Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/controllers
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2015-08-07 10:06:20 +0300
committerStan Hu <stanhu@gmail.com>2015-08-23 19:23:44 +0300
commited1d4fa477789659f9343593bf06d50e70750561 (patch)
treec7d208bd6be17632a314eb090456f1a30f42f13b /spec/controllers
parent97cc91d21d28a6482dc6ab040db31598a786f56c (diff)
Remove user OAuth tokens stored in database for Bitbucket, GitHub, and GitLab
and request them each session. Pass these tokens to the project import data. This prevents the need to encrypt these tokens and clear them in case they expire or get revoked. For example, if you deleted and re-created OAuth2 keys for Bitbucket, you would get an Error 500 with no way to recover: ``` Started GET "/import/bitbucket/status" for x.x.x.x at 2015-08-07 05:24:10 +0000 Processing by Import::BitbucketController#status as HTML Completed 500 Internal Server Error in 607ms (ActiveRecord: 2.3ms) NameError (uninitialized constant Import::BitbucketController::Unauthorized): app/controllers/import/bitbucket_controller.rb:77:in `rescue in go_to_bitbucket_for_permissions' app/controllers/import/bitbucket_controller.rb:74:in `go_to_bitbucket_for_permissions' app/controllers/import/bitbucket_controller.rb:86:in `bitbucket_unauthorized' ``` Closes #1871
Diffstat (limited to 'spec/controllers')
-rw-r--r--spec/controllers/import/bitbucket_controller_spec.rb28
-rw-r--r--spec/controllers/import/github_controller_spec.rb21
-rw-r--r--spec/controllers/import/gitlab_controller_spec.rb22
3 files changed, 48 insertions, 23 deletions
diff --git a/spec/controllers/import/bitbucket_controller_spec.rb b/spec/controllers/import/bitbucket_controller_spec.rb
index 89e595121a7..81c03c9059b 100644
--- a/spec/controllers/import/bitbucket_controller_spec.rb
+++ b/spec/controllers/import/bitbucket_controller_spec.rb
@@ -4,7 +4,15 @@ require_relative 'import_spec_helper'
describe Import::BitbucketController do
include ImportSpecHelper
- let(:user) { create(:user, bitbucket_access_token: 'asd123', bitbucket_access_token_secret: "sekret") }
+ let(:user) { create(:user) }
+ let(:token) { "asdasd12345" }
+ let(:secret) { "sekrettt" }
+ let(:access_params) { { bitbucket_access_token: token, bitbucket_access_token_secret: secret } }
+
+ def assign_session_tokens
+ session[:bitbucket_access_token] = token
+ session[:bitbucket_access_token_secret] = secret
+ end
before do
sign_in(user)
@@ -17,8 +25,6 @@ describe Import::BitbucketController do
end
it "updates access token" do
- token = "asdasd12345"
- secret = "sekrettt"
access_token = double(token: token, secret: secret)
allow_any_instance_of(Gitlab::BitbucketImport::Client).
to receive(:get_token).and_return(access_token)
@@ -26,8 +32,8 @@ describe Import::BitbucketController do
get :callback
- expect(user.reload.bitbucket_access_token).to eq(token)
- expect(user.reload.bitbucket_access_token_secret).to eq(secret)
+ expect(session[:bitbucket_access_token]).to eq(token)
+ expect(session[:bitbucket_access_token_secret]).to eq(secret)
expect(controller).to redirect_to(status_import_bitbucket_url)
end
end
@@ -35,6 +41,7 @@ describe Import::BitbucketController do
describe "GET status" do
before do
@repo = OpenStruct.new(slug: 'vim', owner: 'asd')
+ assign_session_tokens
end
it "assigns variables" do
@@ -73,17 +80,18 @@ describe Import::BitbucketController do
before do
allow(Gitlab::BitbucketImport::KeyAdder).
- to receive(:new).with(bitbucket_repo, user).
+ to receive(:new).with(bitbucket_repo, user, access_params).
and_return(double(execute: true))
stub_client(user: bitbucket_user, project: bitbucket_repo)
+ assign_session_tokens
end
context "when the repository owner is the Bitbucket user" do
context "when the Bitbucket user and GitLab user's usernames match" do
it "takes the current user's namespace" do
expect(Gitlab::BitbucketImport::ProjectCreator).
- to receive(:new).with(bitbucket_repo, user.namespace, user).
+ to receive(:new).with(bitbucket_repo, user.namespace, user, access_params).
and_return(double(execute: true))
post :create, format: :js
@@ -95,7 +103,7 @@ describe Import::BitbucketController do
it "takes the current user's namespace" do
expect(Gitlab::BitbucketImport::ProjectCreator).
- to receive(:new).with(bitbucket_repo, user.namespace, user).
+ to receive(:new).with(bitbucket_repo, user.namespace, user, access_params).
and_return(double(execute: true))
post :create, format: :js
@@ -116,7 +124,7 @@ describe Import::BitbucketController do
context "when the namespace is owned by the GitLab user" do
it "takes the existing namespace" do
expect(Gitlab::BitbucketImport::ProjectCreator).
- to receive(:new).with(bitbucket_repo, existing_namespace, user).
+ to receive(:new).with(bitbucket_repo, existing_namespace, user, access_params).
and_return(double(execute: true))
post :create, format: :js
@@ -150,7 +158,7 @@ describe Import::BitbucketController do
it "takes the new namespace" do
expect(Gitlab::BitbucketImport::ProjectCreator).
- to receive(:new).with(bitbucket_repo, an_instance_of(Group), user).
+ to receive(:new).with(bitbucket_repo, an_instance_of(Group), user, access_params).
and_return(double(execute: true))
post :create, format: :js
diff --git a/spec/controllers/import/github_controller_spec.rb b/spec/controllers/import/github_controller_spec.rb
index 0bc14059a35..766be578f7f 100644
--- a/spec/controllers/import/github_controller_spec.rb
+++ b/spec/controllers/import/github_controller_spec.rb
@@ -4,7 +4,13 @@ require_relative 'import_spec_helper'
describe Import::GithubController do
include ImportSpecHelper
- let(:user) { create(:user, github_access_token: 'asd123') }
+ let(:user) { create(:user) }
+ let(:token) { "asdasd12345" }
+ let(:access_params) { { github_access_token: token } }
+
+ def assign_session_token
+ session[:github_access_token] = token
+ end
before do
sign_in(user)
@@ -20,7 +26,7 @@ describe Import::GithubController do
get :callback
- expect(user.reload.github_access_token).to eq(token)
+ expect(session[:github_access_token]).to eq(token)
expect(controller).to redirect_to(status_import_github_url)
end
end
@@ -30,6 +36,7 @@ describe Import::GithubController do
@repo = OpenStruct.new(login: 'vim', full_name: 'asd/vim')
@org = OpenStruct.new(login: 'company')
@org_repo = OpenStruct.new(login: 'company', full_name: 'company/repo')
+ assign_session_token
end
it "assigns variables" do
@@ -66,13 +73,14 @@ describe Import::GithubController do
before do
stub_client(user: github_user, repo: github_repo)
+ assign_session_token
end
context "when the repository owner is the GitHub user" do
context "when the GitHub user and GitLab user's usernames match" do
it "takes the current user's namespace" do
expect(Gitlab::GithubImport::ProjectCreator).
- to receive(:new).with(github_repo, user.namespace, user).
+ to receive(:new).with(github_repo, user.namespace, user, access_params).
and_return(double(execute: true))
post :create, format: :js
@@ -84,7 +92,7 @@ describe Import::GithubController do
it "takes the current user's namespace" do
expect(Gitlab::GithubImport::ProjectCreator).
- to receive(:new).with(github_repo, user.namespace, user).
+ to receive(:new).with(github_repo, user.namespace, user, access_params).
and_return(double(execute: true))
post :create, format: :js
@@ -97,6 +105,7 @@ describe Import::GithubController do
before do
github_repo.owner = OpenStruct.new(login: other_username)
+ assign_session_token
end
context "when a namespace with the GitHub user's username already exists" do
@@ -105,7 +114,7 @@ describe Import::GithubController do
context "when the namespace is owned by the GitLab user" do
it "takes the existing namespace" do
expect(Gitlab::GithubImport::ProjectCreator).
- to receive(:new).with(github_repo, existing_namespace, user).
+ to receive(:new).with(github_repo, existing_namespace, user, access_params).
and_return(double(execute: true))
post :create, format: :js
@@ -139,7 +148,7 @@ describe Import::GithubController do
it "takes the new namespace" do
expect(Gitlab::GithubImport::ProjectCreator).
- to receive(:new).with(github_repo, an_instance_of(Group), user).
+ to receive(:new).with(github_repo, an_instance_of(Group), user, access_params).
and_return(double(execute: true))
post :create, format: :js
diff --git a/spec/controllers/import/gitlab_controller_spec.rb b/spec/controllers/import/gitlab_controller_spec.rb
index 4bc67c86703..198d006af76 100644
--- a/spec/controllers/import/gitlab_controller_spec.rb
+++ b/spec/controllers/import/gitlab_controller_spec.rb
@@ -4,7 +4,13 @@ require_relative 'import_spec_helper'
describe Import::GitlabController do
include ImportSpecHelper
- let(:user) { create(:user, gitlab_access_token: 'asd123') }
+ let(:user) { create(:user) }
+ let(:token) { "asdasd12345" }
+ let(:access_params) { { gitlab_access_token: token } }
+
+ def assign_session_token
+ session[:gitlab_access_token] = token
+ end
before do
sign_in(user)
@@ -13,14 +19,13 @@ describe Import::GitlabController do
describe "GET callback" do
it "updates access token" do
- token = "asdasd12345"
allow_any_instance_of(Gitlab::GitlabImport::Client).
to receive(:get_token).and_return(token)
stub_omniauth_provider('gitlab')
get :callback
- expect(user.reload.gitlab_access_token).to eq(token)
+ expect(session[:gitlab_access_token]).to eq(token)
expect(controller).to redirect_to(status_import_gitlab_url)
end
end
@@ -28,6 +33,7 @@ describe Import::GitlabController do
describe "GET status" do
before do
@repo = OpenStruct.new(path: 'vim', path_with_namespace: 'asd/vim')
+ assign_session_token
end
it "assigns variables" do
@@ -67,13 +73,14 @@ describe Import::GitlabController do
before do
stub_client(user: gitlab_user, project: gitlab_repo)
+ assign_session_token
end
context "when the repository owner is the GitLab.com user" do
context "when the GitLab.com user and GitLab server user's usernames match" do
it "takes the current user's namespace" do
expect(Gitlab::GitlabImport::ProjectCreator).
- to receive(:new).with(gitlab_repo, user.namespace, user).
+ to receive(:new).with(gitlab_repo, user.namespace, user, access_params).
and_return(double(execute: true))
post :create, format: :js
@@ -85,7 +92,7 @@ describe Import::GitlabController do
it "takes the current user's namespace" do
expect(Gitlab::GitlabImport::ProjectCreator).
- to receive(:new).with(gitlab_repo, user.namespace, user).
+ to receive(:new).with(gitlab_repo, user.namespace, user, access_params).
and_return(double(execute: true))
post :create, format: :js
@@ -98,6 +105,7 @@ describe Import::GitlabController do
before do
gitlab_repo["namespace"]["path"] = other_username
+ assign_session_token
end
context "when a namespace with the GitLab.com user's username already exists" do
@@ -106,7 +114,7 @@ describe Import::GitlabController do
context "when the namespace is owned by the GitLab server user" do
it "takes the existing namespace" do
expect(Gitlab::GitlabImport::ProjectCreator).
- to receive(:new).with(gitlab_repo, existing_namespace, user).
+ to receive(:new).with(gitlab_repo, existing_namespace, user, access_params).
and_return(double(execute: true))
post :create, format: :js
@@ -140,7 +148,7 @@ describe Import::GitlabController do
it "takes the new namespace" do
expect(Gitlab::GitlabImport::ProjectCreator).
- to receive(:new).with(gitlab_repo, an_instance_of(Group), user).
+ to receive(:new).with(gitlab_repo, an_instance_of(Group), user, access_params).
and_return(double(execute: true))
post :create, format: :js
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-10 14:28:03 +0300