Make tests green for ci_job_token authentication

7f0ceb87 · Z.J. van de Weg · bfa4395e · 7f0ceb87 · 7f0ceb87 · 7f0ceb87
Commit 7f0ceb87 authored Aug 07, 2017 by Z.J. van de Weg
5 changed files
--- a/doc/api/jobs.md
+++ b/doc/api/jobs.md
@@ -328,7 +328,7 @@ Example requests:
 - Using the `job_token` parameter (only inside `.gitlab-ci.yml`):
    ```
-    curl --header -form "job-token=$CI_JOB_TOKEN" "https://gitlab.example.com/api/v4/projects/1/jobs/artifacts/master/download?job=test"
+    curl --header --form "job-token=$CI_JOB_TOKEN" "https://gitlab.example.com/api/v4/projects/1/jobs/artifacts/master/download?job=test"
    ```
 Response:
@@ -380,7 +380,7 @@ Example requests:
 - Using the `job_token` parameter (only inside `.gitlab-ci.yml`):
    ```
-    curl --header -form "job-token=$CI_JOB_TOKEN" "https://gitlab.example.com/api/v4/projects/1/jobs/artifacts/master/download?job=test"
+    curl --header --form "job-token=$CI_JOB_TOKEN" "https://gitlab.example.com/api/v4/projects/1/jobs/artifacts/master/download?job=test"
    ```
 Example response:

--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -377,6 +377,7 @@ module API
    def initial_current_user
      return @initial_current_user if defined?(@initial_current_user)
      Gitlab::Auth::UniqueIpsLimiter.limit_user! do
        @initial_current_user ||= find_user_by_private_token(scopes: scopes_registered_for_endpoint)
        @initial_current_user ||= doorkeeper_guard(scopes: scopes_registered_for_endpoint)

--- a/lib/api/jobs.rb
+++ b/lib/api/jobs.rb
@@ -248,7 +248,7 @@ module API
      end
      def check_cross_project_pipelines_feature!
-        not_found!('Project') if job_token_authentication? && project.feature_available?(:cross_project_pipelines)
+        not_found!('Project') if job_token_authentication? && @project.feature_available?(:cross_project_pipelines)
      end
    end
  end

--- a/spec/requests/api/helpers_spec.rb
+++ b/spec/requests/api/helpers_spec.rb
@@ -13,9 +13,12 @@ describe API::Helpers do
  let(:env) { { 'REQUEST_METHOD' => 'GET' } }
  let(:request) { Rack::Request.new(env) }
  let(:header) { }
+  let(:route_authentication_setting) { {} }
  before do
    allow_any_instance_of(self.class).to receive(:options).and_return({})
+    allow_any_instance_of(self.class).to receive(:route_authentication_setting)
+      .and_return(route_authentication_setting)
  end
  def set_env(user_or_token, identifier)
@@ -202,11 +205,15 @@ describe API::Helpers do
    end
    describe "when authenticating using a job token" do
-      let(:job) { create(:ci_build) }
+      let(:job) { create(:ci_build, user: current_user) }
+      let(:route_authentication_setting) { { job_token_allowed: true } }
+      before do
+        allow_any_instance_of(API::Helpers).to receive(:doorkeeper_guard).and_return(nil)
+      end
      it "returns nil for an invalid token" do
        env[API::APIGuard::JOB_TOKEN_HEADER] = 'invalid token'
-        allow_any_instance_of(self.class).to receive(:doorkeeper_guard){ false }
        expect(current_user).to be_nil
      end
@@ -224,13 +231,6 @@ describe API::Helpers do
        expect(current_user).to be_nil
      end
-      it "authenticates as user when route is allowed" do
-        env[API::APIGuard::JOB_TOKEN_HEADER] = job.token
-        route_setting(:authentication) = { job_token_allowed: true }
-        expect(current_user).to eq(user)
-      end
    end
    context 'sudo usage' do

--- a/spec/requests/api/jobs_spec.rb
+++ b/spec/requests/api/jobs_spec.rb
@@ -207,7 +207,6 @@ describe API::Jobs do
    context 'normal authentication' do
      before do
        stub_artifacts_object_storage
-        job
        get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user)
      end
@@ -248,16 +247,16 @@ describe API::Jobs do
      before do
        get api("/projects/#{project.id}/jobs/#{job.id}/artifacts"), job_token: job.token
      end
      context 'user is developer' do
        let(:api_user) { user }
        it_behaves_like 'downloads artifact'
      end
      context 'user is admin, but not member' do
        let(:api_user) { create(:admin) }
        it 'does not allow to see that artfiact is present' do
          expect(response).to have_http_status(404)
        end
@@ -267,7 +266,7 @@ describe API::Jobs do
  describe 'GET /projects/:id/artifacts/:ref_name/download?job=name' do
    let(:api_user) { reporter }
-    let(:job) { create(:ci_build, :artifacts, pipeline: pipeline) }
+    let(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user) }
    before do
      stub_artifacts_object_storage
@@ -338,7 +337,7 @@ describe API::Jobs do
        end
        context 'when artifacts are stored remotely' do
-          let(:job) { create(:ci_build, :artifacts, :remote_store, pipeline: pipeline) }
+          let(:job) { create(:ci_build, :artifacts, :remote_store, pipeline: pipeline, user: api_user) }
          it 'returns location redirect' do
            expect(response).to have_http_status(302)
@@ -381,7 +380,7 @@ describe API::Jobs do
          get api("/projects/#{project.id}/jobs/artifacts/master/download"), job: job.name, job_token: job.token
        end
-        context 'when user is reporter' do
+        context 'when user is eporter' do
          it_behaves_like 'a valid file'
        end