Commit 02ff0d7d authored by Markus Koller's avatar Markus Koller

Merge branch '327487-feature-flag-cleanup' into 'master'

Remove the check_maven_path_first feature flag [RUN ALL RSPEC] [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!62187
parents a43ab6cb abee680a
---
name: check_maven_path_first
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/59241
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/327487
milestone: '13.11'
type: development
group: group::package
default_enabled: true
......@@ -24,8 +24,6 @@ module API
helpers do
def path_exists?(path)
# return true when FF disabled so that processing the request is not stopped
return true unless Feature.enabled?(:check_maven_path_first, default_enabled: :yaml)
return false if path.blank?
Packages::Maven::Metadatum.with_path(path)
......
......@@ -48,13 +48,9 @@ RSpec.describe API::MavenPackages do
end
shared_examples 'rejecting the request for non existing maven path' do |expected_status: :not_found|
before do
if Feature.enabled?(:check_maven_path_first, default_enabled: :yaml)
expect(::Packages::Maven::PackageFinder).not_to receive(:new)
end
end
it 'rejects the request' do
expect(::Packages::Maven::PackageFinder).not_to receive(:new)
subject
expect(response).to have_gitlab_http_status(expected_status)
......@@ -166,153 +162,135 @@ RSpec.describe API::MavenPackages do
end
describe 'GET /api/v4/packages/maven/*path/:file_name' do
shared_examples 'handling all conditions' do
context 'a public project' do
subject { download_file(file_name: package_file.file_name) }
context 'a public project' do
subject { download_file(file_name: package_file.file_name) }
it_behaves_like 'tracking the file download event'
it_behaves_like 'tracking the file download event'
it 'returns the file' do
subject
it 'returns the file' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
it 'returns sha1 of the file' do
download_file(file_name: package_file.file_name + '.sha1')
it 'returns sha1 of the file' do
download_file(file_name: package_file.file_name + '.sha1')
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('text/plain')
expect(response.body).to eq(package_file.file_sha1)
end
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('text/plain')
expect(response.body).to eq(package_file.file_sha1)
end
context 'with a non existing maven path' do
subject { download_file(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
context 'with a non existing maven path' do
subject { download_file(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
it_behaves_like 'rejecting the request for non existing maven path', expected_status: :forbidden
end
it_behaves_like 'rejecting the request for non existing maven path', expected_status: :forbidden
end
end
context 'internal project' do
before do
project.team.truncate
project.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
end
context 'internal project' do
before do
project.team.truncate
project.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
end
subject { download_file_with_token(file_name: package_file.file_name) }
subject { download_file_with_token(file_name: package_file.file_name) }
it_behaves_like 'tracking the file download event'
it_behaves_like 'tracking the file download event'
it 'returns the file' do
subject
it 'returns the file' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
it 'denies download when no private token' do
download_file(file_name: package_file.file_name)
it 'denies download when no private token' do
download_file(file_name: package_file.file_name)
expect(response).to have_gitlab_http_status(:forbidden)
end
expect(response).to have_gitlab_http_status(:forbidden)
end
it_behaves_like 'downloads with a job token'
it_behaves_like 'downloads with a job token'
it_behaves_like 'downloads with a deploy token'
it_behaves_like 'downloads with a deploy token'
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
it_behaves_like 'rejecting the request for non existing maven path', expected_status: :forbidden
end
it_behaves_like 'rejecting the request for non existing maven path', expected_status: :forbidden
end
end
context 'private project' do
subject { download_file_with_token(file_name: package_file.file_name) }
before do
project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
end
it_behaves_like 'tracking the file download event'
context 'private project' do
subject { download_file_with_token(file_name: package_file.file_name) }
it 'returns the file' do
subject
before do
project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
end
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
it_behaves_like 'tracking the file download event'
it 'denies download when not enough permissions' do
project.add_guest(user)
it 'returns the file' do
subject
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
expect(response).to have_gitlab_http_status(:forbidden)
end
it 'denies download when not enough permissions' do
project.add_guest(user)
it 'denies download when no private token' do
download_file(file_name: package_file.file_name)
subject
expect(response).to have_gitlab_http_status(:forbidden)
end
expect(response).to have_gitlab_http_status(:forbidden)
end
it_behaves_like 'downloads with a job token'
it 'denies download when no private token' do
download_file(file_name: package_file.file_name)
it_behaves_like 'downloads with a deploy token'
expect(response).to have_gitlab_http_status(:forbidden)
end
it 'does not allow download by a unauthorized deploy token with same id as a user with access' do
unauthorized_deploy_token = create(:deploy_token, read_package_registry: true, write_package_registry: true)
it_behaves_like 'downloads with a job token'
another_user = create(:user)
project.add_developer(another_user)
it_behaves_like 'downloads with a deploy token'
# We force the id of the deploy token and the user to be the same
unauthorized_deploy_token.update!(id: another_user.id)
it 'does not allow download by a unauthorized deploy token with same id as a user with access' do
unauthorized_deploy_token = create(:deploy_token, read_package_registry: true, write_package_registry: true)
download_file(
file_name: package_file.file_name,
request_headers: { Gitlab::Auth::AuthFinders::DEPLOY_TOKEN_HEADER => unauthorized_deploy_token.token }
)
another_user = create(:user)
project.add_developer(another_user)
expect(response).to have_gitlab_http_status(:forbidden)
end
# We force the id of the deploy token and the user to be the same
unauthorized_deploy_token.update!(id: another_user.id)
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
download_file(
file_name: package_file.file_name,
request_headers: { Gitlab::Auth::AuthFinders::DEPLOY_TOKEN_HEADER => unauthorized_deploy_token.token }
)
it_behaves_like 'rejecting the request for non existing maven path', expected_status: :forbidden
end
expect(response).to have_gitlab_http_status(:forbidden)
end
context 'project name is different from a package name' do
before do
maven_metadatum.update!(path: "wrong_name/#{package.version}")
end
it 'rejects request' do
download_file(file_name: package_file.file_name)
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
expect(response).to have_gitlab_http_status(:forbidden)
end
it_behaves_like 'rejecting the request for non existing maven path', expected_status: :forbidden
end
end
context 'with check_maven_path_first enabled' do
context 'project name is different from a package name' do
before do
stub_feature_flags(check_maven_path_first: true)
maven_metadatum.update!(path: "wrong_name/#{package.version}")
end
it_behaves_like 'handling all conditions'
end
it 'rejects request' do
download_file(file_name: package_file.file_name)
context 'with check_maven_path_first disabled' do
before do
stub_feature_flags(check_maven_path_first: false)
expect(response).to have_gitlab_http_status(:forbidden)
end
it_behaves_like 'handling all conditions'
end
def download_file(file_name:, params: {}, request_headers: headers, path: maven_metadatum.path)
......@@ -329,22 +307,6 @@ RSpec.describe API::MavenPackages do
let(:url) { "/packages/maven/#{path}/#{package_file.file_name}" }
it_behaves_like 'processing HEAD requests', instance_level: true
context 'with check_maven_path_first enabled' do
before do
stub_feature_flags(check_maven_path_first: true)
end
it_behaves_like 'processing HEAD requests', instance_level: true
end
context 'with check_maven_path_first disabled' do
before do
stub_feature_flags(check_maven_path_first: false)
end
it_behaves_like 'processing HEAD requests', instance_level: true
end
end
describe 'GET /api/v4/groups/:id/-/packages/maven/*path/:file_name' do
......@@ -353,228 +315,210 @@ RSpec.describe API::MavenPackages do
group.add_developer(user)
end
shared_examples 'handling all conditions' do
context 'a public project' do
subject { download_file(file_name: package_file.file_name) }
context 'a public project' do
subject { download_file(file_name: package_file.file_name) }
it_behaves_like 'tracking the file download event'
it_behaves_like 'tracking the file download event'
it 'returns the file' do
subject
it 'returns the file' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
it 'returns sha1 of the file' do
download_file(file_name: package_file.file_name + '.sha1')
it 'returns sha1 of the file' do
download_file(file_name: package_file.file_name + '.sha1')
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('text/plain')
expect(response.body).to eq(package_file.file_sha1)
end
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('text/plain')
expect(response.body).to eq(package_file.file_sha1)
end
context 'with a non existing maven path' do
subject { download_file(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
context 'with a non existing maven path' do
subject { download_file(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
it_behaves_like 'rejecting the request for non existing maven path'
end
it_behaves_like 'rejecting the request for non existing maven path'
end
end
context 'internal project' do
before do
group.group_member(user).destroy!
project.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
end
context 'internal project' do
before do
group.group_member(user).destroy!
project.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
end
subject { download_file_with_token(file_name: package_file.file_name) }
subject { download_file_with_token(file_name: package_file.file_name) }
it_behaves_like 'tracking the file download event'
it_behaves_like 'tracking the file download event'
it 'returns the file' do
subject
it 'returns the file' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
it 'denies download when no private token' do
download_file(file_name: package_file.file_name)
it 'denies download when no private token' do
download_file(file_name: package_file.file_name)
expect(response).to have_gitlab_http_status(:not_found)
end
expect(response).to have_gitlab_http_status(:not_found)
end
it_behaves_like 'downloads with a job token'
it_behaves_like 'downloads with a job token'
it_behaves_like 'downloads with a deploy token'
it_behaves_like 'downloads with a deploy token'
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
it_behaves_like 'rejecting the request for non existing maven path'
end
it_behaves_like 'rejecting the request for non existing maven path'
end
end
context 'private project' do
before do
project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
end
context 'private project' do
before do
project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
end
subject { download_file_with_token(file_name: package_file.file_name) }
subject { download_file_with_token(file_name: package_file.file_name) }
it_behaves_like 'tracking the file download event'
it_behaves_like 'tracking the file download event'
it 'returns the file' do
subject
it 'returns the file' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
it 'denies download when not enough permissions' do
group.add_guest(user)
it 'denies download when not enough permissions' do
group.add_guest(user)
subject
subject
expect(response).to have_gitlab_http_status(:not_found)
end
expect(response).to have_gitlab_http_status(:not_found)
end
it 'denies download when no private token' do
download_file(file_name: package_file.file_name)
it 'denies download when no private token' do
download_file(file_name: package_file.file_name)
expect(response).to have_gitlab_http_status(:not_found)
end
expect(response).to have_gitlab_http_status(:not_found)
end
it_behaves_like 'downloads with a job token'
it_behaves_like 'downloads with a job token'
it_behaves_like 'downloads with a deploy token'
it_behaves_like 'downloads with a deploy token'
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
it_behaves_like 'rejecting the request for non existing maven path'
end
it_behaves_like 'rejecting the request for non existing maven path'
end
context 'with group deploy token' do
subject { download_file_with_token(file_name: package_file.file_name, request_headers: group_deploy_token_headers) }
context 'with group deploy token' do
subject { download_file_with_token(file_name: package_file.file_name, request_headers: group_deploy_token_headers) }
it 'returns the file' do
subject
it 'returns the file' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
it 'returns the file with only write_package_registry scope' do
deploy_token_for_group.update!(read_package_registry: false)
it 'returns the file with only write_package_registry scope' do
deploy_token_for_group.update!(read_package_registry: false)
subject
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3', request_headers: group_deploy_token_headers) }
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3', request_headers: group_deploy_token_headers) }
it_behaves_like 'rejecting the request for non existing maven path'
end
it_behaves_like 'rejecting the request for non existing maven path'
end
end
context 'with a reporter from a subgroup accessing the root group' do
let_it_be(:root_group) { create(:group, :private) }
let_it_be(:group) { create(:group, :private, parent: root_group) }
context 'with a reporter from a subgroup accessing the root group' do
let_it_be(:root_group) { create(:group, :private) }
let_it_be(:group) { create(:group, :private, parent: root_group) }
subject { download_file_with_token(file_name: package_file.file_name, request_headers: headers_with_token, group_id: root_group.id) }
subject { download_file_with_token(file_name: package_file.file_name, request_headers: headers_with_token, group_id: root_group.id) }
before do
project.update!(namespace: group)
group.add_reporter(user)
end
before do
project.update!(namespace: group)
group.add_reporter(user)
end
it 'returns the file' do
subject
it 'returns the file' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3', request_headers: headers_with_token, group_id: root_group.id) }
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3', request_headers: headers_with_token, group_id: root_group.id) }
it_behaves_like 'rejecting the request for non existing maven path'
end
it_behaves_like 'rejecting the request for non existing maven path'
end
end
end
context 'maven metadata file' do
let_it_be(:sub_group1) { create(:group, parent: group) }
let_it_be(:sub_group2) { create(:group, parent: group) }
let_it_be(:project1) { create(:project, :private, group: sub_group1) }
let_it_be(:project2) { create(:project, :private, group: sub_group2) }
let_it_be(:project3) { create(:project, :private, group: sub_group1) }
let_it_be(:package_name) { 'foo' }
let_it_be(:package1) { create(:maven_package, project: project1, name: package_name, version: nil) }
let_it_be(:package_file1) { create(:package_file, :xml, package: package1, file_name: 'maven-metadata.xml') }
let_it_be(:package2) { create(:maven_package, project: project2, name: package_name, version: nil) }
let_it_be(:package_file2) { create(:package_file, :xml, package: package2, file_name: 'maven-metadata.xml') }
let_it_be(:package3) { create(:maven_package, project: project3, name: package_name, version: nil) }
let_it_be(:package_file3) { create(:package_file, :xml, package: package3, file_name: 'maven-metadata.xml') }
context 'maven metadata file' do
let_it_be(:sub_group1) { create(:group, parent: group) }
let_it_be(:sub_group2) { create(:group, parent: group) }
let_it_be(:project1) { create(:project, :private, group: sub_group1) }
let_it_be(:project2) { create(:project, :private, group: sub_group2) }
let_it_be(:project3) { create(:project, :private, group: sub_group1) }
let_it_be(:package_name) { 'foo' }
let_it_be(:package1) { create(:maven_package, project: project1, name: package_name, version: nil) }
let_it_be(:package_file1) { create(:package_file, :xml, package: package1, file_name: 'maven-metadata.xml') }
let_it_be(:package2) { create(:maven_package, project: project2, name: package_name, version: nil) }
let_it_be(:package_file2) { create(:package_file, :xml, package: package2, file_name: 'maven-metadata.xml') }
let_it_be(:package3) { create(:maven_package, project: project3, name: package_name, version: nil) }
let_it_be(:package_file3) { create(:package_file, :xml, package: package3, file_name: 'maven-metadata.xml') }
let(:maven_metadatum) { package3.maven_metadatum }
let(:maven_metadatum) { package3.maven_metadatum }
subject { download_file_with_token(file_name: package_file3.file_name) }
subject { download_file_with_token(file_name: package_file3.file_name) }
before do
sub_group1.add_developer(user)
sub_group2.add_developer(user)
# the package with the most recently published file should be returned
create(:package_file, :xml, package: package2)
end
before do
sub_group1.add_developer(user)
sub_group2.add_developer(user)
# the package with the most recently published file should be returned
create(:package_file, :xml, package: package2)
end
context 'in multiple versionless packages' do
it 'downloads the file' do
expect(::Packages::PackageFileFinder)
.to receive(:new).with(package2, 'maven-metadata.xml').and_call_original
context 'in multiple versionless packages' do
it 'downloads the file' do
expect(::Packages::PackageFileFinder)
.to receive(:new).with(package2, 'maven-metadata.xml').and_call_original
subject
end
subject
end
end
context 'in multiple snapshot packages' do
before do
version = '1.0.0-SNAPSHOT'
[package1, package2, package3].each do |pkg|
pkg.update!(version: version)
pkg.maven_metadatum.update!(path: "#{pkg.name}/#{pkg.version}")
end
end
it 'downloads the file' do
expect(::Packages::PackageFileFinder)
.to receive(:new).with(package3, 'maven-metadata.xml').and_call_original
context 'in multiple snapshot packages' do
before do
version = '1.0.0-SNAPSHOT'
[package1, package2, package3].each do |pkg|
pkg.update!(version: version)
subject
pkg.maven_metadatum.update!(path: "#{pkg.name}/#{pkg.version}")
end
end
end
end
context 'with check_maven_path_first enabled' do
before do
stub_feature_flags(check_maven_path_first: true)
end
it_behaves_like 'handling all conditions'
end
it 'downloads the file' do
expect(::Packages::PackageFileFinder)
.to receive(:new).with(package3, 'maven-metadata.xml').and_call_original
context 'with check_maven_path_first disabled' do
before do
stub_feature_flags(check_maven_path_first: false)
subject
end
end
it_behaves_like 'handling all conditions'
end
def download_file(file_name:, params: {}, request_headers: headers, path: maven_metadatum.path, group_id: group.id)
......@@ -590,108 +534,76 @@ RSpec.describe API::MavenPackages do
let(:path) { package.maven_metadatum.path }
let(:url) { "/groups/#{group.id}/-/packages/maven/#{path}/#{package_file.file_name}" }
context 'with check_maven_path_first enabled' do
before do
stub_feature_flags(check_maven_path_first: true)
end
it_behaves_like 'processing HEAD requests'
end
context 'with check_maven_path_first disabled' do
before do
stub_feature_flags(check_maven_path_first: false)
end
it_behaves_like 'processing HEAD requests'
end
it_behaves_like 'processing HEAD requests'
end
describe 'GET /api/v4/projects/:id/packages/maven/*path/:file_name' do
shared_examples 'handling all conditions' do
context 'a public project' do
subject { download_file(file_name: package_file.file_name) }
context 'a public project' do
subject { download_file(file_name: package_file.file_name) }
it_behaves_like 'tracking the file download event'
it_behaves_like 'tracking the file download event'
it 'returns the file' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
it 'returns sha1 of the file' do
download_file(file_name: package_file.file_name + '.sha1')
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('text/plain')
expect(response.body).to eq(package_file.file_sha1)
end
context 'with a non existing maven path' do
subject { download_file(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
it 'returns the file' do
subject
it_behaves_like 'rejecting the request for non existing maven path'
end
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
context 'private project' do
before do
project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
end
it 'returns sha1 of the file' do
download_file(file_name: package_file.file_name + '.sha1')
subject { download_file_with_token(file_name: package_file.file_name) }
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('text/plain')
expect(response.body).to eq(package_file.file_sha1)
end
it_behaves_like 'tracking the file download event'
context 'with a non existing maven path' do
subject { download_file(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
it 'returns the file' do
subject
it_behaves_like 'rejecting the request for non existing maven path'
end
end
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
context 'private project' do
before do
project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
end
it 'denies download when not enough permissions' do
project.add_guest(user)
subject { download_file_with_token(file_name: package_file.file_name) }
subject
it_behaves_like 'tracking the file download event'
expect(response).to have_gitlab_http_status(:forbidden)
end
it 'returns the file' do
subject
it 'denies download when no private token' do
download_file(file_name: package_file.file_name)
expect(response).to have_gitlab_http_status(:ok)
expect(response.media_type).to eq('application/octet-stream')
end
expect(response).to have_gitlab_http_status(:not_found)
end
it 'denies download when not enough permissions' do
project.add_guest(user)
it_behaves_like 'downloads with a job token'
subject
it_behaves_like 'downloads with a deploy token'
expect(response).to have_gitlab_http_status(:forbidden)
end
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
it 'denies download when no private token' do
download_file(file_name: package_file.file_name)
it_behaves_like 'rejecting the request for non existing maven path'
end
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'with check_maven_path_first enabled' do
before do
stub_feature_flags(check_maven_path_first: true)
end
it_behaves_like 'downloads with a job token'
it_behaves_like 'handling all conditions'
end
it_behaves_like 'downloads with a deploy token'
context 'with check_maven_path_first disabled' do
before do
stub_feature_flags(check_maven_path_first: false)
end
context 'with a non existing maven path' do
subject { download_file_with_token(file_name: package_file.file_name, path: 'foo/bar/1.2.3') }
it_behaves_like 'handling all conditions'
it_behaves_like 'rejecting the request for non existing maven path'
end
end
def download_file(file_name:, params: {}, request_headers: headers, path: maven_metadatum.path)
......@@ -708,21 +620,7 @@ RSpec.describe API::MavenPackages do
let(:path) { package.maven_metadatum.path }
let(:url) { "/projects/#{project.id}/packages/maven/#{path}/#{package_file.file_name}" }
context 'with check_maven_path_first enabled' do
before do
stub_feature_flags(check_maven_path_first: true)
end
it_behaves_like 'processing HEAD requests'
end
context 'with check_maven_path_first disabled' do
before do
stub_feature_flags(check_maven_path_first: false)
end
it_behaves_like 'processing HEAD requests'
end
it_behaves_like 'processing HEAD requests'
end
describe 'PUT /api/v4/projects/:id/packages/maven/*path/:file_name/authorize' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment