diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-01 12:02:36 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-01 12:02:58 +0300 |
commit | 23330db102f66781cc9a22cd006433cfcbd13863 (patch) | |
tree | 7c1630c6373a1c4d156eeb7f8bc4010c9a280d11 /spec/support | |
parent | 8d628223c41aabc9d42af95cce1193becffa1b0f (diff) |
Add latest changes from gitlab-org/security/gitlab@13-8-stable-ee
Diffstat (limited to 'spec/support')
-rw-r--r-- | spec/support/matchers/route_to_route_not_found_matcher.rb | 15 | ||||
-rw-r--r-- | spec/support/shared_examples/routing/git_http_routing_shared_examples.rb | 54 |
2 files changed, 65 insertions, 4 deletions
diff --git a/spec/support/matchers/route_to_route_not_found_matcher.rb b/spec/support/matchers/route_to_route_not_found_matcher.rb new file mode 100644 index 00000000000..4105f0f9191 --- /dev/null +++ b/spec/support/matchers/route_to_route_not_found_matcher.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +RSpec::Matchers.define :route_to_route_not_found do + match do |actual| + expect(actual).to route_to(controller: 'application', action: 'route_not_found') + rescue RSpec::Expectations::ExpectationNotMetError => e + # `route_to` matcher requires providing all params for exact match. As we use it in shared examples and we provide different paths, + # this matcher checks if provided route matches controller and action, without checking params. + expect(e.message).to include("-{\"controller\"=>\"application\", \"action\"=>\"route_not_found\"}\n+{\"controller\"=>\"application\", \"action\"=>\"route_not_found\",") + end + + failure_message do |_| + "expected #{actual} to route to route_not_found" + end +end diff --git a/spec/support/shared_examples/routing/git_http_routing_shared_examples.rb b/spec/support/shared_examples/routing/git_http_routing_shared_examples.rb index b0e1e942d81..f924da37f4f 100644 --- a/spec/support/shared_examples/routing/git_http_routing_shared_examples.rb +++ b/spec/support/shared_examples/routing/git_http_routing_shared_examples.rb @@ -16,10 +16,6 @@ RSpec.shared_examples 'git repository routes' do expect(get("#{container_path}/info/refs?service=git-upload-pack")).to redirect_to("#{container_path}.git/info/refs?service=git-upload-pack") expect(get("#{container_path}/info/refs?service=git-receive-pack")).to redirect_to("#{container_path}.git/info/refs?service=git-receive-pack") end - - it 'does not redirect other requests' do - expect(post("#{container_path}/git-upload-pack")).not_to be_routable - end end it 'routes LFS endpoints' do @@ -35,6 +31,56 @@ RSpec.shared_examples 'git repository routes' do expect(get("#{path}/gitlab-lfs/objects/#{oid}")).to route_to('repositories/lfs_storage#download', oid: oid, **params) expect(put("#{path}/gitlab-lfs/objects/#{oid}/456/authorize")).to route_to('repositories/lfs_storage#upload_authorize', oid: oid, size: '456', **params) expect(put("#{path}/gitlab-lfs/objects/#{oid}/456")).to route_to('repositories/lfs_storage#upload_finalize', oid: oid, size: '456', **params) + end +end + +RSpec.shared_examples 'git repository routes without fallback' do + let(:container_path) { path.delete_suffix('.git') } + + context 'requests without .git format' do + it 'does not redirect other requests' do + expect(post("#{container_path}/git-upload-pack")).not_to be_routable + end + end + + it 'routes LFS endpoints for unmatched routes' do + oid = generate(:oid) + + expect(put("#{path}/gitlab-lfs/objects/foo")).not_to be_routable + expect(put("#{path}/gitlab-lfs/objects/#{oid}/foo")).not_to be_routable + expect(put("#{path}/gitlab-lfs/objects/#{oid}/foo/authorize")).not_to be_routable + end +end + +RSpec.shared_examples 'git repository routes with fallback' do + let(:container_path) { path.delete_suffix('.git') } + + context 'requests without .git format' do + it 'does not redirect other requests' do + expect(post("#{container_path}/git-upload-pack")).to route_to_route_not_found + end + end + + it 'routes LFS endpoints' do + oid = generate(:oid) + + expect(put("#{path}/gitlab-lfs/objects/foo")).to route_to_route_not_found + expect(put("#{path}/gitlab-lfs/objects/#{oid}/foo")).to route_to_route_not_found + expect(put("#{path}/gitlab-lfs/objects/#{oid}/foo/authorize")).to route_to_route_not_found + end +end + +RSpec.shared_examples 'git repository routes with fallback for git-upload-pack' do + let(:container_path) { path.delete_suffix('.git') } + + context 'requests without .git format' do + it 'does not redirect other requests' do + expect(post("#{container_path}/git-upload-pack")).to route_to_route_not_found + end + end + + it 'routes LFS endpoints for unmatched routes' do + oid = generate(:oid) expect(put("#{path}/gitlab-lfs/objects/foo")).not_to be_routable expect(put("#{path}/gitlab-lfs/objects/#{oid}/foo")).not_to be_routable |