Added better tests for the protocol check

4cd4cf67 · Patricio Cano · fd41b8a4 · 4cd4cf67 · 4cd4cf67 · 4cd4cf67
Commit 4cd4cf67 authored Jun 21, 2016 by Patricio Cano
4 changed files
--- a/spec/gitlab_access_spec.rb
+++ b/spec/gitlab_access_spec.rb
@@ -11,7 +11,7 @@ describe GitlabAccess do
    end
  end
  subject do
-    GitlabAccess.new(repo_path, 'key-123', 'wow').tap do |access|
+    GitlabAccess.new(repo_path, 'key-123', 'wow', 'ssh').tap do |access|
      access.stub(exec_cmd: :exec_called)
      access.stub(api: api)
    end
@@ -25,6 +25,7 @@ describe GitlabAccess do
    it { subject.repo_name.should == repo_name }
    it { subject.repo_path.should == repo_path }
    it { subject.changes.should == ['wow'] }
+    it { subject.protocol.should == 'ssh' }
  end
  describe "#exec" do

--- a/spec/gitlab_net_spec.rb
+++ b/spec/gitlab_net_spec.rb
@@ -130,6 +130,42 @@ describe GitlabNet, vcr: true do
      end
    end
+    context 'ssh access has been disabled' do
+      it 'should deny pull access for dev.gitlab.org' do
+        VCR.use_cassette('ssh-access-disabled') do
+          access = gitlab_net.check_access('git-receive-pack', 'gitlab/gitlabhq.git', 'key-2', changes, 'ssh')
+          access.allowed?.should be_false
+          access.message.should eq 'Git access over SSH is not allowed'
+        end
+      end
+      it 'should deny pull access for dev.gitlab.org' do
+        VCR.use_cassette('ssh-access-disabled') do
+          access = gitlab_net.check_access('git-receive-pack', 'gitlab/gitlabhq.git', 'key-2', changes, 'ssh')
+          access.allowed?.should be_false
+          access.message.should eq 'Git access over SSH is not allowed'
+        end
+      end
+    end
+    context 'http access has been disabled' do
+      it 'should deny pull access for dev.gitlab.org' do
+        VCR.use_cassette('http-access-disabled') do
+          access = gitlab_net.check_access('git-receive-pack', 'gitlab/gitlabhq.git', 'key-2', changes, 'http')
+          access.allowed?.should be_false
+          access.message.should eq 'Git access over HTTP is not allowed'
+        end
+      end
+      it 'should deny pull access for dev.gitlab.org' do
+        VCR.use_cassette('http-access-disabled') do
+          access = gitlab_net.check_access('git-receive-pack', 'gitlab/gitlabhq.git', 'key-2', changes, 'http')
+          access.allowed?.should be_false
+          access.message.should eq 'Git access over HTTP is not allowed'
+        end
+      end
+    end
    context 'ssh key without access to project' do
      it 'should deny pull access for dev.gitlab.org' do
        VCR.use_cassette("denied-pull") do

--- a/spec/vcr_cassettes/http-access-disabled.yml
+++ b/spec/vcr_cassettes/http-access-disabled.yml
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://dev.gitlab.org/api/v3/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&protocol=http&key_id=2&secret_token=a123
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - no-cache
+      Content-Length:
+      - '30'
+      Content-Type:
+      - application/json
+      Date:
+      - Wed, 22 Jun 2016 01:03:41 GMT
+      Status:
+      - 200 OK
+      Vary:
+      - Origin
+      X-Request-Id:
+      - 55b7af2c-3559-41d2-b301-9b86ad1d8fac
+      X-Runtime:
+      - '2.280895'
+    body:
+      encoding: UTF-8
+      string: '{"status": false, "message":"Git access over HTTP is not allowed"}'
+    http_version: 
+  recorded_at: Wed, 22 Jun 2016 01:03:41 GMT
+recorded_with: VCR 2.4.0
\ No newline at end of file
--- a/spec/vcr_cassettes/ssh-access-disabled.yml
+++ b/spec/vcr_cassettes/ssh-access-disabled.yml
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://dev.gitlab.org/api/v3/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&protocol=ssh&key_id=2&secret_token=a123
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - no-cache
+      Content-Length:
+      - '30'
+      Content-Type:
+      - application/json
+      Date:
+      - Wed, 22 Jun 2016 01:01:41 GMT
+      Status:
+      - 200 OK
+      Vary:
+      - Origin
+      X-Request-Id:
+      - 55b7af2c-3559-41d2-b301-9b86ad1d8fac
+      X-Runtime:
+      - '2.280895'
+    body:
+      encoding: UTF-8
+      string: '{"status": false, "message":"Git access over SSH is not allowed"}'
+    http_version:
+  recorded_at: Wed, 22 Jun 2016 01:01:41 GMT
+recorded_with: VCR 2.4.0