Merge branch '325594-prevent-cl-upload' into 'master'

Prevent manual upload of cloud license See merge request gitlab-org/gitlab!58709

Merge branch '325594-prevent-cl-upload' into 'master'
Prevent manual upload of cloud license See merge request gitlab-org/gitlab!58709
6dbbae28 · Stan Hu · 01c56260 · 55d1a072 · 6dbbae28 · 6dbbae28
Commit 6dbbae28 authored Apr 14, 2021 by Stan Hu
3 changed files
--- a/ee/app/controllers/admin/licenses_controller.rb
+++ b/ee/app/controllers/admin/licenses_controller.rb
@@ -27,16 +27,12 @@ class Admin::LicensesController < Admin::ApplicationController
  end

  def create
-    unless params[:license][:data].present? || params[:license][:data_file].present?
-      flash[:alert] = _('Please enter or upload a license.')
-
-      @license = License.new
-      redirect_to new_admin_license_path
-      return
-    end
+    return upload_license_error if license_params[:data].blank? && license_params[:data_file].blank?

    @license = License.new(license_params)

+    return upload_license_error if @license.cloud?
+
    respond_with(@license, location: admin_license_path) do
      if @license.save
        notice = if @license.started?
@@ -85,4 +81,10 @@ class Admin::LicensesController < Admin::ApplicationController
    license_params.delete(:data) if license_params[:data_file]
    license_params
  end
+
+  def upload_license_error
+    flash[:alert] = _('Please enter or upload a valid license.')
+    @license = License.new
+    redirect_to new_admin_license_path
+  end
 end
--- a/ee/spec/controllers/admin/licenses_controller_spec.rb
+++ b/ee/spec/controllers/admin/licenses_controller_spec.rb
@@ -13,28 +13,42 @@ RSpec.describe Admin::LicensesController do
    render_views

    it 'redirects back when no license is entered/uploaded' do
+      expect do
        post :create, params: { license: { data: '' } }
+      end.not_to change(License, :count)
+
      expect(response).to redirect_to new_admin_license_path
-      expect(flash[:alert]).to include 'Please enter or upload a license.'
+      expect(flash[:alert]).to include 'Please enter or upload a valid license.'
+    end
+
+    context 'when the license is for a cloud license' do
+      it 'redirects back' do
+        license = build_license(type: 'cloud')
+
+        expect do
+          post :create, params: { license: { data: license.data } }
+        end.not_to change(License, :count)
+
+        expect(response).to redirect_to new_admin_license_path
+        expect(flash[:alert]).to include 'Please enter or upload a valid license.'
+      end
    end

    it 'renders new with an alert when an invalid license is entered/uploaded' do
+      expect do
        post :create, params: { license: { data: 'GA!89-)GaRBAGE' } }
+      end.not_to change(License, :count)

      expect(response).to render_template(:new)
      expect(response.body).to include('The license key is invalid. Make sure it is exactly as you received it from GitLab Inc.')
    end

    it 'redirects to show when a valid license is entered/uploaded' do
-      gl_license = build(:gitlab_license, restrictions: {
-                           trial: false,
-                           plan: License::PREMIUM_PLAN,
-                           active_user_count: 1,
-                           previous_user_count: 1
-                         })
-      license = build(:license, data: gl_license.export)
+      license = build_license

+      expect do
        post :create, params: { license: { data: license.data } }
+      end.to change(License, :count).by(1)

      expect(response).to redirect_to(admin_license_path)
    end
@@ -45,21 +59,27 @@ RSpec.describe Admin::LicensesController do
      end

      it 'redirects to show when a valid trial license is entered/uploaded' do
-        gl_license = build(:gitlab_license,
-                           expires_at: Date.tomorrow,
-                           restrictions: {
-                             trial: true,
-                             plan: License::PREMIUM_PLAN,
-                             active_user_count: 1,
-                             previous_user_count: 1
-                           })
-        license = build(:license, data: gl_license.export)
+        license = build_license(restrictions: { trial: true })

+        expect do
          post :create, params: { license: { data: license.data } }
+        end.to change(License, :count).by(1)

        expect(response).to redirect_to(admin_license_path)
      end
    end
+
+    def build_license(type: nil, restrictions: {})
+      license_restrictions = {
+        trial: false,
+        plan: License::PREMIUM_PLAN,
+        active_user_count: 1,
+        previous_user_count: 1
+      }.merge(restrictions)
+      gl_license = build(:gitlab_license, type: type, restrictions: license_restrictions)
+
+      build(:license, data: gl_license.export)
+    end
  end

  describe 'GET show' do

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -23591,7 +23591,7 @@ msgstr ""
 msgid "Please enter a valid number"
 msgstr ""

-msgid "Please enter or upload a license."
+msgid "Please enter or upload a valid license."
 msgstr ""

 msgid "Please fill in a descriptive name for your group."