diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 18:58:06 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 18:58:06 +0300 |
commit | d7f9136904d164afd7b1ac236f6f814729083e61 (patch) | |
tree | 8d7c2d11dd2f34870c709121188cce79bb45185b /spec | |
parent | 417e58fdc57523f11bb57f8aca7ff9121c3d3ee9 (diff) | |
parent | 576818b578be87a90c60c1e734fd5f6df48bb82f (diff) |
Merge branch 'security-mask-sentry-token-ce' into 'master'
Mask sentry auth token
See merge request gitlab/gitlabhq!3462
Diffstat (limited to 'spec')
-rw-r--r-- | spec/services/error_tracking/list_projects_service_spec.rb | 13 | ||||
-rw-r--r-- | spec/services/projects/operations/update_service_spec.rb | 21 |
2 files changed, 34 insertions, 0 deletions
diff --git a/spec/services/error_tracking/list_projects_service_spec.rb b/spec/services/error_tracking/list_projects_service_spec.rb index 730fccc599e..a272a604184 100644 --- a/spec/services/error_tracking/list_projects_service_spec.rb +++ b/spec/services/error_tracking/list_projects_service_spec.rb @@ -50,6 +50,19 @@ describe ErrorTracking::ListProjectsService do end end + context 'masked param token' do + let(:params) { ActionController::Parameters.new(token: "*********", api_host: new_api_host) } + + before do + expect(error_tracking_setting).to receive(:list_sentry_projects) + .and_return({ projects: [] }) + end + + it 'uses database token' do + expect { subject.execute }.not_to change { error_tracking_setting.token } + end + end + context 'sentry client raises exception' do context 'Sentry::Client::Error' do before do diff --git a/spec/services/projects/operations/update_service_spec.rb b/spec/services/projects/operations/update_service_spec.rb index b2f9fd6df79..81d59a98b9b 100644 --- a/spec/services/projects/operations/update_service_spec.rb +++ b/spec/services/projects/operations/update_service_spec.rb @@ -145,6 +145,27 @@ describe Projects::Operations::UpdateService do end end + context 'with masked param token' do + let(:params) do + { + error_tracking_setting_attributes: { + enabled: false, + token: '*' * 8 + } + } + end + + before do + create(:project_error_tracking_setting, project: project, token: 'token') + end + + it 'does not update token' do + expect(result[:status]).to eq(:success) + + expect(project.error_tracking_setting.token).to eq('token') + end + end + context 'with invalid parameters' do let(:params) { {} } |