# frozen_string_literal: true

require 'spec_helper'

describe API::ProjectTemplates do
  let(:public_project) { create(:project, :public) }
  let(:private_project) { create(:project, :private) }
  let(:developer) { create(:user) }

  before do
    private_project.add_developer(developer)
  end

  describe 'GET /projects/:id/templates/:type' do
    it 'returns dockerfiles' do
      get api("/projects/#{public_project.id}/templates/dockerfiles")

      expect(response).to have_gitlab_http_status(200)
      expect(response).to include_pagination_headers
      expect(response).to match_response_schema('public_api/v4/template_list')
      expect(json_response).to satisfy_one { |template| template['key'] == 'Binary' }
    end

    it 'returns gitignores' do
      get api("/projects/#{public_project.id}/templates/gitignores")

      expect(response).to have_gitlab_http_status(200)
      expect(response).to include_pagination_headers
      expect(response).to match_response_schema('public_api/v4/template_list')
      expect(json_response).to satisfy_one { |template| template['key'] == 'Actionscript' }
    end

    it 'returns gitlab_ci_ymls' do
      get api("/projects/#{public_project.id}/templates/gitlab_ci_ymls")

      expect(response).to have_gitlab_http_status(200)
      expect(response).to include_pagination_headers
      expect(response).to match_response_schema('public_api/v4/template_list')
      expect(json_response).to satisfy_one { |template| template['key'] == 'Android' }
    end

    it 'returns licenses' do
      get api("/projects/#{public_project.id}/templates/licenses")

      expect(response).to have_gitlab_http_status(200)
      expect(response).to include_pagination_headers
      expect(response).to match_response_schema('public_api/v4/template_list')
      expect(json_response).to satisfy_one { |template| template['key'] == 'mit' }
    end

    it 'returns 400 for an unknown template type' do
      get api("/projects/#{public_project.id}/templates/unknown")

      expect(response).to have_gitlab_http_status(400)
    end

    it 'denies access to an anonymous user on a private project' do
      get api("/projects/#{private_project.id}/templates/licenses")

      expect(response).to have_gitlab_http_status(404)
    end

    it 'permits access to a developer on a private project' do
      get api("/projects/#{private_project.id}/templates/licenses", developer)

      expect(response).to have_gitlab_http_status(200)
      expect(response).to match_response_schema('public_api/v4/template_list')
    end
  end

  describe 'GET /projects/:id/templates/licenses' do
    it 'returns key and name for the listed licenses' do
      get api("/projects/#{public_project.id}/templates/licenses")

      expect(response).to have_gitlab_http_status(200)
      expect(response).to match_response_schema('public_api/v4/template_list')
    end
  end

  describe 'GET /projects/:id/templates/:type/:key' do
    it 'returns a specific dockerfile' do
      get api("/projects/#{public_project.id}/templates/dockerfiles/Binary")

      expect(response).to have_gitlab_http_status(200)
      expect(response).to match_response_schema('public_api/v4/template')
      expect(json_response['name']).to eq('Binary')
    end

    it 'returns a specific gitignore' do
      get api("/projects/#{public_project.id}/templates/gitignores/Actionscript")

      expect(response).to have_gitlab_http_status(200)
      expect(response).to match_response_schema('public_api/v4/template')
      expect(json_response['name']).to eq('Actionscript')
    end

    it 'returns C++ gitignore' do
      get api("/projects/#{public_project.id}/templates/gitignores/C++")

      expect(response).to have_gitlab_http_status(200)
      expect(response).to match_response_schema('public_api/v4/template')
      expect(json_response['name']).to eq('C++')
    end

    it 'returns C++ gitignore for URL-encoded names' do
      get api("/projects/#{public_project.id}/templates/gitignores/C%2B%2B")

      expect(response).to have_gitlab_http_status(200)
      expect(response).to match_response_schema('public_api/v4/template')
      expect(json_response['name']).to eq('C++')
    end

    it 'returns a specific gitlab_ci_yml' do
      get api("/projects/#{public_project.id}/templates/gitlab_ci_ymls/Android")

      expect(response).to have_gitlab_http_status(200)
      expect(response).to match_response_schema('public_api/v4/template')
      expect(json_response['name']).to eq('Android')
    end

    it 'returns a specific license' do
      get api("/projects/#{public_project.id}/templates/licenses/mit")

      expect(response).to have_gitlab_http_status(200)
      expect(response).to match_response_schema('public_api/v4/license')
    end

    it 'returns 404 for an unknown specific template' do
      get api("/projects/#{public_project.id}/templates/licenses/unknown")

      expect(response).to have_gitlab_http_status(404)
    end

    it 'denies access to an anonymous user on a private project' do
      get api("/projects/#{private_project.id}/templates/licenses/mit")

      expect(response).to have_gitlab_http_status(404)
    end

    it 'permits access to a developer on a private project' do
      get api("/projects/#{private_project.id}/templates/licenses/mit", developer)

      expect(response).to have_gitlab_http_status(200)
      expect(response).to match_response_schema('public_api/v4/license')
    end

    shared_examples 'path traversal attempt' do |template_type|
      it 'rejects invalid filenames' do
        get api("/projects/#{public_project.id}/templates/#{template_type}/%2e%2e%2fPython%2ea")

        expect(response).to have_gitlab_http_status(500)
      end
    end

    TemplateFinder::VENDORED_TEMPLATES.each do |template_type, _|
      it_behaves_like 'path traversal attempt', template_type
    end
  end

  describe 'GET /projects/:id/templates/licenses/:key' do
    it 'fills placeholders in the license' do
      get api("/projects/#{public_project.id}/templates/licenses/agpl-3.0"),
          params: {
            project: 'Project Placeholder',
            fullname: 'Fullname Placeholder'
          }

      expect(response).to have_gitlab_http_status(200)
      expect(response).to match_response_schema('public_api/v4/license')

      content = json_response['content']

      expect(content).to include('Project Placeholder')
      expect(content).to include("Copyright (C) #{Time.now.year}  Fullname Placeholder")
    end
  end
end