internal_spec.rb 5.79 KB
Newer Older
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
1 2
require 'spec_helper'

Jeroen van Baarsen's avatar
Jeroen van Baarsen committed
3
describe API::API, api: true  do
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
4 5 6 7
  include ApiHelpers
  let(:user) { create(:user) }
  let(:key) { create(:key, user: user) }
  let(:project) { create(:project) }
8
  let(:secret_token) { File.read Gitlab.config.gitlab_shell.secret_file }
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
9 10 11

  describe "GET /internal/check", no_db: true do
    it do
12
      get api("/internal/check"), secret_token: secret_token
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
13

14
      expect(response).to have_http_status(200)
15
      expect(json_response['api_version']).to eq(API::API.version)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
16 17 18
    end
  end

19 20 21 22 23 24 25
  describe "GET /internal/broadcast_message" do
    context "broadcast message exists" do
      let!(:broadcast_message) { create(:broadcast_message, starts_at: Time.now.yesterday, ends_at: Time.now.tomorrow ) }

      it do
        get api("/internal/broadcast_message"), secret_token: secret_token

26
        expect(response).to have_http_status(200)
27
        expect(json_response["message"]).to eq(broadcast_message.message)
28 29 30 31 32 33 34
      end
    end

    context "broadcast message doesn't exist" do
      it do
        get api("/internal/broadcast_message"), secret_token: secret_token

35
        expect(response).to have_http_status(200)
36
        expect(json_response).to be_empty
37 38 39 40
      end
    end
  end

Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
41 42
  describe "GET /internal/discover" do
    it do
43
      get(api("/internal/discover"), key_id: key.id, secret_token: secret_token)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
44

45
      expect(response).to have_http_status(200)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
46

47
      expect(json_response['name']).to eq(user.name)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
48 49 50
    end
  end

51
  describe "POST /internal/allowed" do
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
52 53 54 55 56
    context "access granted" do
      before do
        project.team << [user, :developer]
      end

57
      context "git push with project.wiki" do
58 59
        it 'responds with success' do
          project_wiki = create(:project, name: 'my.wiki', path: 'my.wiki')
60 61 62
          project_wiki.team << [user, :developer]

          push(key, project_wiki)
63

64
          expect(response).to have_http_status(200)
65 66 67 68
          expect(json_response["status"]).to be_truthy
        end
      end

Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
69 70
      context "git pull" do
        it do
71
          pull(key, project)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
72

73
          expect(response).to have_http_status(200)
74
          expect(json_response["status"]).to be_truthy
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
75 76 77 78 79
        end
      end

      context "git push" do
        it do
80
          push(key, project)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
81

82
          expect(response).to have_http_status(200)
83
          expect(json_response["status"]).to be_truthy
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
84 85 86 87 88 89 90 91 92 93 94
        end
      end
    end

    context "access denied" do
      before do
        project.team << [user, :guest]
      end

      context "git pull" do
        it do
95
          pull(key, project)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
96

97
          expect(response).to have_http_status(200)
98
          expect(json_response["status"]).to be_falsey
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
99 100 101 102 103
        end
      end

      context "git push" do
        it do
104
          push(key, project)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
105

106
          expect(response).to have_http_status(200)
107
          expect(json_response["status"]).to be_falsey
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
108 109 110 111
        end
      end
    end

112 113 114 115 116 117 118 119 120 121 122
    context "blocked user" do
      let(:personal_project) { create(:project, namespace: user.namespace) }

      before do
        user.block
      end

      context "git pull" do
        it do
          pull(key, personal_project)

123
          expect(response).to have_http_status(200)
124
          expect(json_response["status"]).to be_falsey
125 126 127 128 129 130 131
        end
      end

      context "git push" do
        it do
          push(key, personal_project)

132
          expect(response).to have_http_status(200)
133
          expect(json_response["status"]).to be_falsey
134 135 136
        end
      end
    end
137

138 139 140 141 142 143 144 145 146 147 148 149
    context "archived project" do
      let(:personal_project) { create(:project, namespace: user.namespace) }

      before do
        project.team << [user, :developer]
        project.archive!
      end

      context "git pull" do
        it do
          pull(key, project)

150
          expect(response).to have_http_status(200)
151
          expect(json_response["status"]).to be_truthy
152 153 154 155 156 157 158
        end
      end

      context "git push" do
        it do
          push(key, project)

159
          expect(response).to have_http_status(200)
160
          expect(json_response["status"]).to be_falsey
161 162 163 164
        end
      end
    end

165 166 167 168 169 170 171 172 173 174 175
    context "deploy key" do
      let(:key) { create(:deploy_key) }

      context "added to project" do
        before do
          key.projects << project
        end

        it do
          archive(key, project)

176
          expect(response).to have_http_status(200)
177
          expect(json_response["status"]).to be_truthy
178 179 180 181 182 183 184
        end
      end

      context "not added to project" do
        it do
          archive(key, project)

185
          expect(response).to have_http_status(200)
186
          expect(json_response["status"]).to be_falsey
187 188 189
        end
      end
    end
190 191 192 193 194

    context 'project does not exist' do
      it do
        pull(key, OpenStruct.new(path_with_namespace: 'gitlab/notexists'))

195
        expect(response).to have_http_status(200)
196
        expect(json_response["status"]).to be_falsey
197 198 199 200 201 202 203
      end
    end

    context 'user does not exist' do
      it do
        pull(OpenStruct.new(id: 0), project)

204
        expect(response).to have_http_status(200)
205
        expect(json_response["status"]).to be_falsey
206 207
      end
    end
208 209 210
  end

  def pull(key, project)
211
    post(
212 213 214
      api("/internal/allowed"),
      key_id: key.id,
      project: project.path_with_namespace,
215 216
      action: 'git-upload-pack',
      secret_token: secret_token
217 218 219 220
    )
  end

  def push(key, project)
221
    post(
222
      api("/internal/allowed"),
223
      changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master',
224 225
      key_id: key.id,
      project: project.path_with_namespace,
226 227
      action: 'git-receive-pack',
      secret_token: secret_token
228
    )
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
229
  end
230 231

  def archive(key, project)
232
    post(
233 234 235 236
      api("/internal/allowed"),
      ref: 'master',
      key_id: key.id,
      project: project.path_with_namespace,
237 238
      action: 'git-upload-archive',
      secret_token: secret_token
239 240
    )
  end
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
241
end