diff options
Diffstat (limited to 'spec/models')
-rw-r--r-- | spec/models/active_session_spec.rb | 2 | ||||
-rw-r--r-- | spec/models/concerns/token_authenticatable_spec.rb | 4 | ||||
-rw-r--r-- | spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb | 8 | ||||
-rw-r--r-- | spec/models/packages/composer/cache_file_spec.rb | 32 | ||||
-rw-r--r-- | spec/models/packages/composer/metadatum_spec.rb | 16 | ||||
-rw-r--r-- | spec/models/token_with_iv_spec.rb | 29 |
6 files changed, 86 insertions, 5 deletions
diff --git a/spec/models/active_session_spec.rb b/spec/models/active_session_spec.rb index f0bae3f29c0..51435cc4342 100644 --- a/spec/models/active_session_spec.rb +++ b/spec/models/active_session_spec.rb @@ -358,7 +358,7 @@ RSpec.describe ActiveSession, :clean_gitlab_redis_shared_state do it 'calls .destroy_sessions' do expect(ActiveSession).to( receive(:destroy_sessions) - .with(anything, user, [active_session.public_id, rack_session.public_id, rack_session.private_id])) + .with(anything, user, [encrypted_active_session_id, rack_session.public_id, rack_session.private_id])) subject end diff --git a/spec/models/concerns/token_authenticatable_spec.rb b/spec/models/concerns/token_authenticatable_spec.rb index d8b77e1cd0d..2df76684d71 100644 --- a/spec/models/concerns/token_authenticatable_spec.rb +++ b/spec/models/concerns/token_authenticatable_spec.rb @@ -54,7 +54,7 @@ RSpec.describe ApplicationSetting, 'TokenAuthenticatable' do it 'persists new token as an encrypted string' do expect(subject).to eq settings.reload.runners_registration_token expect(settings.read_attribute('runners_registration_token_encrypted')) - .to eq Gitlab::CryptoHelper.aes256_gcm_encrypt(subject) + .to eq Gitlab::CryptoHelper.aes256_gcm_encrypt(subject, nonce: Gitlab::CryptoHelper::AES256_GCM_IV_STATIC) expect(settings).to be_persisted end @@ -243,7 +243,7 @@ RSpec.describe Ci::Build, 'TokenAuthenticatable' do it 'persists new token as an encrypted string' do build.ensure_token! - encrypted = Gitlab::CryptoHelper.aes256_gcm_encrypt(build.token) + encrypted = Gitlab::CryptoHelper.aes256_gcm_encrypt(build.token, nonce: Gitlab::CryptoHelper::AES256_GCM_IV_STATIC) expect(build.read_attribute('token_encrypted')).to eq encrypted end diff --git a/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb b/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb index f6b8cf7def4..1e1cd97e410 100644 --- a/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb +++ b/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb @@ -68,6 +68,10 @@ RSpec.describe TokenAuthenticatableStrategies::Encrypted do context 'when using optional strategy' do let(:options) { { encrypted: :optional } } + before do + stub_feature_flags(dynamic_nonce_creation: false) + end + it 'returns decrypted token when an encrypted token is present' do allow(instance).to receive(:read_attribute) .with('some_field_encrypted') @@ -124,7 +128,7 @@ RSpec.describe TokenAuthenticatableStrategies::Encrypted do it 'writes encrypted token and removes plaintext token and returns it' do expect(instance).to receive(:[]=) - .with('some_field_encrypted', encrypted) + .with('some_field_encrypted', any_args) expect(instance).to receive(:[]=) .with('some_field', nil) @@ -137,7 +141,7 @@ RSpec.describe TokenAuthenticatableStrategies::Encrypted do it 'writes encrypted token and writes plaintext token' do expect(instance).to receive(:[]=) - .with('some_field_encrypted', encrypted) + .with('some_field_encrypted', any_args) expect(instance).to receive(:[]=) .with('some_field', 'my-value') diff --git a/spec/models/packages/composer/cache_file_spec.rb b/spec/models/packages/composer/cache_file_spec.rb new file mode 100644 index 00000000000..ef9818f0930 --- /dev/null +++ b/spec/models/packages/composer/cache_file_spec.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true +require 'spec_helper' + +RSpec.describe Packages::Composer::CacheFile, type: :model do + describe 'relationships' do + it { is_expected.to belong_to(:group) } + it { is_expected.to belong_to(:namespace) } + end + + describe 'validations' do + it { is_expected.to validate_presence_of(:namespace) } + end + + describe 'scopes' do + let_it_be(:group1) { create(:group) } + let_it_be(:group2) { create(:group) } + let_it_be(:cache_file1) { create(:composer_cache_file, file_sha256: '123456', group: group1) } + let_it_be(:cache_file2) { create(:composer_cache_file, file_sha256: '456778', group: group2) } + + describe '.with_namespace' do + subject { described_class.with_namespace(group1) } + + it { is_expected.to eq [cache_file1] } + end + + describe '.with_sha' do + subject { described_class.with_sha('123456') } + + it { is_expected.to eq [cache_file1] } + end + end +end diff --git a/spec/models/packages/composer/metadatum_spec.rb b/spec/models/packages/composer/metadatum_spec.rb index ae53532696b..1c888f1563c 100644 --- a/spec/models/packages/composer/metadatum_spec.rb +++ b/spec/models/packages/composer/metadatum_spec.rb @@ -11,4 +11,20 @@ RSpec.describe Packages::Composer::Metadatum, type: :model do it { is_expected.to validate_presence_of(:target_sha) } it { is_expected.to validate_presence_of(:composer_json) } end + + describe 'scopes' do + let_it_be(:package_name) { 'sample-project' } + let_it_be(:json) { { 'name' => package_name } } + let_it_be(:group) { create(:group) } + let_it_be(:project) { create(:project, :custom_repo, files: { 'composer.json' => json.to_json }, group: group) } + let_it_be(:package1) { create(:composer_package, :with_metadatum, project: project, name: package_name, version: '1.0.0', json: json) } + let_it_be(:package2) { create(:composer_package, :with_metadatum, project: project, name: 'other-name', version: '1.0.0', json: json) } + let_it_be(:package3) { create(:pypi_package, name: package_name, project: project) } + + describe '.for_package' do + subject { described_class.for_package(package_name, project.id) } + + it { is_expected.to eq [package1.composer_metadatum] } + end + end end diff --git a/spec/models/token_with_iv_spec.rb b/spec/models/token_with_iv_spec.rb new file mode 100644 index 00000000000..8dbccc19217 --- /dev/null +++ b/spec/models/token_with_iv_spec.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe TokenWithIv do + describe 'validations' do + it { is_expected.to validate_presence_of :hashed_token } + it { is_expected.to validate_presence_of :iv } + it { is_expected.to validate_presence_of :hashed_plaintext_token } + end + + describe '.find_by_hashed_token' do + it 'only includes matching record' do + matching_record = create(:token_with_iv, hashed_token: ::Digest::SHA256.digest('hashed-token')) + create(:token_with_iv) + + expect(described_class.find_by_hashed_token('hashed-token')).to eq(matching_record) + end + end + + describe '.find_by_plaintext_token' do + it 'only includes matching record' do + matching_record = create(:token_with_iv, hashed_plaintext_token: ::Digest::SHA256.digest('hashed-token')) + create(:token_with_iv) + + expect(described_class.find_by_plaintext_token('hashed-token')).to eq(matching_record) + end + end +end |