diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-10 23:26:58 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-10 23:26:58 +0300 |
commit | f57f7eebac215d23e6ca74d865bd19407cbaccba (patch) | |
tree | 047cb0a0e66bf9afc512ed2f02fdbe2d5d65978b /spec/requests/projects/integrations/slash_commands_controller_spec.rb | |
parent | 2965e48337030c75e342b72d3420b7ff69e11f08 (diff) |
Add latest changes from gitlab-org/security/gitlab@16-7-stable-ee
Diffstat (limited to 'spec/requests/projects/integrations/slash_commands_controller_spec.rb')
-rw-r--r-- | spec/requests/projects/integrations/slash_commands_controller_spec.rb | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/spec/requests/projects/integrations/slash_commands_controller_spec.rb b/spec/requests/projects/integrations/slash_commands_controller_spec.rb new file mode 100644 index 00000000000..3d61f882bdf --- /dev/null +++ b/spec/requests/projects/integrations/slash_commands_controller_spec.rb @@ -0,0 +1,139 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe ::Projects::Integrations::SlashCommandsController, feature_category: :integrations do + let_it_be(:project) { create(:project) } + let_it_be(:user) { create(:user, developer_projects: [project]) } + let_it_be(:chat_name) { create(:chat_name, user: user) } + + let(:params) do + { + command_id: 'command-id', + integration: 'mattermost_slash_commands', + team: 1, + channel: 2, + response_url: 'http://www.example.com' + } + end + + before do + create(:mattermost_slash_commands_integration, project: project) + end + + describe 'GET #show' do + context 'when user is signed in' do + before do + sign_in(user) + end + + context 'when request is invalid' do + it 'renders the "show" template with expired message' do + get project_integrations_slash_commands_path(project), params: params + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template(:show) + expect(response.body).to include( + 'The slash command verification request has expired. Please run the command again.' + ) + end + end + + context 'when request is valid', :use_clean_rails_memory_store_caching do + before do + Rails.cache.write( + "slash-command-requests:#{params[:command_id]}", { team_id: chat_name.team_id, user_id: chat_name.chat_id } + ) + stub_request(:post, "http://www.example.com/").to_return(status: 200, body: 'ok') + end + + context 'when user is valid' do + it 'renders the "show" template with authorize button' do + get project_integrations_slash_commands_path(project), params: params + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template(:show) + expect(response.body).to include('Authorize') + end + end + + context 'when user is invalid' do + let(:chat_name) { create(:chat_name) } + + it 'renders the "show" template' do + get project_integrations_slash_commands_path(project), params: params + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template(:show) + expect(response.body).to include('The slash command request is invalid.') + end + end + end + end + + context 'when user is not signed in' do + it 'redirects with a status of 302' do + get project_integrations_slash_commands_path(project), params: params + + expect(response).to have_gitlab_http_status(:redirect) + end + end + end + + describe 'POST #confirm' do + let(:params) { super().merge(redirect_url: 'http://www.example.com') } + + context 'when user is signed in' do + before do + sign_in(user) + end + + context 'when request is invalid' do + it 'renders the "show" template' do + post confirm_project_integrations_slash_commands_path(project), params: params + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template(:show) + expect(response.body).to include('The slash command request is invalid.') + end + end + + context 'when request is valid', :use_clean_rails_memory_store_caching do + before do + Rails.cache.write( + "slash-command-requests:#{params[:command_id]}", { team_id: chat_name.team_id, user_id: chat_name.chat_id } + ) + stub_request(:post, "http://www.example.com/").to_return(status: 200, body: 'ok') + end + + context 'when user is valid' do + it 'redirects back to the integration' do + post confirm_project_integrations_slash_commands_path(project), params: params + + expect(response).to have_gitlab_http_status(:redirect) + end + end + + context 'when user is invalid' do + let(:chat_name) { create(:chat_name) } + + it 'renders the "show" template' do + post confirm_project_integrations_slash_commands_path(project), params: params + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template(:show) + expect(response.body).to include('The slash command request is invalid.') + end + end + end + end + + context 'when user is not signed in' do + it 'redirects with a status of 302' do + post confirm_project_integrations_slash_commands_path(project), params: params + + expect(response).to have_gitlab_http_status(:redirect) + end + end + end +end |