diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-06-03 15:34:01 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-06-03 15:34:01 +0300 |
commit | e5b88d88fbd3796ba2f56912818231bdfbf0d597 (patch) | |
tree | ac20a94185b257836a6073c0917d4b1667b22dd3 /spec/controllers | |
parent | 3a7bf68e34b493870146fa026c9a3da1899ef779 (diff) | |
parent | c7903542683eaa5427a5d30adad8550f0754bdfa (diff) |
Merge branch 'security-id-leaked-password-in-import-url-frontend' into 'master'
Handling password on import by url page
See merge request gitlab/gitlabhq!3061
Diffstat (limited to 'spec/controllers')
-rw-r--r-- | spec/controllers/concerns/import_url_params_spec.rb | 44 | ||||
-rw-r--r-- | spec/controllers/projects/imports_controller_spec.rb | 15 |
2 files changed, 59 insertions, 0 deletions
diff --git a/spec/controllers/concerns/import_url_params_spec.rb b/spec/controllers/concerns/import_url_params_spec.rb new file mode 100644 index 00000000000..fc5dfb5263f --- /dev/null +++ b/spec/controllers/concerns/import_url_params_spec.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe ImportUrlParams do + let(:import_url_params) do + controller = OpenStruct.new(params: params).extend(described_class) + controller.import_url_params + end + + context 'url and password separately provided' do + let(:params) do + ActionController::Parameters.new(project: { + import_url: 'https://url.com', + import_url_user: 'user', import_url_password: 'password' + }) + end + + describe '#import_url_params' do + it 'returns hash with import_url' do + expect(import_url_params).to eq( + import_url: "https://user:password@url.com" + ) + end + end + end + + context 'url with provided empty credentials' do + let(:params) do + ActionController::Parameters.new(project: { + import_url: 'https://user:password@url.com', + import_url_user: '', import_url_password: '' + }) + end + + describe '#import_url_params' do + it 'does not change the url' do + expect(import_url_params).to eq( + import_url: "https://user:password@url.com" + ) + end + end + end +end diff --git a/spec/controllers/projects/imports_controller_spec.rb b/spec/controllers/projects/imports_controller_spec.rb index 8d88ee7dfd6..bdc81efe3bc 100644 --- a/spec/controllers/projects/imports_controller_spec.rb +++ b/spec/controllers/projects/imports_controller_spec.rb @@ -122,4 +122,19 @@ describe Projects::ImportsController do end end end + + describe 'POST #create' do + let(:params) { { import_url: 'https://github.com/vim/vim.git', import_url_user: 'user', import_url_password: 'password' } } + let(:project) { create(:project) } + + before do + allow(RepositoryImportWorker).to receive(:perform_async) + + post :create, params: { project: params, namespace_id: project.namespace.to_param, project_id: project } + end + + it 'sets import_url to the project' do + expect(project.reload.import_url).to eq('https://user:password@github.com/vim/vim.git') + end + end end |