diff options
Diffstat (limited to 'spec/controllers/groups')
8 files changed, 223 insertions, 41 deletions
diff --git a/spec/controllers/groups/boards_controller_spec.rb b/spec/controllers/groups/boards_controller_spec.rb index 66595c27531..a7480130e0a 100644 --- a/spec/controllers/groups/boards_controller_spec.rb +++ b/spec/controllers/groups/boards_controller_spec.rb @@ -21,7 +21,7 @@ RSpec.describe Groups::BoardsController do list_boards expect(response).to render_template :index - expect(response.content_type).to eq 'text/html' + expect(response.media_type).to eq 'text/html' end context 'with unauthorized user' do @@ -36,7 +36,7 @@ RSpec.describe Groups::BoardsController do list_boards expect(response).to have_gitlab_http_status(:not_found) - expect(response.content_type).to eq 'text/html' + expect(response.media_type).to eq 'text/html' end end @@ -52,7 +52,7 @@ RSpec.describe Groups::BoardsController do list_boards expect(response).to render_template :index - expect(response.content_type).to eq 'text/html' + expect(response.media_type).to eq 'text/html' end end end @@ -81,7 +81,7 @@ RSpec.describe Groups::BoardsController do list_boards format: :json expect(response).to have_gitlab_http_status(:not_found) - expect(response.content_type).to eq 'application/json' + expect(response.media_type).to eq 'application/json' end end end @@ -103,7 +103,7 @@ RSpec.describe Groups::BoardsController do expect { read_board board: board }.to change(BoardGroupRecentVisit, :count).by(1) expect(response).to render_template :show - expect(response.content_type).to eq 'text/html' + expect(response.media_type).to eq 'text/html' end context 'with unauthorized user' do @@ -118,7 +118,7 @@ RSpec.describe Groups::BoardsController do read_board board: board expect(response).to have_gitlab_http_status(:not_found) - expect(response.content_type).to eq 'text/html' + expect(response.media_type).to eq 'text/html' end end @@ -131,7 +131,7 @@ RSpec.describe Groups::BoardsController do expect { read_board board: board }.to change(BoardGroupRecentVisit, :count).by(0) expect(response).to render_template :show - expect(response.content_type).to eq 'text/html' + expect(response.media_type).to eq 'text/html' end end end @@ -157,7 +157,7 @@ RSpec.describe Groups::BoardsController do read_board board: board, format: :json expect(response).to have_gitlab_http_status(:not_found) - expect(response.content_type).to eq 'application/json' + expect(response.media_type).to eq 'application/json' end end end diff --git a/spec/controllers/groups/clusters/applications_controller_spec.rb b/spec/controllers/groups/clusters/applications_controller_spec.rb index c1d170edce3..c3947c27399 100644 --- a/spec/controllers/groups/clusters/applications_controller_spec.rb +++ b/spec/controllers/groups/clusters/applications_controller_spec.rb @@ -28,7 +28,7 @@ RSpec.describe Groups::Clusters::ApplicationsController do post :create, params: params.merge(group_id: group) end - let(:application) { 'helm' } + let(:application) { 'ingress' } let(:params) { { application: application, id: cluster.id } } describe 'functionality' do @@ -44,7 +44,7 @@ RSpec.describe Groups::Clusters::ApplicationsController do expect { subject }.to change { current_application.count } expect(response).to have_gitlab_http_status(:no_content) - expect(cluster.application_helm).to be_scheduled + expect(cluster.application_ingress).to be_scheduled end context 'when cluster do not exists' do @@ -68,7 +68,7 @@ RSpec.describe Groups::Clusters::ApplicationsController do context 'when application is already installing' do before do - create(:clusters_applications_helm, :installing, cluster: cluster) + create(:clusters_applications_ingress, :installing, cluster: cluster) end it 'returns 400' do diff --git a/spec/controllers/groups/clusters_controller_spec.rb b/spec/controllers/groups/clusters_controller_spec.rb index 140b7b0f2a8..b287aca1e46 100644 --- a/spec/controllers/groups/clusters_controller_spec.rb +++ b/spec/controllers/groups/clusters_controller_spec.rb @@ -476,7 +476,7 @@ RSpec.describe Groups::ClustersController do expect { post_create_aws }.not_to change { Clusters::Cluster.count } expect(response).to have_gitlab_http_status(:unprocessable_entity) - expect(response.content_type).to eq('application/json') + expect(response.media_type).to eq('application/json') expect(response.body).to include('is invalid') end end diff --git a/spec/controllers/groups/dependency_proxy_auth_controller_spec.rb b/spec/controllers/groups/dependency_proxy_auth_controller_spec.rb new file mode 100644 index 00000000000..857e0570621 --- /dev/null +++ b/spec/controllers/groups/dependency_proxy_auth_controller_spec.rb @@ -0,0 +1,79 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Groups::DependencyProxyAuthController do + include DependencyProxyHelpers + + describe 'GET #authenticate' do + subject { get :authenticate } + + context 'feature flag disabled' do + before do + stub_feature_flags(dependency_proxy_for_private_groups: false) + end + + it 'returns successfully', :aggregate_failures do + subject + + expect(response).to have_gitlab_http_status(:success) + end + end + + context 'without JWT' do + it 'returns unauthorized with oauth realm', :aggregate_failures do + subject + + expect(response).to have_gitlab_http_status(:unauthorized) + expect(response.headers['WWW-Authenticate']).to eq DependencyProxy::Registry.authenticate_header + end + end + + context 'with valid JWT' do + let_it_be(:user) { create(:user) } + let(:jwt) { build_jwt(user) } + let(:token_header) { "Bearer #{jwt.encoded}" } + + before do + request.headers['HTTP_AUTHORIZATION'] = token_header + end + + it { is_expected.to have_gitlab_http_status(:success) } + end + + context 'with invalid JWT' do + context 'bad user' do + let(:jwt) { build_jwt(double('bad_user', id: 999)) } + let(:token_header) { "Bearer #{jwt.encoded}" } + + before do + request.headers['HTTP_AUTHORIZATION'] = token_header + end + + it { is_expected.to have_gitlab_http_status(:not_found) } + end + + context 'token with no user id' do + let(:token_header) { "Bearer #{build_jwt.encoded}" } + + before do + request.headers['HTTP_AUTHORIZATION'] = token_header + end + + it { is_expected.to have_gitlab_http_status(:not_found) } + end + + context 'expired token' do + let_it_be(:user) { create(:user) } + let(:jwt) { build_jwt(user, expire_time: Time.zone.now - 1.hour) } + let(:token_header) { "Bearer #{jwt.encoded}" } + + before do + request.headers['HTTP_AUTHORIZATION'] = token_header + end + + it { is_expected.to have_gitlab_http_status(:unauthorized) } + end + end + end +end diff --git a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb index 615b56ff22f..39cbdfb9123 100644 --- a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb +++ b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb @@ -3,8 +3,77 @@ require 'spec_helper' RSpec.describe Groups::DependencyProxyForContainersController do + include HttpBasicAuthHelpers + include DependencyProxyHelpers + + let_it_be(:user) { create(:user) } let(:group) { create(:group) } let(:token_response) { { status: :success, token: 'abcd1234' } } + let(:jwt) { build_jwt(user) } + let(:token_header) { "Bearer #{jwt.encoded}" } + + shared_examples 'without a token' do + before do + request.headers['HTTP_AUTHORIZATION'] = nil + end + + context 'feature flag disabled' do + before do + stub_feature_flags(dependency_proxy_for_private_groups: false) + end + + it { is_expected.to have_gitlab_http_status(:ok) } + end + + it { is_expected.to have_gitlab_http_status(:unauthorized) } + end + + shared_examples 'feature flag disabled with private group' do + before do + stub_feature_flags(dependency_proxy_for_private_groups: false) + end + + it 'redirects', :aggregate_failures do + group.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE) + + subject + + expect(response).to have_gitlab_http_status(:redirect) + expect(response.location).to end_with(new_user_session_path) + end + end + + shared_examples 'without permission' do + context 'with invalid user' do + before do + user = double('bad_user', id: 999) + token_header = "Bearer #{build_jwt(user).encoded}" + request.headers['HTTP_AUTHORIZATION'] = token_header + end + + it { is_expected.to have_gitlab_http_status(:not_found) } + end + + context 'with valid user that does not have access' do + let(:group) { create(:group, :private) } + + before do + user = double('bad_user', id: 999) + token_header = "Bearer #{build_jwt(user).encoded}" + request.headers['HTTP_AUTHORIZATION'] = token_header + end + + it { is_expected.to have_gitlab_http_status(:not_found) } + end + + context 'when user is not found' do + before do + allow(User).to receive(:find).and_return(nil) + end + + it { is_expected.to have_gitlab_http_status(:unauthorized) } + end + end shared_examples 'not found when disabled' do context 'feature disabled' do @@ -27,14 +96,16 @@ RSpec.describe Groups::DependencyProxyForContainersController do allow_next_instance_of(DependencyProxy::RequestTokenService) do |instance| allow(instance).to receive(:execute).and_return(token_response) end + + request.headers['HTTP_AUTHORIZATION'] = token_header end describe 'GET #manifest' do - let(:manifest) { { foo: 'bar' }.to_json } + let_it_be(:manifest) { create(:dependency_proxy_manifest) } let(:pull_response) { { status: :success, manifest: manifest } } before do - allow_next_instance_of(DependencyProxy::PullManifestService) do |instance| + allow_next_instance_of(DependencyProxy::FindOrCreateManifestService) do |instance| allow(instance).to receive(:execute).and_return(pull_response) end end @@ -46,6 +117,10 @@ RSpec.describe Groups::DependencyProxyForContainersController do enable_dependency_proxy end + it_behaves_like 'without a token' + it_behaves_like 'without permission' + it_behaves_like 'feature flag disabled with private group' + context 'remote token request fails' do let(:token_response) do { @@ -80,11 +155,17 @@ RSpec.describe Groups::DependencyProxyForContainersController do end end - it 'returns 200 with manifest file' do + it 'sends a file' do + expect(controller).to receive(:send_file).with(manifest.file.path, {}) + + subject + end + + it 'returns Content-Disposition: attachment' do subject expect(response).to have_gitlab_http_status(:ok) - expect(response.body).to eq(manifest) + expect(response.headers['Content-Disposition']).to match(/^attachment/) end end @@ -96,7 +177,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do end describe 'GET #blob' do - let(:blob) { create(:dependency_proxy_blob) } + let_it_be(:blob) { create(:dependency_proxy_blob) } let(:blob_sha) { blob.file_name.sub('.gz', '') } let(:blob_response) { { status: :success, blob: blob } } @@ -113,6 +194,10 @@ RSpec.describe Groups::DependencyProxyForContainersController do enable_dependency_proxy end + it_behaves_like 'without a token' + it_behaves_like 'without permission' + it_behaves_like 'feature flag disabled with private group' + context 'remote blob request fails' do let(:blob_response) do { diff --git a/spec/controllers/groups/milestones_controller_spec.rb b/spec/controllers/groups/milestones_controller_spec.rb index 2c85fe482e2..05e93da18e7 100644 --- a/spec/controllers/groups/milestones_controller_spec.rb +++ b/spec/controllers/groups/milestones_controller_spec.rb @@ -177,7 +177,7 @@ RSpec.describe Groups::MilestonesController do expect(milestones.count).to eq(3) expect(milestones.collect { |m| m['title'] }).to match_array(['same name', 'same name', 'group milestone']) expect(response).to have_gitlab_http_status(:ok) - expect(response.content_type).to eq 'application/json' + expect(response.media_type).to eq 'application/json' end context 'with subgroup milestones' do diff --git a/spec/controllers/groups/releases_controller_spec.rb b/spec/controllers/groups/releases_controller_spec.rb index 0925548f60a..50701382945 100644 --- a/spec/controllers/groups/releases_controller_spec.rb +++ b/spec/controllers/groups/releases_controller_spec.rb @@ -28,7 +28,7 @@ RSpec.describe Groups::ReleasesController do end it 'returns an application/json content_type' do - expect(response.content_type).to eq 'application/json' + expect(response.media_type).to eq 'application/json' end it 'returns OK' do diff --git a/spec/controllers/groups/settings/integrations_controller_spec.rb b/spec/controllers/groups/settings/integrations_controller_spec.rb index beb2ad3afec..3233e814184 100644 --- a/spec/controllers/groups/settings/integrations_controller_spec.rb +++ b/spec/controllers/groups/settings/integrations_controller_spec.rb @@ -3,8 +3,8 @@ require 'spec_helper' RSpec.describe Groups::Settings::IntegrationsController do - let(:user) { create(:user) } - let(:group) { create(:group) } + let_it_be(:user) { create(:user) } + let_it_be(:group) { create(:group) } before do sign_in(user) @@ -24,16 +24,6 @@ RSpec.describe Groups::Settings::IntegrationsController do group.add_owner(user) end - context 'when group_level_integrations not enabled' do - it 'returns not_found' do - stub_feature_flags(group_level_integrations: false) - - get :index, params: { group_id: group } - - expect(response).to have_gitlab_http_status(:not_found) - end - end - it 'successfully displays the template' do get :index, params: { group_id: group } @@ -57,16 +47,6 @@ RSpec.describe Groups::Settings::IntegrationsController do group.add_owner(user) end - context 'when group_level_integrations not enabled' do - it 'returns not_found' do - stub_feature_flags(group_level_integrations: false) - - get :edit, params: { group_id: group, id: Service.available_services_names(include_project_specific: false).sample } - - expect(response).to have_gitlab_http_status(:not_found) - end - end - Service.available_services_names(include_project_specific: false).each do |integration_name| context "#{integration_name}" do it 'successfully displays the template' do @@ -111,4 +91,42 @@ RSpec.describe Groups::Settings::IntegrationsController do end end end + + describe '#reset' do + let_it_be(:integration) { create(:jira_service, group: group, project: nil) } + let_it_be(:inheriting_integration) { create(:jira_service, inherit_from_id: integration.id) } + + subject do + post :reset, params: { group_id: group, id: integration.class.to_param } + end + + context 'when user is not owner' do + it 'renders not_found' do + subject + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'when user is owner' do + before do + group.add_owner(user) + end + + it 'returns 200 OK', :aggregate_failures do + subject + + expected_json = {}.to_json + + expect(flash[:notice]).to eq('This integration, and inheriting projects were reset.') + expect(response).to have_gitlab_http_status(:ok) + expect(response.body).to eq(expected_json) + end + + it 'deletes the integration and all inheriting integrations' do + expect { subject }.to change { JiraService.for_group(group.id).count }.by(-1) + .and change { JiraService.inherit_from_id(integration.id).count }.by(-1) + end + end + end end |