diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-18 03:11:02 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-18 03:11:02 +0300 |
commit | c95fc172145f1bdbc8d959b6cee31555fc545784 (patch) | |
tree | 5aa4940ddefb9bea164905d61916593cc265a05c /spec/lib | |
parent | eda321fc0b96e44e296341f6288dd7f1a27ba93a (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/lib')
-rw-r--r-- | spec/lib/api/helpers_spec.rb | 89 | ||||
-rw-r--r-- | spec/lib/gitlab/diff/highlight_cache_spec.rb | 70 |
2 files changed, 146 insertions, 13 deletions
diff --git a/spec/lib/api/helpers_spec.rb b/spec/lib/api/helpers_spec.rb index cd41d362d03..f25c75ef93c 100644 --- a/spec/lib/api/helpers_spec.rb +++ b/spec/lib/api/helpers_spec.rb @@ -865,4 +865,93 @@ RSpec.describe API::Helpers do helper.bad_request!('custom reason') end end + + describe '#authenticate_by_gitlab_shell_token!' do + include GitlabShellHelpers + + let(:valid_secret_token) { 'valid' } + let(:invalid_secret_token) { 'invalid' } + let(:headers) { {} } + let(:params) { {} } + + shared_examples 'authorized' do + it 'authorized' do + expect(helper).not_to receive(:unauthorized!) + + helper.authenticate_by_gitlab_shell_token! + end + end + + shared_examples 'unauthorized' do + it 'unauthorized' do + expect(helper).to receive(:unauthorized!) + + helper.authenticate_by_gitlab_shell_token! + end + end + + before do + allow(Gitlab::Shell).to receive(:secret_token).and_return(valid_secret_token) + allow(helper).to receive_messages(params: params, headers: headers, secret_token: valid_secret_token) + end + + context 'when jwt token is not provided' do + it_behaves_like 'unauthorized' + end + + context 'when jwt token is invalid' do + let(:headers) { gitlab_shell_internal_api_request_header(secret_token: invalid_secret_token) } + + it_behaves_like 'unauthorized' + end + + context 'when jwt token issuer is invalid' do + let(:headers) { gitlab_shell_internal_api_request_header(issuer: 'gitlab-workhorse') } + + it_behaves_like 'unauthorized' + end + + context 'when jwt token is valid' do + let(:headers) { gitlab_shell_internal_api_request_header } + + it_behaves_like 'authorized' + end + + context 'when gitlab_shell_jwt_token is disabled' do + let(:valid_secret_token) { +'valid' } # mutable string to use chomp! + let(:invalid_secret_token) { +'invalid' } # mutable string to use chomp! + + before do + stub_feature_flags(gitlab_shell_jwt_token: false) + end + + context 'when shared secret is not provided' do + it_behaves_like 'unauthorized' + end + + context 'when shared secret provided via params' do + let(:params) { { 'secret_token' => valid_secret_token } } + + it_behaves_like 'authorized' + + context 'but it is invalid' do + let(:params) { { 'secret_token' => invalid_secret_token } } + + it_behaves_like 'unauthorized' + end + end + + context 'when shared secret provided via headers' do + let(:headers) { { described_class::GITLAB_SHARED_SECRET_HEADER => Base64.encode64(valid_secret_token) } } + + it_behaves_like 'authorized' + + context 'but it is invalid' do + let(:headers) { { described_class::GITLAB_SHARED_SECRET_HEADER => Base64.encode64(invalid_secret_token) } } + + it_behaves_like 'unauthorized' + end + end + end + end end diff --git a/spec/lib/gitlab/diff/highlight_cache_spec.rb b/spec/lib/gitlab/diff/highlight_cache_spec.rb index 1d1ffc8c275..67751144565 100644 --- a/spec/lib/gitlab/diff/highlight_cache_spec.rb +++ b/spec/lib/gitlab/diff/highlight_cache_spec.rb @@ -109,23 +109,67 @@ RSpec.describe Gitlab::Diff::HighlightCache, :clean_gitlab_redis_cache do end shared_examples 'caches missing entries' do - it 'filters the key/value list of entries to be caches for each invocation' do - expect(cache).to receive(:write_to_redis_hash) - .with(hash_including(*paths)) - .once - .and_call_original - - Gitlab::Redis::Cache.with do |redis| - expect(redis).to receive(:expire).with(cache.key, described_class::EXPIRATION) + where(:expiration_period, :renewable_expiration_ff, :short_renewable_expiration_ff) do + [ + [1.day, false, true], + [1.day, false, false], + [1.hour, true, true], + [8.hours, true, false] + ] + end + + with_them do + before do + stub_feature_flags( + highlight_diffs_renewable_expiration: renewable_expiration_ff, + highlight_diffs_short_renewable_expiration: short_renewable_expiration_ff + ) end - 2.times { cache.write_if_empty } - end + it 'filters the key/value list of entries to be caches for each invocation' do + expect(cache).to receive(:write_to_redis_hash) + .with(hash_including(*paths)) + .once + .and_call_original - it 'reads from cache once' do - expect(cache).to receive(:read_cache).once.and_call_original + Gitlab::Redis::Cache.with do |redis| + expect(redis).to receive(:expire).with(cache.key, expiration_period).at_least(:once) + end - cache.write_if_empty + 2.times { cache.write_if_empty } + end + + it 'reads from cache once' do + expect(cache).to receive(:read_cache).once.and_call_original + + Gitlab::Redis::Cache.with do |redis| + expect(redis).to receive(:expire).with(cache.key, expiration_period).at_least(:once) + end + + cache.write_if_empty + end + + it 'refreshes TTL of the key on read' do + cache.write_if_empty + + time_until_expire = 30.minutes + + Gitlab::Redis::Cache.with do |redis| + # Emulate that a key is going to expire soon + redis.expire(cache.key, time_until_expire) + + expect(redis.ttl(cache.key)).to be <= time_until_expire + + cache.send(:read_cache) + + if renewable_expiration_ff + expect(redis.ttl(cache.key)).to be > time_until_expire + expect(redis.ttl(cache.key)).to be_within(1.minute).of(expiration_period) + else + expect(redis.ttl(cache.key)).to be <= time_until_expire + end + end + end end end |