Commit dd0691b8 authored by Giorgenes Gelatti's avatar Giorgenes Gelatti

Validate pypi required_python size

Adds validation and specs
parent 4e12f87c
...@@ -6,6 +6,7 @@ class Packages::Pypi::Metadatum < ApplicationRecord ...@@ -6,6 +6,7 @@ class Packages::Pypi::Metadatum < ApplicationRecord
belongs_to :package, -> { where(package_type: :pypi) }, inverse_of: :pypi_metadatum belongs_to :package, -> { where(package_type: :pypi) }, inverse_of: :pypi_metadatum
validates :package, presence: true validates :package, presence: true
validates :required_python, length: { maximum: 50 }, allow_blank: true
validate :pypi_package_type validate :pypi_package_type
......
...@@ -7,11 +7,17 @@ module Packages ...@@ -7,11 +7,17 @@ module Packages
def execute def execute
::Packages::Package.transaction do ::Packages::Package.transaction do
Packages::Pypi::Metadatum.upsert( meta = Packages::Pypi::Metadatum.new(
package_id: created_package.id, package: created_package,
required_python: params[:requires_python] required_python: params[:requires_python]
) )
unless meta.valid?
raise ActiveRecord::RecordInvalid.new(meta)
end
Packages::Pypi::Metadatum.upsert(meta.attributes)
::Packages::CreatePackageFileService.new(created_package, file_params).execute ::Packages::CreatePackageFileService.new(created_package, file_params).execute
end end
end end
......
---
title: Validates pypi required_python size to avoid 500 error
merge_request: 40803
author:
type: fixed
...@@ -117,7 +117,8 @@ RSpec.describe API::PypiPackages do ...@@ -117,7 +117,8 @@ RSpec.describe API::PypiPackages do
let_it_be(:file_name) { 'package.whl' } let_it_be(:file_name) { 'package.whl' }
let(:url) { "/projects/#{project.id}/packages/pypi" } let(:url) { "/projects/#{project.id}/packages/pypi" }
let(:headers) { {} } let(:headers) { {} }
let(:base_params) { { requires_python: '>=3.7', version: '1.0.0', name: 'sample-project', sha256_digest: '123' } } let(:requires_python) { '>=3.7' }
let(:base_params) { { requires_python: requires_python, version: '1.0.0', name: 'sample-project', sha256_digest: '123' } }
let(:params) { base_params.merge(content: temp_file(file_name)) } let(:params) { base_params.merge(content: temp_file(file_name)) }
let(:send_rewritten_field) { true } let(:send_rewritten_field) { true }
...@@ -169,6 +170,19 @@ RSpec.describe API::PypiPackages do ...@@ -169,6 +170,19 @@ RSpec.describe API::PypiPackages do
end end
end end
context 'with required_python too big' do
let(:requires_python) { 'x' * 500 }
let(:token) { personal_access_token.token }
let(:user_headers) { basic_auth_header(user.username, token) }
let(:headers) { user_headers.merge(workhorse_header) }
before do
project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
end
it_behaves_like 'process PyPi api request', :developer, :bad_request, true
end
context 'with an invalid package' do context 'with an invalid package' do
let(:token) { personal_access_token.token } let(:token) { personal_access_token.token }
let(:user_headers) { basic_auth_header(user.username, token) } let(:user_headers) { basic_auth_header(user.username, token) }
......
...@@ -6,12 +6,14 @@ RSpec.describe Packages::Pypi::CreatePackageService do ...@@ -6,12 +6,14 @@ RSpec.describe Packages::Pypi::CreatePackageService do
let_it_be(:project) { create(:project) } let_it_be(:project) { create(:project) }
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
let_it_be(:params) do
let(:requires_python) { '>=2.7' }
let(:params) do
{ {
name: 'foo', name: 'foo',
version: '1.0', version: '1.0',
content: temp_file('foo.tgz'), content: temp_file('foo.tgz'),
requires_python: '>=2.7', requires_python: requires_python,
sha256_digest: '123', sha256_digest: '123',
md5_digest: '567' md5_digest: '567'
} }
...@@ -37,6 +39,14 @@ RSpec.describe Packages::Pypi::CreatePackageService do ...@@ -37,6 +39,14 @@ RSpec.describe Packages::Pypi::CreatePackageService do
end end
end end
context 'with an invalid metadata' do
let(:requires_python) { 'x' * 500 }
it 'raises an error' do
expect { subject }.to raise_error(ActiveRecord::RecordInvalid)
end
end
context 'with an existing package' do context 'with an existing package' do
before do before do
described_class.new(project, user, params).execute described_class.new(project, user, params).execute
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment