(project, options={})
+    post "/#{project}/git-receive-pack", {}, auth_env(*options.values_at(:user, :password))
+  end
  def download(project, user: nil, password: nil)
    args = [project, {user: user, password: password}]
@@ -214,6 +261,16 @@ describe 'Git HTTP requests', lib: true do
    yield response
  end
+  def upload(project, user: nil, password: nil)
+    args = [project, {user: user, password: password}]
+    push_get *args
+    yield response
+    push_post *args
+    yield response
+  end
  def auth_env(user, password)
    if user && password
      { 'HTTP_AUTHORIZATION' => ActionController::HttpAuthentication::Basic.encode_credentials(user, password) }