diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-02 15:07:57 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-02 15:07:57 +0300 |
commit | 988b28ec1a379d38f6ac9ed04886ee564fd447fd (patch) | |
tree | 9d93267209387e62d23ea7abf81ef9c0d64f2f0b /spec/lib/gitlab | |
parent | a325f3a104748ecc68df7c3d793940aa709a111f (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/lib/gitlab')
4 files changed, 267 insertions, 210 deletions
diff --git a/spec/lib/gitlab/access/branch_protection_spec.rb b/spec/lib/gitlab/access/branch_protection_spec.rb index 7f2979e8e28..e4b763357c4 100644 --- a/spec/lib/gitlab/access/branch_protection_spec.rb +++ b/spec/lib/gitlab/access/branch_protection_spec.rb @@ -51,4 +51,21 @@ describe Gitlab::Access::BranchProtection do end end end + + describe '#fully_protected?' do + using RSpec::Parameterized::TableSyntax + + where(:level, :result) do + Gitlab::Access::PROTECTION_NONE | false + Gitlab::Access::PROTECTION_DEV_CAN_PUSH | false + Gitlab::Access::PROTECTION_DEV_CAN_MERGE | false + Gitlab::Access::PROTECTION_FULL | true + end + + with_them do + it do + expect(described_class.new(level).fully_protected?).to eq(result) + end + end + end end diff --git a/spec/lib/gitlab/auth/current_user_mode_spec.rb b/spec/lib/gitlab/auth/current_user_mode_spec.rb index 7c2fdac6c25..2b910fac155 100644 --- a/spec/lib/gitlab/auth/current_user_mode_spec.rb +++ b/spec/lib/gitlab/auth/current_user_mode_spec.rb @@ -3,294 +3,330 @@ require 'spec_helper' describe Gitlab::Auth::CurrentUserMode, :do_not_mock_admin_mode, :request_store do - include_context 'custom session' - let(:user) { build_stubbed(:user) } subject { described_class.new(user) } - before do - allow(ActiveSession).to receive(:list_sessions).with(user).and_return([session]) - end - - shared_examples 'admin mode cannot be enabled' do - it 'is false by default' do - expect(subject.admin_mode?).to be(false) - end - - it 'cannot be enabled with a valid password' do - subject.enable_admin_mode!(password: user.password) - - expect(subject.admin_mode?).to be(false) - end - - it 'cannot be enabled with an invalid password' do - subject.enable_admin_mode!(password: nil) - - expect(subject.admin_mode?).to be(false) - end - - it 'cannot be enabled with empty params' do - subject.enable_admin_mode! + context 'when session is available' do + include_context 'custom session' - expect(subject.admin_mode?).to be(false) + before do + allow(ActiveSession).to receive(:list_sessions).with(user).and_return([session]) end - it 'disable has no effect' do - subject.enable_admin_mode! - subject.disable_admin_mode! - - expect(subject.admin_mode?).to be(false) - end + shared_examples 'admin mode cannot be enabled' do + it 'is false by default' do + expect(subject.admin_mode?).to be(false) + end - context 'skipping password validation' do it 'cannot be enabled with a valid password' do - subject.enable_admin_mode!(password: user.password, skip_password_validation: true) + subject.enable_admin_mode!(password: user.password) expect(subject.admin_mode?).to be(false) end it 'cannot be enabled with an invalid password' do - subject.enable_admin_mode!(skip_password_validation: true) + subject.enable_admin_mode!(password: nil) expect(subject.admin_mode?).to be(false) end - end - end - describe '#admin_mode?' do - context 'when the user is a regular user' do - it_behaves_like 'admin mode cannot be enabled' + it 'cannot be enabled with empty params' do + subject.enable_admin_mode! - context 'bypassing session' do - it_behaves_like 'admin mode cannot be enabled' do - around do |example| - described_class.bypass_session!(user.id) { example.run } - end - end + expect(subject.admin_mode?).to be(false) end - end - - context 'when the user is an admin' do - let(:user) { build_stubbed(:user, :admin) } - context 'when admin mode not requested' do - it 'is false by default' do - expect(subject.admin_mode?).to be(false) - end - - it 'raises exception if we try to enable it' do - expect do - subject.enable_admin_mode!(password: user.password) - end.to raise_error(::Gitlab::Auth::CurrentUserMode::NotRequestedError) + it 'disable has no effect' do + subject.enable_admin_mode! + subject.disable_admin_mode! - expect(subject.admin_mode?).to be(false) - end + expect(subject.admin_mode?).to be(false) end - context 'when admin mode requested first' do - before do - subject.request_admin_mode! - end + context 'skipping password validation' do + it 'cannot be enabled with a valid password' do + subject.enable_admin_mode!(password: user.password, skip_password_validation: true) - it 'is false by default' do expect(subject.admin_mode?).to be(false) end it 'cannot be enabled with an invalid password' do - subject.enable_admin_mode!(password: nil) + subject.enable_admin_mode!(skip_password_validation: true) expect(subject.admin_mode?).to be(false) end + end + end - it 'can be enabled with a valid password' do - subject.enable_admin_mode!(password: user.password) + describe '#admin_mode?' do + context 'when the user is a regular user' do + it_behaves_like 'admin mode cannot be enabled' - expect(subject.admin_mode?).to be(true) + context 'bypassing session' do + it_behaves_like 'admin mode cannot be enabled' do + around do |example| + described_class.bypass_session!(user.id) { example.run } + end + end end + end - it 'can be disabled' do - subject.enable_admin_mode!(password: user.password) - subject.disable_admin_mode! + context 'when the user is an admin' do + let(:user) { build_stubbed(:user, :admin) } - expect(subject.admin_mode?).to be(false) + context 'when admin mode not requested' do + it 'is false by default' do + expect(subject.admin_mode?).to be(false) + end + + it 'raises exception if we try to enable it' do + expect do + subject.enable_admin_mode!(password: user.password) + end.to raise_error(::Gitlab::Auth::CurrentUserMode::NotRequestedError) + + expect(subject.admin_mode?).to be(false) + end end - it 'will expire in the future' do - subject.enable_admin_mode!(password: user.password) - expect(subject.admin_mode?).to be(true), 'admin mode is not active in the present' + context 'when admin mode requested first' do + before do + subject.request_admin_mode! + end - Timecop.freeze(Gitlab::Auth::CurrentUserMode::MAX_ADMIN_MODE_TIME.from_now) do - # in the future this will be a new request, simulate by clearing the RequestStore - Gitlab::SafeRequestStore.clear! + it 'is false by default' do + expect(subject.admin_mode?).to be(false) + end + + it 'cannot be enabled with an invalid password' do + subject.enable_admin_mode!(password: nil) - expect(subject.admin_mode?).to be(false), 'admin mode did not expire in the future' + expect(subject.admin_mode?).to be(false) end - end - context 'skipping password validation' do it 'can be enabled with a valid password' do - subject.enable_admin_mode!(password: user.password, skip_password_validation: true) + subject.enable_admin_mode!(password: user.password) expect(subject.admin_mode?).to be(true) end - it 'can be enabled with an invalid password' do - subject.enable_admin_mode!(skip_password_validation: true) + it 'can be disabled' do + subject.enable_admin_mode!(password: user.password) + subject.disable_admin_mode! - expect(subject.admin_mode?).to be(true) + expect(subject.admin_mode?).to be(false) end - end - context 'with two independent sessions' do - let(:another_session) { {} } - let(:another_subject) { described_class.new(user) } + it 'will expire in the future' do + subject.enable_admin_mode!(password: user.password) + expect(subject.admin_mode?).to be(true), 'admin mode is not active in the present' - before do - allow(ActiveSession).to receive(:list_sessions).with(user).and_return([session, another_session]) + Timecop.freeze(Gitlab::Auth::CurrentUserMode::MAX_ADMIN_MODE_TIME.from_now) do + # in the future this will be a new request, simulate by clearing the RequestStore + Gitlab::SafeRequestStore.clear! + + expect(subject.admin_mode?).to be(false), 'admin mode did not expire in the future' + end end - it 'can be enabled in one and seen in the other' do - Gitlab::Session.with_session(another_session) do - another_subject.request_admin_mode! - another_subject.enable_admin_mode!(password: user.password) + context 'skipping password validation' do + it 'can be enabled with a valid password' do + subject.enable_admin_mode!(password: user.password, skip_password_validation: true) + + expect(subject.admin_mode?).to be(true) end - expect(subject.admin_mode?).to be(true) + it 'can be enabled with an invalid password' do + subject.enable_admin_mode!(skip_password_validation: true) + + expect(subject.admin_mode?).to be(true) + end end - end - end - context 'bypassing session' do - it 'is active by default' do - described_class.bypass_session!(user.id) do - expect(subject.admin_mode?).to be(true) + context 'with two independent sessions' do + let(:another_session) { {} } + let(:another_subject) { described_class.new(user) } + + before do + allow(ActiveSession).to receive(:list_sessions).with(user).and_return([session, another_session]) + end + + it 'can be enabled in one and seen in the other' do + Gitlab::Session.with_session(another_session) do + another_subject.request_admin_mode! + another_subject.enable_admin_mode!(password: user.password) + end + + expect(subject.admin_mode?).to be(true) + end end end - it 'enable has no effect' do - described_class.bypass_session!(user.id) do - subject.request_admin_mode! - subject.enable_admin_mode!(password: user.password) + context 'bypassing session' do + it 'is active by default' do + described_class.bypass_session!(user.id) do + expect(subject.admin_mode?).to be(true) + end + end - expect(subject.admin_mode?).to be(true) + it 'enable has no effect' do + described_class.bypass_session!(user.id) do + subject.request_admin_mode! + subject.enable_admin_mode!(password: user.password) + + expect(subject.admin_mode?).to be(true) + end end - end - it 'disable has no effect' do - described_class.bypass_session!(user.id) do - subject.disable_admin_mode! + it 'disable has no effect' do + described_class.bypass_session!(user.id) do + subject.disable_admin_mode! - expect(subject.admin_mode?).to be(true) + expect(subject.admin_mode?).to be(true) + end end end end end - end - describe '#enable_admin_mode!' do - let(:user) { build_stubbed(:user, :admin) } + describe '#enable_admin_mode!' do + let(:user) { build_stubbed(:user, :admin) } - it 'creates a timestamp in the session' do - subject.request_admin_mode! - subject.enable_admin_mode!(password: user.password) + it 'creates a timestamp in the session' do + subject.request_admin_mode! + subject.enable_admin_mode!(password: user.password) - expect(session).to include(expected_session_entry(be_within(1.second).of Time.now)) + expect(session).to include(expected_session_entry(be_within(1.second).of Time.now)) + end end - end - describe '#enable_sessionless_admin_mode!' do - let(:user) { build_stubbed(:user, :admin) } + describe '#disable_admin_mode!' do + let(:user) { build_stubbed(:user, :admin) } - it 'enabled admin mode without password' do - subject.enable_sessionless_admin_mode! + it 'sets the session timestamp to nil' do + subject.request_admin_mode! + subject.disable_admin_mode! - expect(subject.admin_mode?).to be(true) + expect(session).to include(expected_session_entry(be_nil)) + end end - end - describe '#disable_admin_mode!' do - let(:user) { build_stubbed(:user, :admin) } + describe '.with_current_request_admin_mode' do + context 'with a regular user' do + it 'user is not available inside nor outside the yielded block' do + described_class.with_current_admin(user) do + expect(described_class.current_admin).to be_nil + end - it 'sets the session timestamp to nil' do - subject.request_admin_mode! - subject.disable_admin_mode! + expect(described_class.bypass_session_admin_id).to be_nil + end + end - expect(session).to include(expected_session_entry(be_nil)) - end - end + context 'with an admin user' do + let(:user) { build_stubbed(:user, :admin) } - describe '.bypass_session!' do - context 'with a regular user' do - it 'admin mode is false' do - described_class.bypass_session!(user.id) do - expect(subject.admin_mode?).to be(false) - expect(described_class.bypass_session_admin_id).to be(user.id) + context 'admin mode is disabled' do + it 'user is not available inside nor outside the yielded block' do + described_class.with_current_admin(user) do + expect(described_class.current_admin).to be_nil + end + + expect(described_class.bypass_session_admin_id).to be_nil + end end - expect(described_class.bypass_session_admin_id).to be_nil - end - end + context 'admin mode is enabled' do + before do + subject.request_admin_mode! + subject.enable_admin_mode!(password: user.password) + end - context 'with an admin user' do - let(:user) { build_stubbed(:user, :admin) } + it 'user is available only inside the yielded block' do + described_class.with_current_admin(user) do + expect(described_class.current_admin).to be(user) + end - it 'admin mode is true' do - described_class.bypass_session!(user.id) do - expect(subject.admin_mode?).to be(true) - expect(described_class.bypass_session_admin_id).to be(user.id) + expect(described_class.current_admin).to be_nil + end end - - expect(described_class.bypass_session_admin_id).to be_nil end end - end - describe '.with_current_request_admin_mode' do - context 'with a regular user' do - it 'user is not available inside nor outside the yielded block' do - described_class.with_current_admin(user) do - expect(described_class.current_admin).to be_nil - end + def expected_session_entry(value_matcher) + { + Gitlab::Auth::CurrentUserMode::SESSION_STORE_KEY => a_hash_including( + Gitlab::Auth::CurrentUserMode::ADMIN_MODE_START_TIME_KEY => value_matcher) + } + end + end - expect(described_class.bypass_session_admin_id).to be_nil + context 'when no session available' do + around do |example| + Gitlab::Session.with_session(nil) do + example.run end end - context 'with an admin user' do - let(:user) { build_stubbed(:user, :admin) } + describe '.bypass_session!' do + context 'when providing a block' do + context 'with a regular user' do + it 'admin mode is false' do + described_class.bypass_session!(user.id) do + expect(Gitlab::Session.current).to be_nil + expect(subject.admin_mode?).to be(false) + expect(described_class.bypass_session_admin_id).to be(user.id) + end - context 'admin mode is disabled' do - it 'user is not available inside nor outside the yielded block' do - described_class.with_current_admin(user) do - expect(described_class.current_admin).to be_nil + expect(described_class.bypass_session_admin_id).to be_nil end + end - expect(described_class.bypass_session_admin_id).to be_nil + context 'with an admin user' do + let(:user) { build_stubbed(:user, :admin) } + + it 'admin mode is true' do + described_class.bypass_session!(user.id) do + expect(Gitlab::Session.current).to be_nil + expect(subject.admin_mode?).to be(true) + expect(described_class.bypass_session_admin_id).to be(user.id) + end + + expect(described_class.bypass_session_admin_id).to be_nil + end end end - context 'admin mode is enabled' do - before do - subject.request_admin_mode! - subject.enable_admin_mode!(password: user.password) - end + context 'when not providing a block' do + context 'with a regular user' do + it 'admin mode is false' do + described_class.bypass_session!(user.id) - it 'user is available only inside the yielded block' do - described_class.with_current_admin(user) do - expect(described_class.current_admin).to be(user) + expect(Gitlab::Session.current).to be_nil + expect(subject.admin_mode?).to be(false) + expect(described_class.bypass_session_admin_id).to be(user.id) + + described_class.reset_bypass_session! + + expect(described_class.bypass_session_admin_id).to be_nil end + end - expect(described_class.current_admin).to be_nil + context 'with an admin user' do + let(:user) { build_stubbed(:user, :admin) } + + it 'admin mode is true' do + described_class.bypass_session!(user.id) + + expect(Gitlab::Session.current).to be_nil + expect(subject.admin_mode?).to be(true) + expect(described_class.bypass_session_admin_id).to be(user.id) + + described_class.reset_bypass_session! + + expect(described_class.bypass_session_admin_id).to be_nil + end end end end end - - def expected_session_entry(value_matcher) - { - Gitlab::Auth::CurrentUserMode::SESSION_STORE_KEY => a_hash_including( - Gitlab::Auth::CurrentUserMode::ADMIN_MODE_START_TIME_KEY => value_matcher) - } - end end diff --git a/spec/lib/gitlab/graphql/pagination/offset_active_record_relation_connection_spec.rb b/spec/lib/gitlab/graphql/pagination/offset_active_record_relation_connection_spec.rb new file mode 100644 index 00000000000..2269b4def82 --- /dev/null +++ b/spec/lib/gitlab/graphql/pagination/offset_active_record_relation_connection_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Gitlab::Graphql::Pagination::OffsetActiveRecordRelationConnection do + it 'subclasses from GraphQL::Relay::RelationConnection' do + expect(described_class.superclass).to eq GraphQL::Relay::RelationConnection + end +end diff --git a/spec/lib/gitlab/user_access_spec.rb b/spec/lib/gitlab/user_access_spec.rb index 2f4ab2e71db..8d13f377677 100644 --- a/spec/lib/gitlab/user_access_spec.rb +++ b/spec/lib/gitlab/user_access_spec.rb @@ -46,32 +46,27 @@ describe Gitlab::UserAccess do expect(project_access.can_push_to_branch?('master')).to be_truthy end - it 'returns false if user is developer and project is fully protected' do - empty_project.add_developer(user) - stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_FULL) - - expect(project_access.can_push_to_branch?('master')).to be_falsey - end - - it 'returns false if user is developer and it is not allowed to push new commits but can merge into branch' do - empty_project.add_developer(user) - stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_MERGE) - - expect(project_access.can_push_to_branch?('master')).to be_falsey - end - - it 'returns true if user is developer and project is unprotected' do - empty_project.add_developer(user) - stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_NONE) - - expect(project_access.can_push_to_branch?('master')).to be_truthy - end - - it 'returns true if user is developer and project grants developers permission' do - empty_project.add_developer(user) - stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_PUSH) - - expect(project_access.can_push_to_branch?('master')).to be_truthy + context 'when the user is a developer' do + using RSpec::Parameterized::TableSyntax + + before do + empty_project.add_developer(user) + end + + where(:default_branch_protection_level, :result) do + Gitlab::Access::PROTECTION_NONE | true + Gitlab::Access::PROTECTION_DEV_CAN_PUSH | true + Gitlab::Access::PROTECTION_DEV_CAN_MERGE | false + Gitlab::Access::PROTECTION_FULL | false + end + + with_them do + it do + expect(empty_project.namespace).to receive(:default_branch_protection).and_return(default_branch_protection_level).at_least(:once) + + expect(project_access.can_push_to_branch?('master')).to eq(result) + end + end end end |