Add specs for Git HTTP requests without a service parameter

These currently return a 403/401 response, depending on whether the user was authenticated or not. We want to verify this behaviour in specs to ensure backwards-compatibility.

Add specs for Git HTTP requests without a service parameter
These currently return a 403/401 response, depending on whether the user was authenticated or not. We want to verify this behaviour in specs to ensure backwards-compatibility.
7b618f04 · Markus Koller · cd4be563 · 7b618f04
Commit 7b618f04 authored Feb 11, 2021 by Markus Koller
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 0 deletions

spec/requests/git_http_spec.rb spec/requests/git_http_spec.rb +16 -0

No files found.
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -382,6 +382,14 @@ RSpec.describe 'Git HTTP requests' do
                end
              end
            end
+
+            context 'but the service parameter is missing' do
+              it 'rejects clones with 403 Forbidden' do
+                get("/#{path}/info/refs", headers: auth_env(*env.values_at(:user, :password), nil))
+
+                expect(response).to have_gitlab_http_status(:forbidden)
+              end
+            end
          end

          context 'and not a member of the team' do
@@ -409,6 +417,14 @@ RSpec.describe 'Git HTTP requests' do

              it_behaves_like 'pushes are allowed'
            end
+
+            context 'but the service parameter is missing' do
+              it 'rejects clones with 401 Unauthorized' do
+                get("/#{path}/info/refs")
+
+                expect(response).to have_gitlab_http_status(:unauthorized)
+              end
+            end
          end
        end