diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-30 02:58:28 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-30 02:58:28 +0300 |
commit | 6cf208f33ad87d199cb9b50fd0b29cf243155f90 (patch) | |
tree | b147a9f37a90d9b8c2057e938f8fb1596c51bb55 /spec | |
parent | dd45a03c04b9cc91cd761bf2e94644ee92f2a8f6 (diff) |
Add latest changes from gitlab-org/security/gitlab@15-10-stable-ee
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/concerns/confirm_email_warning_spec.rb | 34 | ||||
-rw-r--r-- | spec/controllers/projects/blob_controller_spec.rb | 33 | ||||
-rw-r--r-- | spec/controllers/projects/tree_controller_spec.rb | 34 | ||||
-rw-r--r-- | spec/controllers/projects_controller_spec.rb | 63 | ||||
-rw-r--r-- | spec/features/admin/users/user_spec.rb | 30 | ||||
-rw-r--r-- | spec/frontend/repository/utils/ref_switcher_utils_spec.js | 29 |
6 files changed, 12 insertions, 211 deletions
diff --git a/spec/controllers/concerns/confirm_email_warning_spec.rb b/spec/controllers/concerns/confirm_email_warning_spec.rb index 7cfbd86cdcb..fca99d37000 100644 --- a/spec/controllers/concerns/confirm_email_warning_spec.rb +++ b/spec/controllers/concerns/confirm_email_warning_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe ConfirmEmailWarning, feature_category: :system_access do +RSpec.describe ConfirmEmailWarning do before do stub_application_setting_enum('email_confirmation_setting', 'soft') end @@ -82,38 +82,6 @@ RSpec.describe ConfirmEmailWarning, feature_category: :system_access do it { is_expected.to set_confirm_warning_for(user.email) } end end - - context 'when user is being impersonated' do - let(:impersonator) { create(:admin) } - - before do - allow(controller).to receive(:session).and_return({ impersonator_id: impersonator.id }) - - get :index - end - - it { is_expected.to set_confirm_warning_for(user.email) } - - context 'when impersonated user email has html in their email' do - let(:user) { create(:user, confirmed_at: nil, unconfirmed_email: "malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>") } - - it { is_expected.to set_confirm_warning_for("malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>") } - end - end - - context 'when user is not being impersonated' do - before do - get :index - end - - it { is_expected.to set_confirm_warning_for(user.email) } - - context 'when user email has html in their email' do - let(:user) { create(:user, confirmed_at: nil, unconfirmed_email: "malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>") } - - it { is_expected.to set_confirm_warning_for("malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>") } - end - end end end end diff --git a/spec/controllers/projects/blob_controller_spec.rb b/spec/controllers/projects/blob_controller_spec.rb index 2c05521d997..c091badd09d 100644 --- a/spec/controllers/projects/blob_controller_spec.rb +++ b/spec/controllers/projects/blob_controller_spec.rb @@ -2,16 +2,15 @@ require 'spec_helper' -RSpec.describe Projects::BlobController, feature_category: :source_code_management do +RSpec.describe Projects::BlobController do include ProjectForksHelper let(:project) { create(:project, :public, :repository, previous_default_branch: previous_default_branch) } let(:previous_default_branch) { nil } describe "GET show" do - let(:params) { { namespace_id: project.namespace, project_id: project, id: id } } - let(:request) do - get(:show, params: params) + def request + get(:show, params: { namespace_id: project.namespace, project_id: project, id: id }) end render_views @@ -19,32 +18,8 @@ RSpec.describe Projects::BlobController, feature_category: :source_code_manageme context 'with file path' do before do expect(::Gitlab::GitalyClient).to receive(:allow_ref_name_caching).and_call_original - project.repository.add_tag(project.creator, 'ambiguous_ref', RepoHelpers.sample_commit.id) - project.repository.add_branch(project.creator, 'ambiguous_ref', RepoHelpers.another_sample_commit.id) - request - end - - context 'when the ref is ambiguous' do - let(:ref) { 'ambiguous_ref' } - let(:path) { 'README.md' } - let(:id) { "#{ref}/#{path}" } - let(:params) { { namespace_id: project.namespace, project_id: project, id: id, ref_type: ref_type } } - context 'and explicitly requesting a branch' do - let(:ref_type) { 'heads' } - - it 'redirects to blob#show with sha for the branch' do - expect(response).to redirect_to(project_blob_path(project, "#{RepoHelpers.another_sample_commit.id}/#{path}")) - end - end - - context 'and explicitly requesting a tag' do - let(:ref_type) { 'tags' } - - it 'responds with success' do - expect(response).to be_ok - end - end + request end context "valid branch, valid file" do diff --git a/spec/controllers/projects/tree_controller_spec.rb b/spec/controllers/projects/tree_controller_spec.rb index 61998d516e8..2b3adc719c1 100644 --- a/spec/controllers/projects/tree_controller_spec.rb +++ b/spec/controllers/projects/tree_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Projects::TreeController, feature_category: :source_code_management do +RSpec.describe Projects::TreeController do let(:project) { create(:project, :repository, previous_default_branch: previous_default_branch) } let(:previous_default_branch) { nil } let(:user) { create(:user) } @@ -15,41 +15,15 @@ RSpec.describe Projects::TreeController, feature_category: :source_code_manageme end describe "GET show" do - let(:params) do - { - namespace_id: project.namespace.to_param, project_id: project, id: id - } - end - # Make sure any errors accessing the tree in our views bubble up to this spec render_views before do expect(::Gitlab::GitalyClient).to receive(:allow_ref_name_caching).and_call_original - project.repository.add_tag(project.creator, 'ambiguous_ref', RepoHelpers.sample_commit.id) - project.repository.add_branch(project.creator, 'ambiguous_ref', RepoHelpers.another_sample_commit.id) - get :show, params: params - end - - context 'when the ref is ambiguous' do - let(:id) { 'ambiguous_ref' } - let(:params) { { namespace_id: project.namespace, project_id: project, id: id, ref_type: ref_type } } - - context 'and explicitly requesting a branch' do - let(:ref_type) { 'heads' } - it 'redirects to blob#show with sha for the branch' do - expect(response).to redirect_to(project_tree_path(project, RepoHelpers.another_sample_commit.id)) - end - end - - context 'and explicitly requesting a tag' do - let(:ref_type) { 'tags' } - - it 'responds with success' do - expect(response).to be_ok - end - end + get :show, params: { + namespace_id: project.namespace.to_param, project_id: project, id: id + } end context "valid branch, no path" do diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index 5ece9f09e5f..cd6d3990309 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -163,69 +163,6 @@ RSpec.describe ProjectsController, feature_category: :projects do expect(assigns(:notification_setting).level).to eq("watch") end end - - context 'when there is a tag with the same name as the default branch' do - let_it_be(:tagged_project) { create(:project, :public, :custom_repo, files: ['somefile']) } - let(:tree_with_default_branch) do - branch = tagged_project.repository.find_branch(tagged_project.default_branch) - project_tree_path(tagged_project, branch.target) - end - - before do - tagged_project.repository.create_file( - tagged_project.creator, - 'file_for_tag', - 'content for file', - message: "Automatically created file", - branch_name: 'branch-to-tag' - ) - - tagged_project.repository.add_tag( - tagged_project.creator, - tagged_project.default_branch, # tag name - 'branch-to-tag' # target - ) - end - - it 'redirects to tree view for the default branch' do - get :show, params: { namespace_id: tagged_project.namespace, id: tagged_project } - expect(response).to redirect_to(tree_with_default_branch) - end - end - - context 'when the default branch name can resolve to another ref' do - let!(:project_with_default_branch) do - create(:project, :public, :custom_repo, files: ['somefile']).tap do |p| - p.repository.create_branch("refs/heads/refs/heads/#{other_ref}", 'master') - p.change_head("refs/heads/#{other_ref}") - end.reload - end - - let(:other_ref) { 'branch-name' } - - context 'but there is no other ref' do - it 'responds with ok' do - get :show, params: { namespace_id: project_with_default_branch.namespace, id: project_with_default_branch } - expect(response).to be_ok - end - end - - context 'and that other ref exists' do - let(:tree_with_default_branch) do - branch = project_with_default_branch.repository.find_branch(project_with_default_branch.default_branch) - project_tree_path(project_with_default_branch, branch.target) - end - - before do - project_with_default_branch.repository.create_branch(other_ref, 'master') - end - - it 'redirects to tree view for the default branch' do - get :show, params: { namespace_id: project_with_default_branch.namespace, id: project_with_default_branch } - expect(response).to redirect_to(tree_with_default_branch) - end - end - end end describe "when project repository is disabled" do diff --git a/spec/features/admin/users/user_spec.rb b/spec/features/admin/users/user_spec.rb index 66129617220..1552d4e6187 100644 --- a/spec/features/admin/users/user_spec.rb +++ b/spec/features/admin/users/user_spec.rb @@ -271,36 +271,6 @@ RSpec.describe 'Admin::Users::User', feature_category: :user_management do icon = first('[data-testid="incognito-icon"]') expect(icon).not_to be nil end - - context 'when viewing the confirm email warning', :js do - let_it_be(:another_user) { create(:user, :unconfirmed) } - - let(:warning_alert) { page.find(:css, '[data-testid="alert-warning"]') } - let(:expected_styling) { { 'pointer-events' => 'none', 'cursor' => 'default' } } - - context 'with an email that does not contain HTML' do - before do - subject - end - - it 'displays the warning alert including the email' do - expect(warning_alert.text).to include("Please check your email (#{another_user.email}) to verify") - end - end - - context 'with an email that contains HTML' do - let(:malicious_email) { "malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>" } - let(:another_user) { create(:user, confirmed_at: nil, unconfirmed_email: malicious_email) } - - before do - subject - end - - it 'displays the impersonation alert, excludes email, and disables links' do - expect(warning_alert.text).to include("check your email (#{another_user.unconfirmed_email}) to verify") - end - end - end end context 'ending impersonation' do diff --git a/spec/frontend/repository/utils/ref_switcher_utils_spec.js b/spec/frontend/repository/utils/ref_switcher_utils_spec.js index 220dbf17398..7f708f13eaa 100644 --- a/spec/frontend/repository/utils/ref_switcher_utils_spec.js +++ b/spec/frontend/repository/utils/ref_switcher_utils_spec.js @@ -1,6 +1,5 @@ import { generateRefDestinationPath } from '~/repository/utils/ref_switcher_utils'; import setWindowLocation from 'helpers/set_window_location_helper'; -import { TEST_HOST } from 'spec/test_constants'; import { refWithSpecialCharMock, encodedRefWithSpecialCharMock } from '../mock_data'; const projectRootPath = 'root/Project1'; @@ -17,38 +16,16 @@ describe('generateRefDestinationPath', () => { ${`${projectRootPath}/-/blob/${currentRef}/dir1/test.js`} | ${`${projectRootPath}/-/blob/${selectedRef}/dir1/test.js`} ${`${projectRootPath}/-/blob/${currentRef}/dir1/dir2/test.js`} | ${`${projectRootPath}/-/blob/${selectedRef}/dir1/dir2/test.js`} ${`${projectRootPath}/-/blob/${currentRef}/dir1/dir2/test.js#L123`} | ${`${projectRootPath}/-/blob/${selectedRef}/dir1/dir2/test.js#L123`} - `('generates the correct destination path for $currentPath', ({ currentPath, result }) => { + `('generates the correct destination path for $currentPath', ({ currentPath, result }) => { setWindowLocation(currentPath); - expect(generateRefDestinationPath(projectRootPath, currentRef, selectedRef)).toBe( - `${TEST_HOST}/${result}`, - ); - }); - - describe('when using symbolic ref names', () => { - it.each` - currentPath | nextRef | result - ${`${projectRootPath}/-/blob/${currentRef}/dir1/dir2/test.js#L123`} | ${'someHash'} | ${`${projectRootPath}/-/blob/someHash/dir1/dir2/test.js#L123`} - ${`${projectRootPath}/-/blob/${currentRef}/dir1/dir2/test.js#L123`} | ${'refs/heads/prefixedByUseSymbolicRefNames'} | ${`${projectRootPath}/-/blob/prefixedByUseSymbolicRefNames/dir1/dir2/test.js?ref_type=heads#L123`} - ${`${projectRootPath}/-/blob/${currentRef}/dir1/dir2/test.js#L123`} | ${'refs/tags/prefixedByUseSymbolicRefNames'} | ${`${projectRootPath}/-/blob/prefixedByUseSymbolicRefNames/dir1/dir2/test.js?ref_type=tags#L123`} - ${`${projectRootPath}/-/tree/${currentRef}/dir1/dir2/test.js#L123`} | ${'refs/heads/prefixedByUseSymbolicRefNames'} | ${`${projectRootPath}/-/tree/prefixedByUseSymbolicRefNames/dir1/dir2/test.js?ref_type=heads#L123`} - ${`${projectRootPath}/-/tree/${currentRef}/dir1/dir2/test.js#L123`} | ${'refs/tags/prefixedByUseSymbolicRefNames'} | ${`${projectRootPath}/-/tree/prefixedByUseSymbolicRefNames/dir1/dir2/test.js?ref_type=tags#L123`} - ${`${projectRootPath}/-/tree/${currentRef}/dir1/dir2/test.js#L123`} | ${'refs/heads/refs/heads/branchNameContainsPrefix'} | ${`${projectRootPath}/-/tree/refs/heads/branchNameContainsPrefix/dir1/dir2/test.js?ref_type=heads#L123`} - `( - 'generates the correct destination path for $currentPath with ref type when it can be extracted', - ({ currentPath, result, nextRef }) => { - setWindowLocation(currentPath); - expect(generateRefDestinationPath(projectRootPath, currentRef, nextRef)).toBe( - `${TEST_HOST}/${result}`, - ); - }, - ); + expect(generateRefDestinationPath(projectRootPath, currentRef, selectedRef)).toBe(result); }); it('encodes the selected ref', () => { const result = `${projectRootPath}/-/tree/${encodedRefWithSpecialCharMock}`; expect(generateRefDestinationPath(projectRootPath, currentRef, refWithSpecialCharMock)).toBe( - `${TEST_HOST}/${result}`, + result, ); }); }); |