diff options
Diffstat (limited to 'spec/lib/gitlab/middleware/compressed_json_spec.rb')
-rw-r--r-- | spec/lib/gitlab/middleware/compressed_json_spec.rb | 113 |
1 files changed, 100 insertions, 13 deletions
diff --git a/spec/lib/gitlab/middleware/compressed_json_spec.rb b/spec/lib/gitlab/middleware/compressed_json_spec.rb index 6d49ab58d5d..1444e6a9881 100644 --- a/spec/lib/gitlab/middleware/compressed_json_spec.rb +++ b/spec/lib/gitlab/middleware/compressed_json_spec.rb @@ -9,6 +9,7 @@ RSpec.describe Gitlab::Middleware::CompressedJson do let(:app) { double(:app) } let(:middleware) { described_class.new(app) } let(:content_type) { 'application/json' } + let(:relative_url_root) { '/gitlab' } let(:env) do { 'HTTP_CONTENT_ENCODING' => 'gzip', @@ -31,6 +32,43 @@ RSpec.describe Gitlab::Middleware::CompressedJson do end end + shared_examples 'passes input' do + it 'keeps the original input' do + expect(app).to receive(:call) + + middleware.call(env) + + expect(env['rack.input'].read).to eq(input) + expect(env['HTTP_CONTENT_ENCODING']).to eq('gzip') + end + end + + shared_context 'with relative url' do + before do + stub_config_setting(relative_url_root: relative_url_root) + end + end + + shared_examples 'handles non integer project ID' do + context 'with a URL-encoded project ID' do + let_it_be(:project_id) { 'gitlab-org%2fgitlab' } + + it_behaves_like 'decompress middleware' + end + + context 'with a non URL-encoded project ID' do + let_it_be(:project_id) { '1/repository/files/api/v4' } + + it_behaves_like 'passes input' + end + + context 'with a blank project ID' do + let_it_be(:project_id) { '' } + + it_behaves_like 'passes input' + end + end + describe '#call' do context 'with collector route' do let(:path) { '/api/v4/error_tracking/collector/1/store' } @@ -42,31 +80,80 @@ RSpec.describe Gitlab::Middleware::CompressedJson do it_behaves_like 'decompress middleware' end + + include_context 'with relative url' do + let(:path) { "#{relative_url_root}/api/v4/error_tracking/collector/1/store" } + + it_behaves_like 'decompress middleware' + end end - context 'with collector route under relative url' do - let(:path) { '/gitlab/api/v4/error_tracking/collector/1/store' } + context 'with packages route' do + context 'with instance level endpoint' do + context 'with npm advisory bulk url' do + let(:path) { '/api/v4/packages/npm/-/npm/v1/security/advisories/bulk' } + + it_behaves_like 'decompress middleware' + + include_context 'with relative url' do + let(:path) { "#{relative_url_root}/api/v4/packages/npm/-/npm/v1/security/advisories/bulk" } + + it_behaves_like 'decompress middleware' + end + end + + context 'with npm quick audit url' do + let(:path) { '/api/v4/packages/npm/-/npm/v1/security/audits/quick' } - before do - stub_config_setting(relative_url_root: '/gitlab') + it_behaves_like 'decompress middleware' + + include_context 'with relative url' do + let(:path) { "#{relative_url_root}/api/v4/packages/npm/-/npm/v1/security/audits/quick" } + + it_behaves_like 'decompress middleware' + end + end end - it_behaves_like 'decompress middleware' - end + context 'with project level endpoint' do + let_it_be(:project_id) { 1 } - context 'with some other route' do - let(:path) { '/api/projects/123' } + context 'with npm advisory bulk url' do + let(:path) { "/api/v4/projects/#{project_id}/packages/npm/-/npm/v1/security/advisories/bulk" } - it 'keeps the original input' do - expect(app).to receive(:call) + it_behaves_like 'decompress middleware' - middleware.call(env) + include_context 'with relative url' do + let(:path) { "#{relative_url_root}/api/v4/projects/#{project_id}/packages/npm/-/npm/v1/security/advisories/bulk" } # rubocop disable Layout/LineLength - expect(env['rack.input'].read).to eq(input) - expect(env['HTTP_CONTENT_ENCODING']).to eq('gzip') + it_behaves_like 'decompress middleware' + end + + it_behaves_like 'handles non integer project ID' + end + + context 'with npm quick audit url' do + let(:path) { "/api/v4/projects/#{project_id}/packages/npm/-/npm/v1/security/audits/quick" } + + it_behaves_like 'decompress middleware' + + include_context 'with relative url' do + let(:path) { "#{relative_url_root}/api/v4/projects/#{project_id}/packages/npm/-/npm/v1/security/audits/quick" } # rubocop disable Layout/LineLength + + it_behaves_like 'decompress middleware' + end + + it_behaves_like 'handles non integer project ID' + end end end + context 'with some other route' do + let(:path) { '/api/projects/123' } + + it_behaves_like 'passes input' + end + context 'payload is too large' do let(:body_limit) { Gitlab::Middleware::CompressedJson::MAXIMUM_BODY_SIZE } let(:decompressed_input) { 'a' * (body_limit + 100) } |