Merge branch 'philipcunningham-add-service-to-revoke-dast-site-validations-280763' into 'master'

Add service to revoke DastSiteValidations See merge request gitlab-org/gitlab!51678

Merge branch 'philipcunningham-add-service-to-revoke-dast-site-validations-280763' into 'master'
Add service to revoke DastSiteValidations See merge request gitlab-org/gitlab!51678
901bb7dd · Matthias Käppler · 5910f777 · 25237056 · 901bb7dd · 901bb7dd
Commit 901bb7dd authored Jan 15, 2021 by Matthias Käppler
2 changed files
--- a/ee/app/services/dast_site_validations/revoke_service.rb
+++ b/ee/app/services/dast_site_validations/revoke_service.rb
+# frozen_string_literal: true
+
+module DastSiteValidations
+  class RevokeService < BaseContainerService
+    MissingParamError = Class.new(StandardError)
+
+    def execute
+      return ServiceResponse.error(message: 'Insufficient permissions') unless allowed?
+
+      finder = DastSiteValidationsFinder.new(
+        project_id: container.id,
+        url_base: url_base,
+        state: :passed
+      )
+
+      result = finder.execute.delete_all
+
+      ServiceResponse.success(payload: { count: result })
+    rescue MissingParamError => err
+      ServiceResponse.error(message: err.message)
+    end
+
+    private
+
+    def allowed?
+      container.feature_available?(:security_on_demand_scans) &&
+        Feature.enabled?(:security_on_demand_scans_site_validation, container, default_enabled: :yaml)
+    end
+
+    def url_base
+      params[:url_base] || raise(MissingParamError, 'URL parameter used to search for validations is missing')
+    end
+  end
+end
--- a/ee/spec/services/dast_site_validations/revoke_service_spec.rb
+++ b/ee/spec/services/dast_site_validations/revoke_service_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe DastSiteValidations::RevokeService do
+  let_it_be(:project) { create(:project) }
+  let_it_be(:dast_site_token) { create(:dast_site_token, project: project) }
+  let_it_be(:dast_site_validation1) { create(:dast_site_validation, state: :passed, dast_site_token: dast_site_token) }
+  let_it_be(:dast_site_validation2) { create(:dast_site_validation, state: :passed, dast_site_token: dast_site_token) }
+  let_it_be(:dast_site_validation3) { create(:dast_site_validation, state: :failed, dast_site_token: dast_site_token) }
+  let_it_be(:dast_site_validation4) { create(:dast_site_validation, state: :passed) }
+  let_it_be(:dast_site_validation5) { create(:dast_site_validation, state: :inprogress) }
+
+  let(:params) { { url_base: dast_site_validation1.url_base } }
+
+  subject { described_class.new(container: project, params: params).execute }
+
+  describe 'execute', :clean_gitlab_redis_shared_state do
+    before do
+      project.clear_memoization(:licensed_feature_available)
+    end
+
+    context 'when on demand scan feature is disabled' do
+      it 'communicates failure' do
+        stub_licensed_features(security_on_demand_scans: true)
+        stub_feature_flags(security_on_demand_scans_site_validation: false)
+
+        aggregate_failures do
+          expect(subject.status).to eq(:error)
+          expect(subject.message).to eq('Insufficient permissions')
+        end
+      end
+    end
+
+    context 'when on demand scan licensed feature is not available' do
+      it 'communicates failure' do
+        stub_licensed_features(security_on_demand_scans: false)
+        stub_feature_flags(security_on_demand_scans_site_validation: true)
+
+        aggregate_failures do
+          expect(subject.status).to eq(:error)
+          expect(subject.message).to eq('Insufficient permissions')
+        end
+      end
+    end
+
+    context 'when the feature is enabled' do
+      before do
+        stub_licensed_features(security_on_demand_scans: true)
+        stub_feature_flags(security_on_demand_scans_site_validation: true)
+      end
+
+      it 'communicates success' do
+        expect(subject.status).to eq(:success)
+      end
+
+      it 'deletes dast_site_validations where state=passed' do
+        aggregate_failures do
+          expect { subject }.to change { DastSiteValidation.count }.from(5).to(3)
+
+          expect { dast_site_validation1.reload }.to raise_error(ActiveRecord::RecordNotFound)
+          expect { dast_site_validation2.reload }.to raise_error(ActiveRecord::RecordNotFound)
+        end
+      end
+
+      it 'returns a count of the dast_site_validations that were deleted' do
+        expect(subject.payload[:count]).to eq(2)
+      end
+
+      context 'when the finder does not find any dast_site_validations' do
+        let_it_be(:project) { create(:project) }
+
+        it 'communicates success' do
+          expect(subject.status).to eq(:success)
+        end
+
+        it 'is a noop' do
+          aggregate_failures do
+            expect(subject.payload[:count]).to be_zero
+
+            expect { subject }.not_to change { DastSiteValidation.count }
+          end
+        end
+      end
+
+      context 'when a param is missing' do
+        let(:params) { {} }
+
+        it 'communicates failure' do
+          aggregate_failures do
+            expect(subject.status).to eq(:error)
+            expect(subject.message).to eq('URL parameter used to search for validations is missing')
+          end
+        end
+      end
+    end
+  end
+end