diff options
| author | Mayra Cabrera <mcabrera@gitlab.com> | 2018-07-23 12:23:08 +0300 |
|---|---|---|
| committer | Grzegorz Bizon <grzegorz@gitlab.com> | 2018-07-23 12:23:08 +0300 |
| commit | f2c46672cae763bb213e8aa14253e5eea48c1064 (patch) | |
| tree | 708ab3375268f826b01adb2ae79e590bcb9aabd1 /spec/requests | |
| parent | d1f890e9e4c759b1b43b888c07127a05e38f53e5 (diff) | |
Resolve "Deploy Tokens failed to clone LFS repository"
Diffstat (limited to 'spec/requests')
| -rw-r--r-- | spec/requests/lfs_http_spec.rb | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/spec/requests/lfs_http_spec.rb b/spec/requests/lfs_http_spec.rb index de39abdb746..c2378646f89 100644 --- a/spec/requests/lfs_http_spec.rb +++ b/spec/requests/lfs_http_spec.rb @@ -575,6 +575,40 @@ describe 'Git LFS API and storage' do end end + context 'when using Deploy Tokens' do + let(:project) { create(:project, :repository) } + let(:authorization) { authorize_deploy_token } + let(:update_user_permissions) { nil } + let(:role) { nil } + let(:update_lfs_permissions) do + project.lfs_objects << lfs_object + end + + context 'when Deploy Token is valid' do + let(:deploy_token) { create(:deploy_token, projects: [project]) } + + it_behaves_like 'an authorized requests' + end + + context 'when Deploy Token is not valid' do + let(:deploy_token) { create(:deploy_token, projects: [project], read_repository: false) } + + it 'responds with access denied' do + expect(response).to have_gitlab_http_status(401) + end + end + + context 'when Deploy Token is not related to the project' do + let(:another_project) { create(:project, :repository) } + let(:deploy_token) { create(:deploy_token, projects: [another_project]) } + + it 'responds with access forbidden' do + # We render 404, to prevent data leakage about existence of the project + expect(response).to have_gitlab_http_status(404) + end + end + end + context 'when build is authorized as' do let(:authorization) { authorize_ci_project } @@ -1381,6 +1415,10 @@ describe 'Git LFS API and storage' do ActionController::HttpAuthentication::Basic.encode_credentials(user.username, Gitlab::LfsToken.new(user).token) end + def authorize_deploy_token + ActionController::HttpAuthentication::Basic.encode_credentials(deploy_token.username, deploy_token.token) + end + def post_lfs_json(url, body = nil, headers = nil) post(url, body.try(:to_json), (headers || {}).merge('Content-Type' => LfsRequest::CONTENT_TYPE)) end |