Commit 9133e035 authored by Sean Gregory's avatar Sean Gregory Committed by charlie ablett

Add assertions for not including password fields

parent 0f4618e9
...@@ -55,7 +55,7 @@ RSpec.describe API::Integrations do ...@@ -55,7 +55,7 @@ RSpec.describe API::Integrations do
describe "PUT /projects/:id/#{endpoint}/#{integration.dasherize}" do describe "PUT /projects/:id/#{endpoint}/#{integration.dasherize}" do
include_context integration include_context integration
it "updates #{integration} settings" do it "updates #{integration} settings and returns the correct fields" do
put api("/projects/#{project.id}/#{endpoint}/#{dashed_integration}", user), params: integration_attrs put api("/projects/#{project.id}/#{endpoint}/#{dashed_integration}", user), params: integration_attrs
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
...@@ -80,6 +80,8 @@ RSpec.describe API::Integrations do ...@@ -80,6 +80,8 @@ RSpec.describe API::Integrations do
expect(project.integrations.first[event]).not_to eq(current_integration[event]), expect(project.integrations.first[event]).not_to eq(current_integration[event]),
"expected #{!current_integration[event]} for event #{event} for #{endpoint} #{current_integration.title}, got #{current_integration[event]}" "expected #{!current_integration[event]} for event #{event} for #{endpoint} #{current_integration.title}, got #{current_integration[event]}"
end end
assert_correct_response_fields(json_response['properties'].keys, current_integration)
end end
it "returns if required fields missing" do it "returns if required fields missing" do
...@@ -142,22 +144,24 @@ RSpec.describe API::Integrations do ...@@ -142,22 +144,24 @@ RSpec.describe API::Integrations do
expect(response).to have_gitlab_http_status(:unauthorized) expect(response).to have_gitlab_http_status(:unauthorized)
end end
it "returns all properties of active integration #{integration}" do it "returns all properties of active integration #{integration}, except password fields" do
get api("/projects/#{project.id}/#{endpoint}/#{dashed_integration}", user) get api("/projects/#{project.id}/#{endpoint}/#{dashed_integration}", user)
expect(initialized_integration).to be_active expect(initialized_integration).to be_active
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
expect(json_response['properties'].keys).to match_array(integration_instance.api_field_names)
assert_correct_response_fields(json_response['properties'].keys, integration_instance)
end end
it "returns all properties of inactive integration #{integration}" do it "returns all properties of inactive integration #{integration}, except password fields" do
deactive_integration! deactive_integration!
get api("/projects/#{project.id}/#{endpoint}/#{dashed_integration}", user) get api("/projects/#{project.id}/#{endpoint}/#{dashed_integration}", user)
expect(initialized_integration).not_to be_active expect(initialized_integration).not_to be_active
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
expect(json_response['properties'].keys).to match_array(integration_instance.api_field_names)
assert_correct_response_fields(json_response['properties'].keys, integration_instance)
end end
it "returns not found if integration does not exist" do it "returns not found if integration does not exist" do
...@@ -369,5 +373,20 @@ RSpec.describe API::Integrations do ...@@ -369,5 +373,20 @@ RSpec.describe API::Integrations do
end end
end end
end end
private
def assert_correct_response_fields(response_keys, integration)
assert_fields_match_integration(response_keys, integration)
assert_password_fields_filtered(response_keys, integration)
end
def assert_fields_match_integration(response_keys, integration)
expect(response_keys).to match_array(integration.api_field_names)
end
def assert_password_fields_filtered(response_keys, integration)
expect(response_keys).not_to include(*integration.password_fields)
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment