diff options
Diffstat (limited to 'spec/controllers')
32 files changed, 519 insertions, 378 deletions
diff --git a/spec/controllers/admin/application_settings_controller_spec.rb b/spec/controllers/admin/application_settings_controller_spec.rb index 478bd1b7f0a..fb4c0970653 100644 --- a/spec/controllers/admin/application_settings_controller_spec.rb +++ b/spec/controllers/admin/application_settings_controller_spec.rb @@ -62,6 +62,7 @@ RSpec.describe Admin::ApplicationSettingsController, :do_not_mock_admin_mode_set describe 'GET #usage_data' do before do stub_usage_data_connections + stub_database_flavor_check sign_in(admin) end diff --git a/spec/controllers/admin/instance_review_controller_spec.rb b/spec/controllers/admin/instance_review_controller_spec.rb index 898cd30cdca..2169be4e70c 100644 --- a/spec/controllers/admin/instance_review_controller_spec.rb +++ b/spec/controllers/admin/instance_review_controller_spec.rb @@ -22,6 +22,7 @@ RSpec.describe Admin::InstanceReviewController do before do stub_application_setting(usage_ping_enabled: true) stub_usage_data_connections + stub_database_flavor_check ::Gitlab::UsageData.data(force_refresh: true) subject end diff --git a/spec/controllers/admin/runner_projects_controller_spec.rb b/spec/controllers/admin/runner_projects_controller_spec.rb new file mode 100644 index 00000000000..e5f63025cf7 --- /dev/null +++ b/spec/controllers/admin/runner_projects_controller_spec.rb @@ -0,0 +1,59 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Admin::RunnerProjectsController do + let_it_be(:group) { create(:group) } + let_it_be(:project) { create(:project, group: group) } + + before do + sign_in(create(:admin)) + end + + describe '#create' do + let(:project_id) { project.path } + + subject do + post :create, params: { + namespace_id: group.path, + project_id: project_id, + runner_project: { runner_id: project_runner.id } + } + end + + context 'assigning runner to same project' do + let(:project_runner) { create(:ci_runner, :project, projects: [project]) } + + it 'redirects to the admin runner edit page' do + subject + + expect(response).to have_gitlab_http_status(:redirect) + expect(response).to redirect_to edit_admin_runner_url(project_runner) + end + end + + context 'assigning runner to another project' do + let(:project_runner) { create(:ci_runner, :project, projects: [source_project]) } + let(:source_project) { create(:project) } + + it 'redirects to the admin runner edit page' do + subject + + expect(response).to have_gitlab_http_status(:redirect) + expect(response).to redirect_to edit_admin_runner_url(project_runner) + end + end + + context 'for unknown project' do + let_it_be(:project_runner) { create(:ci_runner, :project, projects: [project]) } + + let(:project_id) { 0 } + + it 'shows 404 for unknown project' do + subject + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end +end diff --git a/spec/controllers/admin/runners_controller_spec.rb b/spec/controllers/admin/runners_controller_spec.rb index b9a59e9ae5f..08fb12c375e 100644 --- a/spec/controllers/admin/runners_controller_spec.rb +++ b/spec/controllers/admin/runners_controller_spec.rb @@ -26,6 +26,32 @@ RSpec.describe Admin::RunnersController do render_views let_it_be(:project) { create(:project) } + + before_all do + create(:ci_build, runner: runner, project: project) + end + + it 'shows a runner show page' do + get :show, params: { id: runner.id } + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template(:show) + end + + it 'when runner_read_only_admin_view is off, redirects to the runner edit page' do + stub_feature_flags(runner_read_only_admin_view: false) + + get :show, params: { id: runner.id } + + expect(response).to have_gitlab_http_status(:redirect) + expect(response).to redirect_to edit_admin_runner_path(runner) + end + end + + describe '#edit' do + render_views + + let_it_be(:project) { create(:project) } let_it_be(:project_two) { create(:project) } before_all do @@ -33,29 +59,29 @@ RSpec.describe Admin::RunnersController do create(:ci_build, runner: runner, project: project_two) end - it 'shows a particular runner' do - get :show, params: { id: runner.id } + it 'shows a runner edit page' do + get :edit, params: { id: runner.id } expect(response).to have_gitlab_http_status(:ok) end it 'shows 404 for unknown runner' do - get :show, params: { id: 0 } + get :edit, params: { id: 0 } expect(response).to have_gitlab_http_status(:not_found) end it 'avoids N+1 queries', :request_store do - get :show, params: { id: runner.id } + get :edit, params: { id: runner.id } - control_count = ActiveRecord::QueryRecorder.new { get :show, params: { id: runner.id } }.count + control_count = ActiveRecord::QueryRecorder.new { get :edit, params: { id: runner.id } }.count new_project = create(:project) create(:ci_build, runner: runner, project: new_project) # There is one additional query looking up subject.group in ProjectPolicy for the # needs_new_sso_session permission - expect { get :show, params: { id: runner.id } }.not_to exceed_query_limit(control_count + 1) + expect { get :edit, params: { id: runner.id } }.not_to exceed_query_limit(control_count + 1) expect(response).to have_gitlab_http_status(:ok) end diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb index 3a2b5dcb99d..c52223d4758 100644 --- a/spec/controllers/admin/users_controller_spec.rb +++ b/spec/controllers/admin/users_controller_spec.rb @@ -421,16 +421,37 @@ RSpec.describe Admin::UsersController do end describe 'PUT confirm/:id' do - let(:user) { create(:user, confirmed_at: nil) } + shared_examples_for 'confirms the user' do + it 'confirms the user' do + put :confirm, params: { id: user.username } + user.reload + expect(user.confirmed?).to be_truthy + end + end + + let(:expired_confirmation_sent_at) { Date.today - User.confirm_within - 7.days } + let(:extant_confirmation_sent_at) { Date.today } + + let(:user) do + create(:user, :unconfirmed).tap do |user| + user.update!(confirmation_sent_at: confirmation_sent_at) + end + end before do request.env["HTTP_REFERER"] = "/" end - it 'confirms user' do - put :confirm, params: { id: user.username } - user.reload - expect(user.confirmed?).to be_truthy + context 'when the confirmation period has expired' do + let(:confirmation_sent_at) { expired_confirmation_sent_at } + + it_behaves_like 'confirms the user' + end + + context 'when the confirmation period has not expired' do + let(:confirmation_sent_at) { extant_confirmation_sent_at } + + it_behaves_like 'confirms the user' end end @@ -591,8 +612,8 @@ RSpec.describe Admin::UsersController do end context 'when the new password does not match the password confirmation' do - let(:password) { 'some_password' } - let(:password_confirmation) { 'not_same_as_password' } + let(:password) { Gitlab::Password.test_default } + let(:password_confirmation) { "not" + Gitlab::Password.test_default } it 'shows the edit page again' do update_password(user, password, password_confirmation) diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb index c2eb9d54303..6ccba866ebb 100644 --- a/spec/controllers/autocomplete_controller_spec.rb +++ b/spec/controllers/autocomplete_controller_spec.rb @@ -234,6 +234,18 @@ RSpec.describe AutocompleteController do expect(json_response.first).to have_key('can_merge') end end + + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_email_lookup do + let(:current_user) { user } + + def request + get(:users, params: { search: 'foo@bar.com' }) + end + + before do + sign_in(current_user) + end + end end context 'GET projects' do diff --git a/spec/controllers/concerns/check_rate_limit_spec.rb b/spec/controllers/concerns/check_rate_limit_spec.rb new file mode 100644 index 00000000000..34ececfe639 --- /dev/null +++ b/spec/controllers/concerns/check_rate_limit_spec.rb @@ -0,0 +1,85 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe CheckRateLimit do + let(:key) { :some_key } + let(:scope) { [:some, :scope] } + let(:request) { instance_double('Rack::Request') } + let(:user) { build_stubbed(:user) } + + let(:controller_class) do + Class.new do + include CheckRateLimit + + attr_reader :request, :current_user + + def initialize(request, current_user) + @request = request + @current_user = current_user + end + + def redirect_back_or_default(**args) + end + + def render(**args) + end + end + end + + subject { controller_class.new(request, user) } + + before do + allow(::Gitlab::ApplicationRateLimiter).to receive(:throttled?) + allow(::Gitlab::ApplicationRateLimiter).to receive(:log_request) + end + + describe '#check_rate_limit!' do + it 'calls ApplicationRateLimiter#throttled? with the right arguments' do + expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(key, scope: scope).and_return(false) + expect(subject).not_to receive(:render) + + subject.check_rate_limit!(key, scope: scope) + end + + it 'renders error and logs request if throttled' do + expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(key, scope: scope).and_return(true) + expect(::Gitlab::ApplicationRateLimiter).to receive(:log_request).with(request, "#{key}_request_limit".to_sym, user) + expect(subject).to receive(:render).with({ plain: _('This endpoint has been requested too many times. Try again later.'), status: :too_many_requests }) + + subject.check_rate_limit!(key, scope: scope) + end + + it 'redirects back if throttled and redirect_back option is set to true' do + expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(key, scope: scope).and_return(true) + expect(::Gitlab::ApplicationRateLimiter).to receive(:log_request).with(request, "#{key}_request_limit".to_sym, user) + expect(subject).not_to receive(:render) + expect(subject).to receive(:redirect_back_or_default).with(options: { alert: _('This endpoint has been requested too many times. Try again later.') }) + + subject.check_rate_limit!(key, scope: scope, redirect_back: true) + end + + context 'when the bypass header is set' do + before do + allow(Gitlab::Throttle).to receive(:bypass_header).and_return('SOME_HEADER') + end + + it 'skips rate limit if set to "1"' do + allow(request).to receive(:get_header).with(Gitlab::Throttle.bypass_header).and_return('1') + + expect(::Gitlab::ApplicationRateLimiter).not_to receive(:throttled?) + expect(subject).not_to receive(:render) + + subject.check_rate_limit!(key, scope: scope) + end + + it 'does not skip rate limit if set to something else than "1"' do + allow(request).to receive(:get_header).with(Gitlab::Throttle.bypass_header).and_return('0') + + expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?) + + subject.check_rate_limit!(key, scope: scope) + end + end + end +end diff --git a/spec/controllers/groups/boards_controller_spec.rb b/spec/controllers/groups/boards_controller_spec.rb index ca4931bdc90..6201cddecb0 100644 --- a/spec/controllers/groups/boards_controller_spec.rb +++ b/spec/controllers/groups/boards_controller_spec.rb @@ -16,15 +16,6 @@ RSpec.describe Groups::BoardsController do expect { list_boards }.to change(group.boards, :count).by(1) end - it 'pushes swimlanes_buffered_rendering feature flag' do - allow(controller).to receive(:push_frontend_feature_flag).and_call_original - - expect(controller).to receive(:push_frontend_feature_flag) - .with(:swimlanes_buffered_rendering, group, default_enabled: :yaml) - - list_boards - end - context 'when format is HTML' do it 'renders template' do list_boards @@ -107,15 +98,6 @@ RSpec.describe Groups::BoardsController do describe 'GET show' do let!(:board) { create(:board, group: group) } - it 'pushes swimlanes_buffered_rendering feature flag' do - allow(controller).to receive(:push_frontend_feature_flag).and_call_original - - expect(controller).to receive(:push_frontend_feature_flag) - .with(:swimlanes_buffered_rendering, group, default_enabled: :yaml) - - read_board board: board - end - context 'when format is HTML' do it 'renders template' do expect { read_board board: board }.to change(BoardGroupRecentVisit, :count).by(1) diff --git a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb index 0f262d93d4c..f438be534fa 100644 --- a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb +++ b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb @@ -178,10 +178,6 @@ RSpec.describe Groups::DependencyProxyForContainersController do subject { get_manifest(tag) } context 'feature enabled' do - before do - enable_dependency_proxy - end - it_behaves_like 'without a token' it_behaves_like 'without permission' it_behaves_like 'feature flag disabled with private group' @@ -270,7 +266,6 @@ RSpec.describe Groups::DependencyProxyForContainersController do let_it_be_with_reload(:group) { create(:group, parent: parent_group) } before do - parent_group.create_dependency_proxy_setting!(enabled: true) group_deploy_token.update_column(:group_id, parent_group.id) end @@ -294,10 +289,6 @@ RSpec.describe Groups::DependencyProxyForContainersController do subject { get_blob } context 'feature enabled' do - before do - enable_dependency_proxy - end - it_behaves_like 'without a token' it_behaves_like 'without permission' it_behaves_like 'feature flag disabled with private group' @@ -341,81 +332,12 @@ RSpec.describe Groups::DependencyProxyForContainersController do let_it_be_with_reload(:group) { create(:group, parent: parent_group) } before do - parent_group.create_dependency_proxy_setting!(enabled: true) group_deploy_token.update_column(:group_id, parent_group.id) end it_behaves_like 'a successful blob pull' end end - - context 'when dependency_proxy_workhorse disabled' do - let(:blob_response) { { status: :success, blob: blob, from_cache: false } } - - before do - stub_feature_flags(dependency_proxy_workhorse: false) - - allow_next_instance_of(DependencyProxy::FindOrCreateBlobService) do |instance| - allow(instance).to receive(:execute).and_return(blob_response) - end - end - - context 'remote blob request fails' do - let(:blob_response) do - { - status: :error, - http_status: 400, - message: '' - } - end - - before do - group.add_guest(user) - end - - it 'proxies status from the remote blob request', :aggregate_failures do - subject - - expect(response).to have_gitlab_http_status(:bad_request) - expect(response.body).to be_empty - end - end - - context 'a valid user' do - before do - group.add_guest(user) - end - - it_behaves_like 'a successful blob pull' - it_behaves_like 'a package tracking event', described_class.name, 'pull_blob' - - context 'with a cache entry' do - let(:blob_response) { { status: :success, blob: blob, from_cache: true } } - - it_behaves_like 'returning response status', :success - it_behaves_like 'a package tracking event', described_class.name, 'pull_blob_from_cache' - end - end - - context 'a valid deploy token' do - let_it_be(:user) { create(:deploy_token, :group, :dependency_proxy_scopes) } - let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) } - - it_behaves_like 'a successful blob pull' - - context 'pulling from a subgroup' do - let_it_be_with_reload(:parent_group) { create(:group) } - let_it_be_with_reload(:group) { create(:group, parent: parent_group) } - - before do - parent_group.create_dependency_proxy_setting!(enabled: true) - group_deploy_token.update_column(:group_id, parent_group.id) - end - - it_behaves_like 'a successful blob pull' - end - end - end end it_behaves_like 'not found when disabled' @@ -542,10 +464,6 @@ RSpec.describe Groups::DependencyProxyForContainersController do end end - def enable_dependency_proxy - group.create_dependency_proxy_setting!(enabled: true) - end - def disable_dependency_proxy group.create_dependency_proxy_setting!(enabled: false) end diff --git a/spec/controllers/groups/packages_controller_spec.rb b/spec/controllers/groups/packages_controller_spec.rb new file mode 100644 index 00000000000..fc9b79da47c --- /dev/null +++ b/spec/controllers/groups/packages_controller_spec.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Groups::PackagesController do + let_it_be(:group) { create(:group) } + + let(:page) { :index } + let(:additional_parameters) { {} } + + subject do + get page, params: additional_parameters.merge({ + group_id: group + }) + end + + context 'GET #index' do + it_behaves_like 'returning response status', :ok + end + + context 'GET #show' do + let(:page) { :show } + let(:additional_parameters) { { id: 1 } } + + it_behaves_like 'returning response status', :ok + end +end diff --git a/spec/controllers/import/gitlab_controller_spec.rb b/spec/controllers/import/gitlab_controller_spec.rb index 826625ba9c3..117c934ad5d 100644 --- a/spec/controllers/import/gitlab_controller_spec.rb +++ b/spec/controllers/import/gitlab_controller_spec.rb @@ -30,18 +30,27 @@ RSpec.describe Import::GitlabController do expect(session[:gitlab_access_token]).to eq(token) expect(controller).to redirect_to(status_import_gitlab_url) end + + it "importable_repos should return an array" do + allow_next_instance_of(Gitlab::GitlabImport::Client) do |instance| + allow(instance).to receive(:projects).and_return([{ "id": 1 }].to_enum) + end + + expect(controller.send(:importable_repos)).to be_an_instance_of(Array) + end end describe "GET status" do + let(:repo_fake) { Struct.new(:id, :path, :path_with_namespace, :web_url, keyword_init: true) } + let(:repo) { repo_fake.new(id: 1, path: 'vim', path_with_namespace: 'asd/vim', web_url: 'https://gitlab.com/asd/vim') } + before do - @repo = OpenStruct.new(id: 1, path: 'vim', path_with_namespace: 'asd/vim', web_url: 'https://gitlab.com/asd/vim') assign_session_token end it_behaves_like 'import controller status' do - let(:repo) { @repo } - let(:repo_id) { @repo.id } - let(:import_source) { @repo.path_with_namespace } + let(:repo_id) { repo.id } + let(:import_source) { repo.path_with_namespace } let(:provider_name) { 'gitlab' } let(:client_repos_field) { :projects } end diff --git a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb index ecff173b8ac..29678706bba 100644 --- a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb +++ b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb @@ -58,7 +58,7 @@ RSpec.describe Ldap::OmniauthCallbacksController do end context 'sign up' do - let(:user) { double(email: +'new@example.com') } + let(:user) { create(:user) } before do stub_omniauth_setting(block_auto_created_users: false) diff --git a/spec/controllers/oauth/token_info_controller_spec.rb b/spec/controllers/oauth/token_info_controller_spec.rb index 6d01a534673..b66fff4d4e9 100644 --- a/spec/controllers/oauth/token_info_controller_spec.rb +++ b/spec/controllers/oauth/token_info_controller_spec.rb @@ -5,11 +5,11 @@ require 'spec_helper' RSpec.describe Oauth::TokenInfoController do describe '#show' do context 'when the user is not authenticated' do - it 'responds with a 400' do + it 'responds with a 401' do get :show - expect(response).to have_gitlab_http_status(:bad_request) - expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request') + expect(response).to have_gitlab_http_status(:unauthorized) + expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_token') end end @@ -36,11 +36,11 @@ RSpec.describe Oauth::TokenInfoController do end context 'when the doorkeeper_token is not recognised' do - it 'responds with a 400' do + it 'responds with a 401' do get :show, params: { access_token: 'unknown_token' } - expect(response).to have_gitlab_http_status(:bad_request) - expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request') + expect(response).to have_gitlab_http_status(:unauthorized) + expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_token') end end @@ -49,22 +49,22 @@ RSpec.describe Oauth::TokenInfoController do create(:oauth_access_token, created_at: 2.days.ago, expires_in: 10.minutes) end - it 'responds with a 400' do + it 'responds with a 401' do get :show, params: { access_token: access_token.token } - expect(response).to have_gitlab_http_status(:bad_request) - expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request') + expect(response).to have_gitlab_http_status(:unauthorized) + expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_token') end end context 'when the token is revoked' do let(:access_token) { create(:oauth_access_token, revoked_at: 2.days.ago) } - it 'responds with a 400' do + it 'responds with a 401' do get :show, params: { access_token: access_token.token } - expect(response).to have_gitlab_http_status(:bad_request) - expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request') + expect(response).to have_gitlab_http_status(:unauthorized) + expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_token') end end end diff --git a/spec/controllers/profiles/emails_controller_spec.rb b/spec/controllers/profiles/emails_controller_spec.rb index 214a893f0fa..e41ae406d13 100644 --- a/spec/controllers/profiles/emails_controller_spec.rb +++ b/spec/controllers/profiles/emails_controller_spec.rb @@ -49,7 +49,7 @@ RSpec.describe Profiles::EmailsController do end context 'when email address is invalid' do - let(:email) { 'invalid.@example.com' } + let(:email) { 'invalid@@example.com' } it 'does not send an email confirmation' do expect { subject }.not_to change { ActionMailer::Base.deliveries.size } diff --git a/spec/controllers/profiles_controller_spec.rb b/spec/controllers/profiles_controller_spec.rb index 9a1f8a8442d..6e7cc058fbc 100644 --- a/spec/controllers/profiles_controller_spec.rb +++ b/spec/controllers/profiles_controller_spec.rb @@ -153,9 +153,12 @@ RSpec.describe ProfilesController, :request_store do let(:gitlab_shell) { Gitlab::Shell.new } let(:new_username) { generate(:username) } - it 'allows username change' do + before do sign_in(user) + allow(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).and_return(false) + end + it 'allows username change' do put :update_username, params: { user: { username: new_username } } @@ -166,8 +169,6 @@ RSpec.describe ProfilesController, :request_store do end it 'updates a username using JSON request' do - sign_in(user) - put :update_username, params: { user: { username: new_username } @@ -179,8 +180,6 @@ RSpec.describe ProfilesController, :request_store do end it 'renders an error message when the username was not updated' do - sign_in(user) - put :update_username, params: { user: { username: 'invalid username.git' } @@ -192,8 +191,6 @@ RSpec.describe ProfilesController, :request_store do end it 'raises a correct error when the username is missing' do - sign_in(user) - expect { put :update_username, params: { user: { gandalf: 'you shall not pass' } } } .to raise_error(ActionController::ParameterMissing) end @@ -202,8 +199,6 @@ RSpec.describe ProfilesController, :request_store do it 'moves dependent projects to new namespace' do project = create(:project_empty_repo, :legacy_storage, namespace: namespace) - sign_in(user) - put :update_username, params: { user: { username: new_username } } @@ -220,8 +215,6 @@ RSpec.describe ProfilesController, :request_store do before_disk_path = project.disk_path - sign_in(user) - put :update_username, params: { user: { username: new_username } } @@ -232,5 +225,18 @@ RSpec.describe ProfilesController, :request_store do expect(before_disk_path).to eq(project.disk_path) end end + + context 'when the rate limit is reached' do + it 'does not update the username and returns status 429 Too Many Requests' do + expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(:profile_update_username, scope: user).and_return(true) + + expect do + put :update_username, + params: { user: { username: new_username } } + end.not_to change { user.reload.username } + + expect(response).to have_gitlab_http_status(:too_many_requests) + end + end end end diff --git a/spec/controllers/projects/boards_controller_spec.rb b/spec/controllers/projects/boards_controller_spec.rb index 48a12a27911..cde3a8d4761 100644 --- a/spec/controllers/projects/boards_controller_spec.rb +++ b/spec/controllers/projects/boards_controller_spec.rb @@ -22,15 +22,6 @@ RSpec.describe Projects::BoardsController do expect(assigns(:boards_endpoint)).to eq project_boards_path(project) end - it 'pushes swimlanes_buffered_rendering feature flag' do - allow(controller).to receive(:push_frontend_feature_flag).and_call_original - - expect(controller).to receive(:push_frontend_feature_flag) - .with(:swimlanes_buffered_rendering, project, default_enabled: :yaml) - - list_boards - end - context 'when format is HTML' do it 'renders template' do list_boards @@ -125,15 +116,6 @@ RSpec.describe Projects::BoardsController do describe 'GET show' do let!(:board) { create(:board, project: project) } - it 'pushes swimlanes_buffered_rendering feature flag' do - allow(controller).to receive(:push_frontend_feature_flag).and_call_original - - expect(controller).to receive(:push_frontend_feature_flag) - .with(:swimlanes_buffered_rendering, project, default_enabled: :yaml) - - read_board board: board - end - it 'sets boards_endpoint instance variable to a boards path' do read_board board: board diff --git a/spec/controllers/projects/mattermosts_controller_spec.rb b/spec/controllers/projects/mattermosts_controller_spec.rb index edec8c3e9c6..596cd5c1a20 100644 --- a/spec/controllers/projects/mattermosts_controller_spec.rb +++ b/spec/controllers/projects/mattermosts_controller_spec.rb @@ -60,9 +60,9 @@ RSpec.describe Projects::MattermostsController do it 'redirects to the new page' do subject - service = project.integrations.last + integration = project.integrations.last - expect(subject).to redirect_to(edit_project_service_url(project, service)) + expect(subject).to redirect_to(edit_project_integration_path(project, integration)) end end end diff --git a/spec/controllers/projects/merge_requests/diffs_controller_spec.rb b/spec/controllers/projects/merge_requests/diffs_controller_spec.rb index f7370a1a1ac..a5c59b7e22d 100644 --- a/spec/controllers/projects/merge_requests/diffs_controller_spec.rb +++ b/spec/controllers/projects/merge_requests/diffs_controller_spec.rb @@ -205,7 +205,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do let(:collection) { Gitlab::Diff::FileCollection::MergeRequestDiff } let(:expected_options) do { - environment: nil, merge_request: merge_request, merge_request_diff: merge_request.merge_request_diff, merge_request_diffs: merge_request.merge_request_diffs, @@ -280,7 +279,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do let(:collection) { Gitlab::Diff::FileCollection::MergeRequestDiff } let(:expected_options) do { - environment: nil, merge_request: merge_request, merge_request_diff: merge_request.merge_request_diff, merge_request_diffs: merge_request.merge_request_diffs, @@ -303,7 +301,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do let(:collection) { Gitlab::Diff::FileCollection::Commit } let(:expected_options) do { - environment: nil, merge_request: merge_request, merge_request_diff: nil, merge_request_diffs: merge_request.merge_request_diffs, @@ -330,7 +327,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do let(:collection) { Gitlab::Diff::FileCollection::MergeRequestDiff } let(:expected_options) do { - environment: nil, merge_request: merge_request, merge_request_diff: merge_request.merge_request_diff, merge_request_diffs: merge_request.merge_request_diffs, @@ -494,7 +490,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do def collection_arguments(pagination_data = {}) { - environment: nil, merge_request: merge_request, commit: nil, diff_view: :inline, diff --git a/spec/controllers/projects/notes_controller_spec.rb b/spec/controllers/projects/notes_controller_spec.rb index 66af546b113..2df31904380 100644 --- a/spec/controllers/projects/notes_controller_spec.rb +++ b/spec/controllers/projects/notes_controller_spec.rb @@ -762,9 +762,12 @@ RSpec.describe Projects::NotesController do end end - it_behaves_like 'request exceeding rate limit', :clean_gitlab_redis_cache do - let(:params) { request_params.except(:format) } - let(:request_full_path) { project_notes_path(project) } + it_behaves_like 'create notes request exceeding rate limit', :clean_gitlab_redis_cache do + let(:current_user) { user } + + def request + post :create, params: request_params.except(:format) + end end end diff --git a/spec/controllers/projects/packages/infrastructure_registry_controller_spec.rb b/spec/controllers/projects/packages/infrastructure_registry_controller_spec.rb index fc741d0f3f6..707edeaeee3 100644 --- a/spec/controllers/projects/packages/infrastructure_registry_controller_spec.rb +++ b/spec/controllers/projects/packages/infrastructure_registry_controller_spec.rb @@ -41,5 +41,29 @@ RSpec.describe Projects::Packages::InfrastructureRegistryController do it_behaves_like 'returning response status', :not_found end + + context 'with package file pending destruction' do + let_it_be(:package_file_pending_destruction) { create(:package_file, :pending_destruction, package: terraform_module) } + + let(:terraform_module_package_file) { terraform_module.package_files.first } + + it 'does not return them' do + subject + + expect(assigns(:package_files)).to contain_exactly(terraform_module_package_file) + end + + context 'with packages_installable_package_files disabled' do + before do + stub_feature_flags(packages_installable_package_files: false) + end + + it 'returns them' do + subject + + expect(assigns(:package_files)).to contain_exactly(package_file_pending_destruction, terraform_module_package_file) + end + end + end end end diff --git a/spec/controllers/projects/packages/packages_controller_spec.rb b/spec/controllers/projects/packages/packages_controller_spec.rb new file mode 100644 index 00000000000..da9cae47c62 --- /dev/null +++ b/spec/controllers/projects/packages/packages_controller_spec.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Projects::Packages::PackagesController do + let_it_be(:project) { create(:project, :public) } + + let(:page) { :index } + let(:additional_parameters) { {} } + + subject do + get page, params: additional_parameters.merge({ + project_id: project, + namespace_id: project.namespace + }) + end + + context 'GET #index' do + it_behaves_like 'returning response status', :ok + end + + context 'GET #show' do + let(:page) { :show } + let(:additional_parameters) { { id: 1 } } + + it_behaves_like 'returning response status', :ok + end +end diff --git a/spec/controllers/projects/prometheus/metrics_controller_spec.rb b/spec/controllers/projects/prometheus/metrics_controller_spec.rb index 5338b77bd08..7dfa283195e 100644 --- a/spec/controllers/projects/prometheus/metrics_controller_spec.rb +++ b/spec/controllers/projects/prometheus/metrics_controller_spec.rb @@ -141,7 +141,7 @@ RSpec.describe Projects::Prometheus::MetricsController do expect(flash[:notice]).to include('Metric was successfully added.') - expect(response).to redirect_to(edit_project_service_path(project, ::Integrations::Prometheus)) + expect(response).to redirect_to(edit_project_integration_path(project, ::Integrations::Prometheus)) end end @@ -157,6 +157,22 @@ RSpec.describe Projects::Prometheus::MetricsController do end end + describe 'PUT #update' do + context 'metric is updated' do + let_it_be(:metric) { create(:prometheus_metric, project: project) } + + let(:metric_params) { { prometheus_metric: { title: 'new_title' }, id: metric.id } } + + it 'shows a success flash message' do + put :update, params: project_params(metric_params) + + expect(metric.reload.title).to eq('new_title') + expect(flash[:notice]).to include('Metric was successfully updated.') + expect(response).to redirect_to(edit_project_integration_path(project, ::Integrations::Prometheus)) + end + end + end + describe 'DELETE #destroy' do context 'format html' do let!(:metric) { create(:prometheus_metric, project: project) } @@ -164,7 +180,7 @@ RSpec.describe Projects::Prometheus::MetricsController do it 'destroys the metric' do delete :destroy, params: project_params(id: metric.id) - expect(response).to redirect_to(edit_project_service_path(project, ::Integrations::Prometheus)) + expect(response).to redirect_to(edit_project_integration_path(project, ::Integrations::Prometheus)) expect(PrometheusMetric.find_by(id: metric.id)).to be_nil end end diff --git a/spec/controllers/projects/raw_controller_spec.rb b/spec/controllers/projects/raw_controller_spec.rb index 4d99afb6b1f..e0d88fa799f 100644 --- a/spec/controllers/projects/raw_controller_spec.rb +++ b/spec/controllers/projects/raw_controller_spec.rb @@ -8,6 +8,7 @@ RSpec.describe Projects::RawController do let_it_be(:project) { create(:project, :public, :repository) } let(:inline) { nil } + let(:params) { {} } describe 'GET #show' do def get_show @@ -15,9 +16,9 @@ RSpec.describe Projects::RawController do params: { namespace_id: project.namespace, project_id: project, - id: filepath, + id: file_path, inline: inline - }) + }.merge(params)) end subject { get_show } @@ -33,7 +34,7 @@ RSpec.describe Projects::RawController do end context 'regular filename' do - let(:filepath) { 'master/CONTRIBUTING.md' } + let(:file_path) { 'master/CONTRIBUTING.md' } it 'delivers ASCII file' do allow(Gitlab::Workhorse).to receive(:send_git_blob).and_call_original @@ -60,7 +61,7 @@ RSpec.describe Projects::RawController do end context 'image header' do - let(:filepath) { 'master/files/images/6049019_460s.jpg' } + let(:file_path) { 'master/files/images/6049019_460s.jpg' } it 'leaves image content disposition' do subject @@ -77,44 +78,30 @@ RSpec.describe Projects::RawController do context 'with LFS files' do let(:filename) { 'lfs_object.iso' } - let(:filepath) { "be93687/files/lfs/#{filename}" } + let(:file_path) { "be93687/files/lfs/#{filename}" } it_behaves_like 'a controller that can serve LFS files' it_behaves_like 'project cache control headers' include_examples 'single Gitaly request' end - context 'when the endpoint receives requests above the limit', :clean_gitlab_redis_rate_limiting do + context 'when the endpoint receives requests above the limit' do let(:file_path) { 'master/README.md' } + let(:path_without_ref) { 'README.md' } before do - stub_application_setting(raw_blob_request_limit: 5) + allow(::Gitlab::ApplicationRateLimiter).to( + receive(:throttled?).with(:raw_blob, scope: [project, path_without_ref]).and_return(true) + ) end - it 'prevents from accessing the raw file', :request_store do - execute_raw_requests(requests: 5, project: project, file_path: file_path) - - expect { execute_raw_requests(requests: 1, project: project, file_path: file_path) } - .to change { Gitlab::GitalyClient.get_request_count }.by(0) + it 'prevents from accessing the raw file' do + expect { get_show }.not_to change { Gitlab::GitalyClient.get_request_count } expect(response.body).to eq(_('You cannot access the raw file. Please wait a minute.')) expect(response).to have_gitlab_http_status(:too_many_requests) end - it 'logs the event on auth.log', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/345889' do - attributes = { - message: 'Application_Rate_Limiter_Request', - env: :raw_blob_request_limit, - remote_ip: '0.0.0.0', - request_method: 'GET', - path: "/#{project.full_path}/-/raw/#{file_path}" - } - - expect(Gitlab::AuthLogger).to receive(:error).with(attributes).once - - execute_raw_requests(requests: 6, project: project, file_path: file_path) - end - context 'when receiving an external storage request' do let(:token) { 'letmein' } @@ -126,62 +113,10 @@ RSpec.describe Projects::RawController do end it 'does not prevent from accessing the raw file' do - request.headers['X-Gitlab-External-Storage-Token'] = token - execute_raw_requests(requests: 6, project: project, file_path: file_path) - - expect(response).to have_gitlab_http_status(:ok) - end - end - - context 'when the request uses a different version of a commit' do - it 'prevents from accessing the raw file' do - # 3 times with the normal sha - commit_sha = project.repository.commit.sha - file_path = "#{commit_sha}/README.md" - - execute_raw_requests(requests: 3, project: project, file_path: file_path) - - # 3 times with the modified version - modified_sha = commit_sha.gsub(commit_sha[0..5], commit_sha[0..5].upcase) - modified_path = "#{modified_sha}/README.md" - - execute_raw_requests(requests: 3, project: project, file_path: modified_path) - - expect(response.body).to eq(_('You cannot access the raw file. Please wait a minute.')) - expect(response).to have_gitlab_http_status(:too_many_requests) - end - end - - context 'when the throttling has been disabled' do - before do - stub_application_setting(raw_blob_request_limit: 0) - end - - it 'does not prevent from accessing the raw file' do - execute_raw_requests(requests: 10, project: project, file_path: file_path) - - expect(response).to have_gitlab_http_status(:ok) - end - end - - context 'with case-sensitive files' do - it 'prevents from accessing the specific file' do - create_file_in_repo(project, 'master', 'master', 'readme.md', 'Add readme.md') - create_file_in_repo(project, 'master', 'master', 'README.md', 'Add README.md') - - commit_sha = project.repository.commit.sha - file_path = "#{commit_sha}/readme.md" - - # Accessing downcase version of readme - execute_raw_requests(requests: 6, project: project, file_path: file_path) - - expect(response.body).to eq(_('You cannot access the raw file. Please wait a minute.')) - expect(response).to have_gitlab_http_status(:too_many_requests) + expect(::Gitlab::ApplicationRateLimiter).not_to receive(:throttled?) - # Accessing upcase version of readme - file_path = "#{commit_sha}/README.md" - - execute_raw_requests(requests: 1, project: project, file_path: file_path) + request.headers['X-Gitlab-External-Storage-Token'] = token + get_show expect(response).to have_gitlab_http_status(:ok) end @@ -201,7 +136,7 @@ RSpec.describe Projects::RawController do context 'when no token is provided' do it 'redirects to sign in page' do - execute_raw_requests(requests: 1, project: project, file_path: file_path) + get_show expect(response).to have_gitlab_http_status(:found) expect(response.location).to end_with('/users/sign_in') @@ -209,13 +144,11 @@ RSpec.describe Projects::RawController do end context 'when a token param is present' do - subject(:execute_raw_request_with_token_in_params) do - execute_raw_requests(requests: 1, project: project, file_path: file_path, token: token) - end - context 'when token is correct' do + let(:params) { { token: token } } + it 'calls the action normally' do - execute_raw_request_with_token_in_params + get_show expect(response).to have_gitlab_http_status(:ok) end @@ -224,7 +157,7 @@ RSpec.describe Projects::RawController do let_it_be(:user) { create(:user, password_expires_at: 2.minutes.ago) } it 'redirects to sign in page' do - execute_raw_request_with_token_in_params + get_show expect(response).to have_gitlab_http_status(:found) expect(response.location).to end_with('/users/sign_in') @@ -236,7 +169,7 @@ RSpec.describe Projects::RawController do let_it_be(:user) { create(:omniauth_user, provider: 'ldap', password_expires_at: 2.minutes.ago) } it 'calls the action normally' do - execute_raw_request_with_token_in_params + get_show expect(response).to have_gitlab_http_status(:ok) end @@ -245,10 +178,10 @@ RSpec.describe Projects::RawController do end context 'when token is incorrect' do - let(:token) { 'foobar' } + let(:params) { { token: 'foobar' } } it 'redirects to sign in page' do - execute_raw_request_with_token_in_params + get_show expect(response).to have_gitlab_http_status(:found) expect(response.location).to end_with('/users/sign_in') @@ -257,14 +190,13 @@ RSpec.describe Projects::RawController do end context 'when a token header is present' do - subject(:execute_raw_request_with_token_in_headers) do + before do request.headers['X-Gitlab-Static-Object-Token'] = token - execute_raw_requests(requests: 1, project: project, file_path: file_path) end context 'when token is correct' do it 'calls the action normally' do - execute_raw_request_with_token_in_headers + get_show expect(response).to have_gitlab_http_status(:ok) end @@ -273,7 +205,7 @@ RSpec.describe Projects::RawController do let_it_be(:user) { create(:user, password_expires_at: 2.minutes.ago) } it 'redirects to sign in page' do - execute_raw_request_with_token_in_headers + get_show expect(response).to have_gitlab_http_status(:found) expect(response.location).to end_with('/users/sign_in') @@ -285,7 +217,7 @@ RSpec.describe Projects::RawController do let_it_be(:user) { create(:omniauth_user, provider: 'ldap', password_expires_at: 2.minutes.ago) } it 'calls the action normally' do - execute_raw_request_with_token_in_headers + get_show expect(response).to have_gitlab_http_status(:ok) end @@ -297,7 +229,7 @@ RSpec.describe Projects::RawController do let(:token) { 'foobar' } it 'redirects to sign in page' do - execute_raw_request_with_token_in_headers + get_show expect(response).to have_gitlab_http_status(:found) expect(response.location).to end_with('/users/sign_in') @@ -344,14 +276,4 @@ RSpec.describe Projects::RawController do end end end - - def execute_raw_requests(requests:, project:, file_path:, **params) - requests.times do - get :show, params: { - namespace_id: project.namespace, - project_id: project, - id: file_path - }.merge(params) - end - end end diff --git a/spec/controllers/projects/repositories_controller_spec.rb b/spec/controllers/projects/repositories_controller_spec.rb index f7cf55d8a95..1370ec9cc0b 100644 --- a/spec/controllers/projects/repositories_controller_spec.rb +++ b/spec/controllers/projects/repositories_controller_spec.rb @@ -210,6 +210,25 @@ RSpec.describe Projects::RepositoriesController do expect(response).to have_gitlab_http_status(:found) end end + + context 'when token is migrated' do + let(:user) { create(:user, static_object_token: '') } + let(:token) { 'Test' } + + it 'calls the action normally' do + user.update_column(:static_object_token, token) + + get :archive, params: { namespace_id: project.namespace, project_id: project, id: 'master', token: token }, format: 'zip' + expect(user.static_object_token).to eq(token) + expect(response).to have_gitlab_http_status(:ok) + + user.update_column(:static_object_token_encrypted, Gitlab::CryptoHelper.aes256_gcm_encrypt(token)) + + get :archive, params: { namespace_id: project.namespace, project_id: project, id: 'master', token: token }, format: 'zip' + expect(user.static_object_token).to eq(token) + expect(response).to have_gitlab_http_status(:ok) + end + end end context 'when a token header is present' do diff --git a/spec/controllers/projects/security/configuration_controller_spec.rb b/spec/controllers/projects/security/configuration_controller_spec.rb index 848db16fb02..1ce0fcd85db 100644 --- a/spec/controllers/projects/security/configuration_controller_spec.rb +++ b/spec/controllers/projects/security/configuration_controller_spec.rb @@ -36,6 +36,31 @@ RSpec.describe Projects::Security::ConfigurationController do expect(response).to have_gitlab_http_status(:ok) expect(response).to render_template(:show) end + + it 'responds with configuration data json' do + get :show, params: { namespace_id: project.namespace, project_id: project, format: :json } + + features = json_response['features'] + sast_feature = features.find { |feature| feature['type'] == 'sast' } + dast_feature = features.find { |feature| feature['type'] == 'dast' } + + expect(response).to have_gitlab_http_status(:ok) + expect(sast_feature['available']).to be_truthy + expect(dast_feature['available']).to be_falsey + end + + context 'with feature flag unify_security_configuration turned off' do + before do + stub_feature_flags(unify_security_configuration: false) + end + + it 'responds with empty configuration data json' do + get :show, params: { namespace_id: project.namespace, project_id: project, format: :json } + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response).to be_empty + end + end end end end diff --git a/spec/controllers/projects/service_hook_logs_controller_spec.rb b/spec/controllers/projects/service_hook_logs_controller_spec.rb index 9caa4a06b44..be78668aa88 100644 --- a/spec/controllers/projects/service_hook_logs_controller_spec.rb +++ b/spec/controllers/projects/service_hook_logs_controller_spec.rb @@ -11,7 +11,7 @@ RSpec.describe Projects::ServiceHookLogsController do { namespace_id: project.namespace, project_id: project, - service_id: integration.to_param, + integration_id: integration.to_param, id: log.id } end @@ -44,7 +44,7 @@ RSpec.describe Projects::ServiceHookLogsController do it 'executes the hook and redirects to the service form' do expect_any_instance_of(ServiceHook).to receive(:execute) expect_any_instance_of(described_class).to receive(:set_hook_execution_notice) - expect(subject).to redirect_to(edit_project_service_path(project, integration)) + expect(subject).to redirect_to(edit_project_integration_path(project, integration)) end it 'renders a 404 if the hook does not exist' do diff --git a/spec/controllers/projects/services_controller_spec.rb b/spec/controllers/projects/services_controller_spec.rb index 29988da6e60..f3c7b501faa 100644 --- a/spec/controllers/projects/services_controller_spec.rb +++ b/spec/controllers/projects/services_controller_spec.rb @@ -183,7 +183,7 @@ RSpec.describe Projects::ServicesController do let(:params) { project_params(service: integration_params) } let(:message) { 'Jira settings saved and active.' } - let(:redirect_url) { edit_project_service_path(project, integration) } + let(:redirect_url) { edit_project_integration_path(project, integration) } before do stub_jira_integration_test @@ -341,7 +341,7 @@ RSpec.describe Projects::ServicesController do it 'redirects user back to edit page with alert' do put :update, params: project_params.merge(service: integration_params) - expect(response).to redirect_to(edit_project_service_path(project, integration)) + expect(response).to redirect_to(edit_project_integration_path(project, integration)) expected_alert = [ "You can now manage your Prometheus settings on the", %(<a href="#{project_settings_operations_path(project)}">Operations</a> page.), diff --git a/spec/controllers/projects/settings/access_tokens_controller_spec.rb b/spec/controllers/projects/settings/access_tokens_controller_spec.rb deleted file mode 100644 index 834a9e276f9..00000000000 --- a/spec/controllers/projects/settings/access_tokens_controller_spec.rb +++ /dev/null @@ -1,82 +0,0 @@ -# frozen_string_literal: true - -require('spec_helper') - -RSpec.describe Projects::Settings::AccessTokensController do - let_it_be(:user) { create(:user) } - let_it_be(:group) { create(:group) } - let_it_be(:project) { create(:project, group: group) } - let_it_be(:bot_user) { create(:user, :project_bot) } - - before_all do - project.add_maintainer(user) - project.add_maintainer(bot_user) - end - - before do - sign_in(user) - end - - shared_examples 'feature unavailable' do - context 'user is not a maintainer' do - before do - project.add_developer(user) - end - - it { is_expected.to have_gitlab_http_status(:not_found) } - end - end - - describe '#index' do - subject { get :index, params: { namespace_id: project.namespace, project_id: project } } - - it_behaves_like 'feature unavailable' - it_behaves_like 'project access tokens available #index' - end - - describe '#create' do - let(:access_token_params) { { name: 'Nerd bot', scopes: ["api"], expires_at: Date.today + 1.month } } - - subject { post :create, params: { namespace_id: project.namespace, project_id: project }.merge(project_access_token: access_token_params) } - - it_behaves_like 'feature unavailable' - it_behaves_like 'project access tokens available #create' - - context 'when project access token creation is disabled' do - before do - group.namespace_settings.update_column(:resource_access_token_creation_allowed, false) - end - - it { is_expected.to have_gitlab_http_status(:not_found) } - - it 'does not create the token' do - expect { subject }.not_to change { PersonalAccessToken.count } - end - - it 'does not add the project bot as a member' do - expect { subject }.not_to change { Member.count } - end - - it 'does not create the project bot user' do - expect { subject }.not_to change { User.count } - end - end - - context 'with custom access level' do - let(:access_token_params) { { name: 'Nerd bot', scopes: ["api"], expires_at: Date.today + 1.month, access_level: 20 } } - - subject { post :create, params: { namespace_id: project.namespace, project_id: project }.merge(project_access_token: access_token_params) } - - it_behaves_like 'project access tokens available #create' - end - end - - describe '#revoke', :sidekiq_inline do - let(:project_access_token) { create(:personal_access_token, user: bot_user) } - - subject { put :revoke, params: { namespace_id: project.namespace, project_id: project, id: project_access_token } } - - it_behaves_like 'feature unavailable' - it_behaves_like 'project access tokens available #revoke' - end -end diff --git a/spec/controllers/projects/settings/ci_cd_controller_spec.rb b/spec/controllers/projects/settings/ci_cd_controller_spec.rb index d50f1aa1dd8..7e96e99640a 100644 --- a/spec/controllers/projects/settings/ci_cd_controller_spec.rb +++ b/spec/controllers/projects/settings/ci_cd_controller_spec.rb @@ -25,6 +25,19 @@ RSpec.describe Projects::Settings::CiCdController do expect(response).to render_template(:show) end + context 'when the FF ci_owned_runners_cross_joins_fix is disabled' do + before do + stub_feature_flags(ci_owned_runners_cross_joins_fix: false) + end + + it 'renders show with 200 status code' do + get :show, params: { namespace_id: project.namespace, project_id: project } + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template(:show) + end + end + context 'with CI/CD disabled' do before do project.project_feature.update_attribute(:builds_access_level, ProjectFeature::DISABLED) diff --git a/spec/controllers/registrations_controller_spec.rb b/spec/controllers/registrations_controller_spec.rb index 3f7941b3456..d5fe32ac094 100644 --- a/spec/controllers/registrations_controller_spec.rb +++ b/spec/controllers/registrations_controller_spec.rb @@ -20,6 +20,10 @@ RSpec.describe RegistrationsController do end describe '#create' do + before do + allow(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).and_return(false) + end + let_it_be(:base_user_params) do { first_name: 'first', last_name: 'last', username: 'new_username', email: 'new@user.com', password: 'Any_password' } end @@ -410,6 +414,18 @@ RSpec.describe RegistrationsController do end end + context 'when the rate limit has been reached' do + it 'returns status 429 Too Many Requests', :aggregate_failures do + ip = '1.2.3.4' + expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(:user_sign_up, scope: ip).and_return(true) + + controller.request.env['REMOTE_ADDR'] = ip + post(:create, params: user_params, session: session_params) + + expect(response).to have_gitlab_http_status(:too_many_requests) + end + end + it "logs a 'User Created' message" do expect(Gitlab::AppLogger).to receive(:info).with(/\AUser Created: username=new_username email=new@user.com.+\z/).and_call_original @@ -483,7 +499,7 @@ RSpec.describe RegistrationsController do end it 'succeeds if password is confirmed' do - post :destroy, params: { password: '12345678' } + post :destroy, params: { password: Gitlab::Password.test_default } expect_success end @@ -524,7 +540,7 @@ RSpec.describe RegistrationsController do end it 'fails' do - delete :destroy, params: { password: '12345678' } + delete :destroy, params: { password: Gitlab::Password.test_default } expect_failure(s_('Profiles|You must transfer ownership or delete groups you are an owner of before you can delete your account')) end diff --git a/spec/controllers/search_controller_spec.rb b/spec/controllers/search_controller_spec.rb index a54f16ec237..58d34a5e5c1 100644 --- a/spec/controllers/search_controller_spec.rb +++ b/spec/controllers/search_controller_spec.rb @@ -290,6 +290,14 @@ RSpec.describe SearchController do expect(assigns[:search_objects].count).to eq(0) end end + + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_email_lookup do + let(:current_user) { user } + + def request + get(:show, params: { search: 'foo@bar.com', scope: 'users' }) + end + end end describe 'GET #count', :aggregate_failures do @@ -346,6 +354,14 @@ RSpec.describe SearchController do expect(response).to have_gitlab_http_status(:ok) expect(json_response).to eq({ 'count' => '0' }) end + + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_email_lookup do + let(:current_user) { user } + + def request + get(:count, params: { search: 'foo@bar.com', scope: 'users' }) + end + end end describe 'GET #autocomplete' do @@ -358,6 +374,14 @@ RSpec.describe SearchController do expect(response).to have_gitlab_http_status(:ok) expect(json_response).to match_array([]) end + + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_email_lookup do + let(:current_user) { user } + + def request + get(:autocomplete, params: { term: 'foo@bar.com', scope: 'users' }) + end + end end describe '#append_info_to_payload' do @@ -372,9 +396,10 @@ RSpec.describe SearchController do expect(payload[:metadata]['meta.search.force_search_results']).to eq('true') expect(payload[:metadata]['meta.search.filters.confidential']).to eq('true') expect(payload[:metadata]['meta.search.filters.state']).to eq('true') + expect(payload[:metadata]['meta.search.project_ids']).to eq(%w(456 789)) end - get :show, params: { scope: 'issues', search: 'hello world', group_id: '123', project_id: '456', confidential: true, state: true, force_search_results: true } + get :show, params: { scope: 'issues', search: 'hello world', group_id: '123', project_id: '456', project_ids: %w(456 789), confidential: true, state: true, force_search_results: true } end it 'appends the default scope in meta.search.scope' do diff --git a/spec/controllers/snippets/notes_controller_spec.rb b/spec/controllers/snippets/notes_controller_spec.rb index 558e68fbb8f..8e85e283b31 100644 --- a/spec/controllers/snippets/notes_controller_spec.rb +++ b/spec/controllers/snippets/notes_controller_spec.rb @@ -142,9 +142,12 @@ RSpec.describe Snippets::NotesController do expect { post :create, params: request_params }.to change { Note.count }.by(1) end - it_behaves_like 'request exceeding rate limit', :clean_gitlab_redis_cache do - let(:params) { request_params } - let(:request_full_path) { snippet_notes_path(public_snippet) } + it_behaves_like 'create notes request exceeding rate limit', :clean_gitlab_redis_cache do + let(:current_user) { user } + + def request + post :create, params: request_params + end end end @@ -170,9 +173,12 @@ RSpec.describe Snippets::NotesController do expect { post :create, params: request_params }.to change { Note.count }.by(1) end - it_behaves_like 'request exceeding rate limit', :clean_gitlab_redis_cache do - let(:params) { request_params } - let(:request_full_path) { snippet_notes_path(internal_snippet) } + it_behaves_like 'create notes request exceeding rate limit', :clean_gitlab_redis_cache do + let(:current_user) { user } + + def request + post :create, params: request_params + end end end @@ -239,10 +245,12 @@ RSpec.describe Snippets::NotesController do expect { post :create, params: request_params }.to change { Note.count }.by(1) end - it_behaves_like 'request exceeding rate limit', :clean_gitlab_redis_cache do - let(:params) { request_params } - let(:request_full_path) { snippet_notes_path(private_snippet) } - let(:user) { private_snippet.author } + it_behaves_like 'create notes request exceeding rate limit', :clean_gitlab_redis_cache do + let(:current_user) { private_snippet.author } + + def request + post :create, params: request_params + end end end end |