Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
ccf5b21f
Commit
ccf5b21f
authored
Mar 24, 2016
by
Jacob Vosmaer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove useless "describe"
parent
aae577f9
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
117 additions
and
120 deletions
+117
-120
spec/requests/git_http_spec.rb
spec/requests/git_http_spec.rb
+117
-120
No files found.
spec/requests/git_http_spec.rb
View file @
ccf5b21f
...
...
@@ -4,195 +4,192 @@ describe 'Git HTTP requests', lib: true do
let
(
:user
)
{
create
(
:user
)
}
let
(
:project
)
{
create
(
:project
)
}
describe
"#call"
do
context
"when the project doesn't exist"
do
context
"when no authentication is provided"
do
it
"responds with status 401"
do
download
(
'doesnt/exist.git'
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
401
)
end
context
"when the project doesn't exist"
do
context
"when no authentication is provided"
do
it
"responds with status 401"
do
download
(
'doesnt/exist.git'
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
401
)
end
end
end
context
"when username and password are provided"
do
context
"when authentication fails"
do
it
"responds with status 401"
do
download
(
'doesnt/exist.git'
,
user:
user
.
username
,
password:
"nope"
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
401
)
end
context
"when username and password are provided"
do
context
"when authentication fails"
do
it
"responds with status 401"
do
download
(
'doesnt/exist.git'
,
user:
user
.
username
,
password:
"nope"
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
401
)
end
end
end
context
"when authentication succeeds"
do
it
"responds with status 404"
do
download
(
'/doesnt/exist.git'
,
user:
user
.
username
,
password:
user
.
password
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
404
)
end
context
"when authentication succeeds"
do
it
"responds with status 404"
do
download
(
'/doesnt/exist.git'
,
user:
user
.
username
,
password:
user
.
password
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
404
)
end
end
end
end
end
context
"when the Wiki for a project exists"
do
it
"responds with the right project"
do
wiki
=
ProjectWiki
.
new
(
project
)
project
.
update_attribute
(
:visibility_level
,
Project
::
PUBLIC
)
context
"when the Wiki for a project exists"
do
it
"responds with the right project"
do
wiki
=
ProjectWiki
.
new
(
project
)
project
.
update_attribute
(
:visibility_level
,
Project
::
PUBLIC
)
download
(
"/
#{
wiki
.
repository
.
path_with_namespace
}
.git"
)
do
|
response
|
json_body
=
ActiveSupport
::
JSON
.
decode
(
response
.
body
)
download
(
"/
#{
wiki
.
repository
.
path_with_namespace
}
.git"
)
do
|
response
|
json_body
=
ActiveSupport
::
JSON
.
decode
(
response
.
body
)
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
json_body
[
'RepoPath'
]).
to
include
(
wiki
.
repository
.
path_with_namespace
)
end
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
json_body
[
'RepoPath'
]).
to
include
(
wiki
.
repository
.
path_with_namespace
)
end
end
end
context
"when the project exists"
do
let
(
:path
)
{
"
#{
project
.
path_with_namespace
}
.git"
}
let
(
:env
)
{
{}
}
context
"when the project exists"
do
let
(
:path
)
{
"
#{
project
.
path_with_namespace
}
.git"
}
let
(
:env
)
{
{}
}
context
"when the project is public"
do
before
do
project
.
update_attribute
(
:visibility_level
,
Project
::
PUBLIC
)
context
"when the project is public"
do
before
do
project
.
update_attribute
(
:visibility_level
,
Project
::
PUBLIC
)
end
it
"responds with status 200"
do
download
(
path
,
env
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
200
)
end
it
"responds with status 200"
do
end
context
'but git-upload-pack is disabled'
do
it
"responds with status 404"
do
allow
(
Gitlab
.
config
.
gitlab_shell
).
to
receive
(
:upload_pack
).
and_return
(
false
)
download
(
path
,
env
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
response
.
status
).
to
eq
(
404
)
end
end
context
'but git-upload-pack is disabled'
do
it
"responds with status 404"
do
allow
(
Gitlab
.
config
.
gitlab_shell
).
to
receive
(
:upload_pack
).
and_return
(
false
)
end
end
download
(
path
,
env
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
404
)
end
context
"when the project is private"
do
before
do
project
.
update_attribute
(
:visibility_level
,
Project
::
PRIVATE
)
end
context
"when no authentication is provided"
do
it
"responds with status 401"
do
download
(
path
,
env
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
401
)
end
end
end
context
"when the project is private"
do
before
do
project
.
update_attribute
(
:visibility_level
,
Project
::
PRIVATE
)
end
context
"when username and password are provided"
do
let
(
:env
)
{
{
user:
user
.
username
,
password:
'nope'
}
}
context
"when
no authentication is provided
"
do
context
"when
authentication fails
"
do
it
"responds with status 401"
do
download
(
path
,
env
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
401
)
end
end
end
context
"when username and password are provided"
do
let
(
:env
)
{
{
user:
user
.
username
,
password:
'nope'
}
}
context
"when authentication fails"
do
context
"when the user is IP banned"
do
it
"responds with status 401"
do
download
(
path
,
env
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
401
)
end
end
context
"when the user is IP banned"
do
it
"responds with status 401"
do
expect
(
Rack
::
Attack
::
Allow2Ban
).
to
receive
(
:filter
).
and_return
(
true
)
allow_any_instance_of
(
Rack
::
Request
).
to
receive
(
:ip
).
and_return
(
'1.2.3.4'
)
expect
(
Rack
::
Attack
::
Allow2Ban
).
to
receive
(
:filter
).
and_return
(
true
)
allow_any_instance_of
(
Rack
::
Request
).
to
receive
(
:ip
).
and_return
(
'1.2.3.4'
)
clone_get
(
path
,
env
)
clone_get
(
path
,
env
)
expect
(
response
.
status
).
to
eq
(
401
)
end
expect
(
response
.
status
).
to
eq
(
401
)
end
end
end
context
"when authentication succeeds"
do
let
(
:env
)
{
{
user:
user
.
username
,
password:
user
.
password
}
}
context
"when authentication succeeds"
do
let
(
:env
)
{
{
user:
user
.
username
,
password:
user
.
password
}
}
context
"when the user has access to the project"
do
before
do
project
.
team
<<
[
user
,
:master
]
end
context
"when the user has access to the project"
do
before
do
project
.
team
<<
[
user
,
:master
]
end
context
"when the user is blocked"
do
it
"responds with status 404"
do
user
.
block
project
.
team
<<
[
user
,
:master
]
context
"when the user is blocked"
do
it
"responds with status 404"
do
user
.
block
project
.
team
<<
[
user
,
:master
]
download
(
path
,
env
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
404
)
end
download
(
path
,
env
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
404
)
end
end
end
context
"when the user isn't blocked"
do
it
"responds with status 200"
do
expect
(
Rack
::
Attack
::
Allow2Ban
).
to
receive
(
:reset
)
context
"when the user isn't blocked"
do
it
"responds with status 200"
do
expect
(
Rack
::
Attack
::
Allow2Ban
).
to
receive
(
:reset
)
clone_get
(
path
,
env
)
clone_get
(
path
,
env
)
expect
(
response
.
status
).
to
eq
(
200
)
end
expect
(
response
.
status
).
to
eq
(
200
)
end
end
context
"when blank password attempts follow a valid login"
do
def
attempt_login
(
include_password
)
password
=
include_password
?
user
.
password
:
""
clone_get
path
,
user:
user
.
username
,
password:
password
response
.
status
end
it
"repeated attempts followed by successful attempt"
do
options
=
Gitlab
.
config
.
rack_attack
.
git_basic_auth
maxretry
=
options
[
:maxretry
]
-
1
ip
=
'1.2.3.4'
context
"when blank password attempts follow a valid login"
do
def
attempt_login
(
include_password
)
password
=
include_password
?
user
.
password
:
""
clone_get
path
,
user:
user
.
username
,
password:
password
response
.
status
end
allow_any_instance_of
(
Rack
::
Request
).
to
receive
(
:ip
).
and_return
(
ip
)
Rack
::
Attack
::
Allow2Ban
.
reset
(
ip
,
options
)
it
"repeated attempts followed by successful attempt"
do
options
=
Gitlab
.
config
.
rack_attack
.
git_basic_auth
maxretry
=
options
[
:maxretry
]
-
1
ip
=
'1.2.3.4'
maxretry
.
times
.
each
do
expect
(
attempt_login
(
false
)).
to
eq
(
401
)
end
allow_any_instance_of
(
Rack
::
Request
).
to
receive
(
:ip
).
and_return
(
ip
)
Rack
::
Attack
::
Allow2Ban
.
reset
(
ip
,
options
)
expect
(
attempt_login
(
true
)).
to
eq
(
200
)
expect
(
Rack
::
Attack
::
Allow2Ban
.
banned?
(
ip
)).
to
be_falsey
maxretry
.
times
.
each
do
expect
(
attempt_login
(
false
)).
to
eq
(
401
)
end
maxretry
.
times
.
each
do
expect
(
attempt_login
(
false
)).
to
eq
(
401
)
end
expect
(
attempt_login
(
true
)).
to
eq
(
200
)
expect
(
Rack
::
Attack
::
Allow2Ban
.
banned?
(
ip
)).
to
be_falsey
Rack
::
Attack
::
Allow2Ban
.
reset
(
ip
,
options
)
maxretry
.
times
.
each
do
expect
(
attempt_login
(
false
)).
to
eq
(
401
)
end
Rack
::
Attack
::
Allow2Ban
.
reset
(
ip
,
options
)
end
end
end
context
"when the user doesn't have access to the project"
do
it
"responds with status 404"
do
download
(
path
,
user:
user
.
username
,
password:
user
.
password
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
404
)
end
context
"when the user doesn't have access to the project"
do
it
"responds with status 404"
do
download
(
path
,
user:
user
.
username
,
password:
user
.
password
)
do
|
response
|
expect
(
response
.
status
).
to
eq
(
404
)
end
end
end
end
end
context
"when a gitlab ci token is provided"
do
it
"responds with status 200"
do
token
=
"123"
project
=
FactoryGirl
.
create
:empty_project
project
.
update_attributes
(
runners_token:
token
,
builds_enabled:
true
)
context
"when a gitlab ci token is provided"
do
it
"responds with status 200"
do
token
=
"123"
project
=
FactoryGirl
.
create
:empty_project
project
.
update_attributes
(
runners_token:
token
,
builds_enabled:
true
)
clone_get
"
#{
project
.
path_with_namespace
}
.git"
,
user:
'gitlab-ci-token'
,
password:
token
clone_get
"
#{
project
.
path_with_namespace
}
.git"
,
user:
'gitlab-ci-token'
,
password:
token
expect
(
response
.
status
).
to
eq
(
200
)
end
expect
(
response
.
status
).
to
eq
(
200
)
end
end
end
end
def
clone_get
(
project
,
options
=
{})
get
"/
#{
project
}
/info/refs"
,
{
service:
'git-upload-pack'
},
auth_env
(
*
options
.
values_at
(
:user
,
:password
))
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment