Commit d19d9aab authored by Fabio Pitino's avatar Fabio Pitino

Merge branch 'add-basic-auth-for-generic-packages' into 'master'

Add basic auth and deploy token support for generic packages

See merge request gitlab-org/gitlab!48540
parents 004cd454 8ab67149
---
title: "Allow HTTP Basic Auth and deploy token authentication for generic packages"
merge_request: 48540
author: Moshe Katz @kohenkatz
type: added
...@@ -20,8 +20,14 @@ Publish generic files, like release binaries, in your project’s Package Regist ...@@ -20,8 +20,14 @@ Publish generic files, like release binaries, in your project’s Package Regist
## Authenticate to the Package Registry ## Authenticate to the Package Registry
To authenticate to the Package Registry, you need either a [personal access token](../../../api/README.md#personalproject-access-tokens) To authenticate to the Package Registry, you need either a [personal access token](../../../api/README.md#personalproject-access-tokens),
or [CI job token](../../../api/README.md#gitlab-ci-job-token). [CI job token](../../../api/README.md#gitlab-ci-job-token), or [deploy token](../../project/deploy_tokens/index.md).
In addition to the standard API authentication mechanisms, the generic package
API allows authentication with HTTP Basic authentication for use with tools that
do not support the other available mechanisms. The `user-id` is not checked and
may be any value, and the `password` must be either a [personal access token](../../../api/README.md#personalproject-access-tokens),
a [CI job token](../../../api/README.md#gitlab-ci-job-token), or a [deploy token](../../project/deploy_tokens/index.md).
## Publish a package file ## Publish a package file
...@@ -31,7 +37,7 @@ If a package with the same name, version, and filename already exists, it is als ...@@ -31,7 +37,7 @@ If a package with the same name, version, and filename already exists, it is als
Prerequisites: Prerequisites:
- You need to [authenticate with the API](../../../api/README.md#authentication). - You need to [authenticate with the API](../../../api/README.md#authentication). If authenticating with a deploy token, it must be configured with the `write_package_registry` scope.
```plaintext ```plaintext
PUT /projects/:id/packages/generic/:package_name/:package_version/:file_name PUT /projects/:id/packages/generic/:package_name/:package_version/:file_name
...@@ -70,7 +76,7 @@ If multiple packages have the same name, version, and filename, then the most re ...@@ -70,7 +76,7 @@ If multiple packages have the same name, version, and filename, then the most re
Prerequisites: Prerequisites:
- You need to [authenticate with the API](../../../api/README.md#authentication). - You need to [authenticate with the API](../../../api/README.md#authentication). If authenticating with a deploy token, it must be configured with the `read_package_registry` and/or `write_package_registry` scope.
```plaintext ```plaintext
GET /projects/:id/packages/generic/:package_name/:package_version/:file_name GET /projects/:id/packages/generic/:package_name/:package_version/:file_name
...@@ -92,6 +98,13 @@ curl --header "PRIVATE-TOKEN: <your_access_token>" \ ...@@ -92,6 +98,13 @@ curl --header "PRIVATE-TOKEN: <your_access_token>" \
"https://gitlab.example.com/api/v4/projects/24/packages/generic/my_package/0.0.1/file.txt" "https://gitlab.example.com/api/v4/projects/24/packages/generic/my_package/0.0.1/file.txt"
``` ```
Example request that uses HTTP Basic authentication:
```shell
curl --user "user:<your_access_token>" \
https://gitlab.example.com/api/v4/projects/24/packages/generic/my_package/0.0.1/file.txt
```
## Publish a generic package by using CI/CD ## Publish a generic package by using CI/CD
To work with generic packages in [GitLab CI/CD](../../../ci/README.md), you can use To work with generic packages in [GitLab CI/CD](../../../ci/README.md), you can use
......
...@@ -21,7 +21,7 @@ module API ...@@ -21,7 +21,7 @@ module API
end end
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
route_setting :authentication, job_token_allowed: true route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true, deploy_token_allowed: true
namespace ':id/packages/generic' do namespace ':id/packages/generic' do
namespace ':package_name/*package_version/:file_name', requirements: GENERIC_PACKAGES_REQUIREMENTS do namespace ':package_name/*package_version/:file_name', requirements: GENERIC_PACKAGES_REQUIREMENTS do
...@@ -29,7 +29,7 @@ module API ...@@ -29,7 +29,7 @@ module API
detail 'This feature was introduced in GitLab 13.5' detail 'This feature was introduced in GitLab 13.5'
end end
route_setting :authentication, job_token_allowed: true route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true, deploy_token_allowed: true
params do params do
requires :package_name, type: String, desc: 'Package name', regexp: Gitlab::Regex.generic_package_name_regex, file_path: true requires :package_name, type: String, desc: 'Package name', regexp: Gitlab::Regex.generic_package_name_regex, file_path: true
...@@ -52,7 +52,7 @@ module API ...@@ -52,7 +52,7 @@ module API
requires :file, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)' requires :file, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)'
end end
route_setting :authentication, job_token_allowed: true route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true, deploy_token_allowed: true
put do put do
authorize_upload!(project) authorize_upload!(project)
...@@ -82,7 +82,7 @@ module API ...@@ -82,7 +82,7 @@ module API
requires :file_name, type: String, desc: 'Package file name', regexp: Gitlab::Regex.generic_package_file_name_regex, file_path: true requires :file_name, type: String, desc: 'Package file name', regexp: Gitlab::Regex.generic_package_file_name_regex, file_path: true
end end
route_setting :authentication, job_token_allowed: true route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true, deploy_token_allowed: true
get do get do
authorize_read_package!(project) authorize_read_package!(project)
......
...@@ -3,8 +3,16 @@ ...@@ -3,8 +3,16 @@
require 'spec_helper' require 'spec_helper'
RSpec.describe API::GenericPackages do RSpec.describe API::GenericPackages do
include HttpBasicAuthHelpers
let_it_be(:personal_access_token) { create(:personal_access_token) } let_it_be(:personal_access_token) { create(:personal_access_token) }
let_it_be(:project, reload: true) { create(:project) } let_it_be(:project, reload: true) { create(:project) }
let_it_be(:deploy_token_rw) { create(:deploy_token, read_package_registry: true, write_package_registry: true) }
let_it_be(:project_deploy_token_rw) { create(:project_deploy_token, deploy_token: deploy_token_rw, project: project) }
let_it_be(:deploy_token_ro) { create(:deploy_token, read_package_registry: true, write_package_registry: false) }
let_it_be(:project_deploy_token_ro) { create(:project_deploy_token, deploy_token: deploy_token_ro, project: project) }
let_it_be(:deploy_token_wo) { create(:deploy_token, read_package_registry: false, write_package_registry: true) }
let_it_be(:project_deploy_token_wo) { create(:project_deploy_token, deploy_token: deploy_token_wo, project: project) }
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') } let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
let(:workhorse_header) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } } let(:workhorse_header) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
let(:user) { personal_access_token.user } let(:user) { personal_access_token.user }
...@@ -22,6 +30,23 @@ RSpec.describe API::GenericPackages do ...@@ -22,6 +30,23 @@ RSpec.describe API::GenericPackages do
personal_access_token_header('wrong token') personal_access_token_header('wrong token')
when :invalid_job_token when :invalid_job_token
job_token_header('wrong token') job_token_header('wrong token')
when :user_basic_auth
user_basic_auth_header(user)
when :invalid_user_basic_auth
basic_auth_header('invalid user', 'invalid password')
end
end
def deploy_token_auth_header
case authenticate_with
when :deploy_token_rw
deploy_token_header(deploy_token_rw.token)
when :deploy_token_ro
deploy_token_header(deploy_token_ro.token)
when :deploy_token_wo
deploy_token_header(deploy_token_wo.token)
when :invalid_deploy_token
deploy_token_header('wrong token')
end end
end end
...@@ -33,6 +58,10 @@ RSpec.describe API::GenericPackages do ...@@ -33,6 +58,10 @@ RSpec.describe API::GenericPackages do
{ Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER => value || ci_build.token } { Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER => value || ci_build.token }
end end
def deploy_token_header(value)
{ Gitlab::Auth::AuthFinders::DEPLOY_TOKEN_HEADER => value }
end
shared_examples 'secure endpoint' do shared_examples 'secure endpoint' do
before do before do
project.add_developer(user) project.add_developer(user)
...@@ -54,19 +83,35 @@ RSpec.describe API::GenericPackages do ...@@ -54,19 +83,35 @@ RSpec.describe API::GenericPackages do
'PUBLIC' | :guest | true | :personal_access_token | :forbidden 'PUBLIC' | :guest | true | :personal_access_token | :forbidden
'PUBLIC' | :developer | true | :invalid_personal_access_token | :unauthorized 'PUBLIC' | :developer | true | :invalid_personal_access_token | :unauthorized
'PUBLIC' | :guest | true | :invalid_personal_access_token | :unauthorized 'PUBLIC' | :guest | true | :invalid_personal_access_token | :unauthorized
'PUBLIC' | :developer | true | :user_basic_auth | :success
'PUBLIC' | :guest | true | :user_basic_auth | :forbidden
'PUBLIC' | :developer | true | :invalid_user_basic_auth | :unauthorized
'PUBLIC' | :guest | true | :invalid_user_basic_auth | :unauthorized
'PUBLIC' | :developer | false | :personal_access_token | :forbidden 'PUBLIC' | :developer | false | :personal_access_token | :forbidden
'PUBLIC' | :guest | false | :personal_access_token | :forbidden 'PUBLIC' | :guest | false | :personal_access_token | :forbidden
'PUBLIC' | :developer | false | :invalid_personal_access_token | :unauthorized 'PUBLIC' | :developer | false | :invalid_personal_access_token | :unauthorized
'PUBLIC' | :guest | false | :invalid_personal_access_token | :unauthorized 'PUBLIC' | :guest | false | :invalid_personal_access_token | :unauthorized
'PUBLIC' | :developer | false | :user_basic_auth | :forbidden
'PUBLIC' | :guest | false | :user_basic_auth | :forbidden
'PUBLIC' | :developer | false | :invalid_user_basic_auth | :unauthorized
'PUBLIC' | :guest | false | :invalid_user_basic_auth | :unauthorized
'PUBLIC' | :anonymous | false | :none | :unauthorized 'PUBLIC' | :anonymous | false | :none | :unauthorized
'PRIVATE' | :developer | true | :personal_access_token | :success 'PRIVATE' | :developer | true | :personal_access_token | :success
'PRIVATE' | :guest | true | :personal_access_token | :forbidden 'PRIVATE' | :guest | true | :personal_access_token | :forbidden
'PRIVATE' | :developer | true | :invalid_personal_access_token | :unauthorized 'PRIVATE' | :developer | true | :invalid_personal_access_token | :unauthorized
'PRIVATE' | :guest | true | :invalid_personal_access_token | :unauthorized 'PRIVATE' | :guest | true | :invalid_personal_access_token | :unauthorized
'PRIVATE' | :developer | true | :user_basic_auth | :success
'PRIVATE' | :guest | true | :user_basic_auth | :forbidden
'PRIVATE' | :developer | true | :invalid_user_basic_auth | :unauthorized
'PRIVATE' | :guest | true | :invalid_user_basic_auth | :unauthorized
'PRIVATE' | :developer | false | :personal_access_token | :not_found 'PRIVATE' | :developer | false | :personal_access_token | :not_found
'PRIVATE' | :guest | false | :personal_access_token | :not_found 'PRIVATE' | :guest | false | :personal_access_token | :not_found
'PRIVATE' | :developer | false | :invalid_personal_access_token | :unauthorized 'PRIVATE' | :developer | false | :invalid_personal_access_token | :unauthorized
'PRIVATE' | :guest | false | :invalid_personal_access_token | :unauthorized 'PRIVATE' | :guest | false | :invalid_personal_access_token | :unauthorized
'PRIVATE' | :developer | false | :user_basic_auth | :not_found
'PRIVATE' | :guest | false | :user_basic_auth | :not_found
'PRIVATE' | :developer | false | :invalid_user_basic_auth | :unauthorized
'PRIVATE' | :guest | false | :invalid_user_basic_auth | :unauthorized
'PRIVATE' | :anonymous | false | :none | :unauthorized 'PRIVATE' | :anonymous | false | :none | :unauthorized
'PUBLIC' | :developer | true | :job_token | :success 'PUBLIC' | :developer | true | :job_token | :success
'PUBLIC' | :developer | true | :invalid_job_token | :unauthorized 'PUBLIC' | :developer | true | :invalid_job_token | :unauthorized
...@@ -90,6 +135,21 @@ RSpec.describe API::GenericPackages do ...@@ -90,6 +135,21 @@ RSpec.describe API::GenericPackages do
expect(response).to have_gitlab_http_status(expected_status) expect(response).to have_gitlab_http_status(expected_status)
end end
end end
where(:authenticate_with, :expected_status) do
:deploy_token_rw | :success
:deploy_token_wo | :success
:deploy_token_ro | :forbidden
:invalid_deploy_token | :unauthorized
end
with_them do
it "responds with #{params[:expected_status]}" do
authorize_upload_file(workhorse_header.merge(deploy_token_auth_header))
expect(response).to have_gitlab_http_status(expected_status)
end
end
end end
context 'application security' do context 'application security' do
...@@ -138,20 +198,34 @@ RSpec.describe API::GenericPackages do ...@@ -138,20 +198,34 @@ RSpec.describe API::GenericPackages do
where(:project_visibility, :user_role, :member?, :authenticate_with, :expected_status) do where(:project_visibility, :user_role, :member?, :authenticate_with, :expected_status) do
'PUBLIC' | :guest | true | :personal_access_token | :forbidden 'PUBLIC' | :guest | true | :personal_access_token | :forbidden
'PUBLIC' | :guest | true | :user_basic_auth | :forbidden
'PUBLIC' | :developer | true | :invalid_personal_access_token | :unauthorized 'PUBLIC' | :developer | true | :invalid_personal_access_token | :unauthorized
'PUBLIC' | :guest | true | :invalid_personal_access_token | :unauthorized 'PUBLIC' | :guest | true | :invalid_personal_access_token | :unauthorized
'PUBLIC' | :developer | true | :invalid_user_basic_auth | :unauthorized
'PUBLIC' | :guest | true | :invalid_user_basic_auth | :unauthorized
'PUBLIC' | :developer | false | :personal_access_token | :forbidden 'PUBLIC' | :developer | false | :personal_access_token | :forbidden
'PUBLIC' | :guest | false | :personal_access_token | :forbidden 'PUBLIC' | :guest | false | :personal_access_token | :forbidden
'PUBLIC' | :developer | false | :user_basic_auth | :forbidden
'PUBLIC' | :guest | false | :user_basic_auth | :forbidden
'PUBLIC' | :developer | false | :invalid_personal_access_token | :unauthorized 'PUBLIC' | :developer | false | :invalid_personal_access_token | :unauthorized
'PUBLIC' | :guest | false | :invalid_personal_access_token | :unauthorized 'PUBLIC' | :guest | false | :invalid_personal_access_token | :unauthorized
'PUBLIC' | :developer | false | :invalid_user_basic_auth | :unauthorized
'PUBLIC' | :guest | false | :invalid_user_basic_auth | :unauthorized
'PUBLIC' | :anonymous | false | :none | :unauthorized 'PUBLIC' | :anonymous | false | :none | :unauthorized
'PRIVATE' | :guest | true | :personal_access_token | :forbidden 'PRIVATE' | :guest | true | :personal_access_token | :forbidden
'PRIVATE' | :guest | true | :user_basic_auth | :forbidden
'PRIVATE' | :developer | true | :invalid_personal_access_token | :unauthorized 'PRIVATE' | :developer | true | :invalid_personal_access_token | :unauthorized
'PRIVATE' | :guest | true | :invalid_personal_access_token | :unauthorized 'PRIVATE' | :guest | true | :invalid_personal_access_token | :unauthorized
'PRIVATE' | :developer | true | :invalid_user_basic_auth | :unauthorized
'PRIVATE' | :guest | true | :invalid_user_basic_auth | :unauthorized
'PRIVATE' | :developer | false | :personal_access_token | :not_found 'PRIVATE' | :developer | false | :personal_access_token | :not_found
'PRIVATE' | :guest | false | :personal_access_token | :not_found 'PRIVATE' | :guest | false | :personal_access_token | :not_found
'PRIVATE' | :developer | false | :user_basic_auth | :not_found
'PRIVATE' | :guest | false | :user_basic_auth | :not_found
'PRIVATE' | :developer | false | :invalid_personal_access_token | :unauthorized 'PRIVATE' | :developer | false | :invalid_personal_access_token | :unauthorized
'PRIVATE' | :guest | false | :invalid_personal_access_token | :unauthorized 'PRIVATE' | :guest | false | :invalid_personal_access_token | :unauthorized
'PRIVATE' | :developer | false | :invalid_user_basic_auth | :unauthorized
'PRIVATE' | :guest | false | :invalid_user_basic_auth | :unauthorized
'PRIVATE' | :anonymous | false | :none | :unauthorized 'PRIVATE' | :anonymous | false | :none | :unauthorized
'PUBLIC' | :developer | true | :invalid_job_token | :unauthorized 'PUBLIC' | :developer | true | :invalid_job_token | :unauthorized
'PUBLIC' | :developer | false | :job_token | :forbidden 'PUBLIC' | :developer | false | :job_token | :forbidden
...@@ -175,6 +249,21 @@ RSpec.describe API::GenericPackages do ...@@ -175,6 +249,21 @@ RSpec.describe API::GenericPackages do
expect(response).to have_gitlab_http_status(expected_status) expect(response).to have_gitlab_http_status(expected_status)
end end
end end
where(:authenticate_with, :expected_status) do
:deploy_token_ro | :forbidden
:invalid_deploy_token | :unauthorized
end
with_them do
it "responds with #{params[:expected_status]}" do
headers = workhorse_header.merge(deploy_token_auth_header)
upload_file(params, headers)
expect(response).to have_gitlab_http_status(expected_status)
end
end
end end
context 'when user can upload packages and has valid credentials' do context 'when user can upload packages and has valid credentials' do
...@@ -182,8 +271,9 @@ RSpec.describe API::GenericPackages do ...@@ -182,8 +271,9 @@ RSpec.describe API::GenericPackages do
project.add_developer(user) project.add_developer(user)
end end
it 'creates package and package file when valid personal access token is used' do shared_examples 'creates a package and package file' do
headers = workhorse_header.merge(personal_access_token_header) it 'creates a package and package file' do
headers = workhorse_header.merge(auth_header)
expect { upload_file(params, headers) } expect { upload_file(params, headers) }
.to change { project.packages.generic.count }.by(1) .to change { project.packages.generic.count }.by(1)
...@@ -195,30 +285,44 @@ RSpec.describe API::GenericPackages do ...@@ -195,30 +285,44 @@ RSpec.describe API::GenericPackages do
package = project.packages.generic.last package = project.packages.generic.last
expect(package.name).to eq('mypackage') expect(package.name).to eq('mypackage')
expect(package.version).to eq('0.0.1') expect(package.version).to eq('0.0.1')
if should_set_build_info
expect(package.original_build_info.pipeline).to eq(ci_build.pipeline)
else
expect(package.original_build_info).to be_nil expect(package.original_build_info).to be_nil
end
package_file = package.package_files.last package_file = package.package_files.last
expect(package_file.file_name).to eq('myfile.tar.gz') expect(package_file.file_name).to eq('myfile.tar.gz')
end end
end end
end
it 'creates package, package file, and package build info when valid job token is used' do context 'when valid personal access token is used' do
headers = workhorse_header.merge(job_token_header) it_behaves_like 'creates a package and package file' do
let(:auth_header) { personal_access_token_header }
expect { upload_file(params, headers) } let(:should_set_build_info) { false }
.to change { project.packages.generic.count }.by(1) end
.and change { Packages::PackageFile.count }.by(1) end
aggregate_failures do context 'when valid basic auth is used' do
expect(response).to have_gitlab_http_status(:created) it_behaves_like 'creates a package and package file' do
let(:auth_header) { user_basic_auth_header(user) }
let(:should_set_build_info) { false }
end
end
package = project.packages.generic.last context 'when valid deploy token is used' do
expect(package.name).to eq('mypackage') it_behaves_like 'creates a package and package file' do
expect(package.version).to eq('0.0.1') let(:auth_header) { deploy_token_header(deploy_token_wo.token) }
expect(package.original_build_info.pipeline).to eq(ci_build.pipeline) let(:should_set_build_info) { false }
end
end
package_file = package.package_files.last context 'when valid job token is used' do
expect(package_file.file_name).to eq('myfile.tar.gz') it_behaves_like 'creates a package and package file' do
let(:auth_header) { job_token_header }
let(:should_set_build_info) { true }
end end
end end
...@@ -309,21 +413,37 @@ RSpec.describe API::GenericPackages do ...@@ -309,21 +413,37 @@ RSpec.describe API::GenericPackages do
where(:project_visibility, :user_role, :member?, :authenticate_with, :expected_status) do where(:project_visibility, :user_role, :member?, :authenticate_with, :expected_status) do
'PUBLIC' | :developer | true | :personal_access_token | :success 'PUBLIC' | :developer | true | :personal_access_token | :success
'PUBLIC' | :guest | true | :personal_access_token | :success 'PUBLIC' | :guest | true | :personal_access_token | :success
'PUBLIC' | :developer | true | :user_basic_auth | :success
'PUBLIC' | :guest | true | :user_basic_auth | :success
'PUBLIC' | :developer | true | :invalid_personal_access_token | :unauthorized 'PUBLIC' | :developer | true | :invalid_personal_access_token | :unauthorized
'PUBLIC' | :guest | true | :invalid_personal_access_token | :unauthorized 'PUBLIC' | :guest | true | :invalid_personal_access_token | :unauthorized
'PUBLIC' | :developer | true | :invalid_user_basic_auth | :unauthorized
'PUBLIC' | :guest | true | :invalid_user_basic_auth | :unauthorized
'PUBLIC' | :developer | false | :personal_access_token | :success 'PUBLIC' | :developer | false | :personal_access_token | :success
'PUBLIC' | :guest | false | :personal_access_token | :success 'PUBLIC' | :guest | false | :personal_access_token | :success
'PUBLIC' | :developer | false | :user_basic_auth | :success
'PUBLIC' | :guest | false | :user_basic_auth | :success
'PUBLIC' | :developer | false | :invalid_personal_access_token | :unauthorized 'PUBLIC' | :developer | false | :invalid_personal_access_token | :unauthorized
'PUBLIC' | :guest | false | :invalid_personal_access_token | :unauthorized 'PUBLIC' | :guest | false | :invalid_personal_access_token | :unauthorized
'PUBLIC' | :developer | false | :invalid_user_basic_auth | :unauthorized
'PUBLIC' | :guest | false | :invalid_user_basic_auth | :unauthorized
'PUBLIC' | :anonymous | false | :none | :unauthorized 'PUBLIC' | :anonymous | false | :none | :unauthorized
'PRIVATE' | :developer | true | :personal_access_token | :success 'PRIVATE' | :developer | true | :personal_access_token | :success
'PRIVATE' | :guest | true | :personal_access_token | :forbidden 'PRIVATE' | :guest | true | :personal_access_token | :forbidden
'PRIVATE' | :developer | true | :user_basic_auth | :success
'PRIVATE' | :guest | true | :user_basic_auth | :forbidden
'PRIVATE' | :developer | true | :invalid_personal_access_token | :unauthorized 'PRIVATE' | :developer | true | :invalid_personal_access_token | :unauthorized
'PRIVATE' | :guest | true | :invalid_personal_access_token | :unauthorized 'PRIVATE' | :guest | true | :invalid_personal_access_token | :unauthorized
'PRIVATE' | :developer | true | :invalid_user_basic_auth | :unauthorized
'PRIVATE' | :guest | true | :invalid_user_basic_auth | :unauthorized
'PRIVATE' | :developer | false | :personal_access_token | :not_found 'PRIVATE' | :developer | false | :personal_access_token | :not_found
'PRIVATE' | :guest | false | :personal_access_token | :not_found 'PRIVATE' | :guest | false | :personal_access_token | :not_found
'PRIVATE' | :developer | false | :user_basic_auth | :not_found
'PRIVATE' | :guest | false | :user_basic_auth | :not_found
'PRIVATE' | :developer | false | :invalid_personal_access_token | :unauthorized 'PRIVATE' | :developer | false | :invalid_personal_access_token | :unauthorized
'PRIVATE' | :guest | false | :invalid_personal_access_token | :unauthorized 'PRIVATE' | :guest | false | :invalid_personal_access_token | :unauthorized
'PRIVATE' | :developer | false | :invalid_user_basic_auth | :unauthorized
'PRIVATE' | :guest | false | :invalid_user_basic_auth | :unauthorized
'PRIVATE' | :anonymous | false | :none | :unauthorized 'PRIVATE' | :anonymous | false | :none | :unauthorized
'PUBLIC' | :developer | true | :job_token | :success 'PUBLIC' | :developer | true | :job_token | :success
'PUBLIC' | :developer | true | :invalid_job_token | :unauthorized 'PUBLIC' | :developer | true | :invalid_job_token | :unauthorized
...@@ -347,6 +467,21 @@ RSpec.describe API::GenericPackages do ...@@ -347,6 +467,21 @@ RSpec.describe API::GenericPackages do
expect(response).to have_gitlab_http_status(expected_status) expect(response).to have_gitlab_http_status(expected_status)
end end
end end
where(:authenticate_with, :expected_status) do
:deploy_token_rw | :success
:deploy_token_wo | :success
:deploy_token_ro | :success
:invalid_deploy_token | :unauthorized
end
with_them do
it "responds with #{params[:expected_status]}" do
download_file(deploy_token_auth_header)
expect(response).to have_gitlab_http_status(expected_status)
end
end
end end
context 'event tracking' do context 'event tracking' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment