Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/requests/api/internal/base_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/requests/api/internal/base_spec.rb')
-rw-r--r--spec/requests/api/internal/base_spec.rb267
1 files changed, 143 insertions, 124 deletions
diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb
index e04f63befd0..86999c4adaa 100644
--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
@@ -50,41 +50,6 @@ RSpec.describe API::Internal::Base do
end
end
- shared_examples 'actor key validations' do
- context 'key id is not provided' do
- let(:key_id) { nil }
-
- it 'returns an error message' do
- subject
-
- expect(json_response['success']).to be_falsey
- expect(json_response['message']).to eq('Could not find a user without a key')
- end
- end
-
- context 'key does not exist' do
- let(:key_id) { non_existing_record_id }
-
- it 'returns an error message' do
- subject
-
- expect(json_response['success']).to be_falsey
- expect(json_response['message']).to eq('Could not find the given key')
- end
- end
-
- context 'key without user' do
- let(:key_id) { create(:key, user: nil).id }
-
- it 'returns an error message' do
- subject
-
- expect(json_response['success']).to be_falsey
- expect(json_response['message']).to eq('Could not find a user for the given key')
- end
- end
- end
-
describe 'GET /internal/two_factor_recovery_codes' do
let(:key_id) { key.id }
@@ -578,25 +543,51 @@ RSpec.describe API::Internal::Base do
end
context "git pull" do
- before do
- stub_feature_flags(gitaly_mep_mep: true)
+ context "with a feature flag enabled globally" do
+ before do
+ stub_feature_flags(gitaly_mep_mep: true)
+ end
+
+ it "has the correct payload" do
+ pull(key, project)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(json_response["status"]).to be_truthy
+ expect(json_response["gl_repository"]).to eq("project-#{project.id}")
+ expect(json_response["gl_project_path"]).to eq(project.full_path)
+ expect(json_response["gitaly"]).not_to be_nil
+ expect(json_response["gitaly"]["repository"]).not_to be_nil
+ expect(json_response["gitaly"]["repository"]["storage_name"]).to eq(project.repository.gitaly_repository.storage_name)
+ expect(json_response["gitaly"]["repository"]["relative_path"]).to eq(project.repository.gitaly_repository.relative_path)
+ expect(json_response["gitaly"]["address"]).to eq(Gitlab::GitalyClient.address(project.repository_storage))
+ expect(json_response["gitaly"]["token"]).to eq(Gitlab::GitalyClient.token(project.repository_storage))
+ expect(json_response["gitaly"]["features"]).to eq('gitaly-feature-mep-mep' => 'true')
+ expect(user.reload.last_activity_on).to eql(Date.today)
+ end
end
- it "has the correct payload" do
- pull(key, project)
+ context "with a feature flag enabled for a project" do
+ before do
+ stub_feature_flags(gitaly_mep_mep: project)
+ end
- expect(response).to have_gitlab_http_status(:ok)
- expect(json_response["status"]).to be_truthy
- expect(json_response["gl_repository"]).to eq("project-#{project.id}")
- expect(json_response["gl_project_path"]).to eq(project.full_path)
- expect(json_response["gitaly"]).not_to be_nil
- expect(json_response["gitaly"]["repository"]).not_to be_nil
- expect(json_response["gitaly"]["repository"]["storage_name"]).to eq(project.repository.gitaly_repository.storage_name)
- expect(json_response["gitaly"]["repository"]["relative_path"]).to eq(project.repository.gitaly_repository.relative_path)
- expect(json_response["gitaly"]["address"]).to eq(Gitlab::GitalyClient.address(project.repository_storage))
- expect(json_response["gitaly"]["token"]).to eq(Gitlab::GitalyClient.token(project.repository_storage))
- expect(json_response["gitaly"]["features"]).to eq('gitaly-feature-mep-mep' => 'true')
- expect(user.reload.last_activity_on).to eql(Date.today)
+ it "has the flag set to true for that project" do
+ pull(key, project)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(json_response["gl_repository"]).to eq("project-#{project.id}")
+ expect(json_response["gitaly"]["features"]).to eq('gitaly-feature-mep-mep' => 'true')
+ end
+
+ it "has the flag set to false for other projects" do
+ other_project = create(:project, :public, :repository)
+
+ pull(key, other_project)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(json_response["gl_repository"]).to eq("project-#{other_project.id}")
+ expect(json_response["gitaly"]["features"]).to eq('gitaly-feature-mep-mep' => 'false')
+ end
end
end
@@ -1094,6 +1085,104 @@ RSpec.describe API::Internal::Base do
expect(response).to have_gitlab_http_status(:unauthorized)
end
end
+
+ context 'admin mode' do
+ shared_examples 'pushes succeed for ssh and http' do
+ it 'accepts the SSH push' do
+ push(key, project)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ end
+
+ it 'accepts the HTTP push' do
+ push(key, project, 'http')
+
+ expect(response).to have_gitlab_http_status(:ok)
+ end
+ end
+
+ shared_examples 'pushes fail for ssh and http' do
+ it 'rejects the SSH push' do
+ push(key, project)
+
+ expect(response).to have_gitlab_http_status(:not_found)
+ end
+
+ it 'rejects the HTTP push' do
+ push(key, project, 'http')
+
+ expect(response).to have_gitlab_http_status(:not_found)
+ end
+ end
+
+ context 'feature flag :user_mode_in_session is enabled' do
+ context 'with an admin user' do
+ let(:user) { create(:admin) }
+
+ context 'is member of the project' do
+ before do
+ project.add_developer(user)
+ end
+
+ it_behaves_like 'pushes succeed for ssh and http'
+ end
+
+ context 'is not member of the project' do
+ it_behaves_like 'pushes succeed for ssh and http'
+ end
+ end
+
+ context 'with a regular user' do
+ context 'is member of the project' do
+ before do
+ project.add_developer(user)
+ end
+
+ it_behaves_like 'pushes succeed for ssh and http'
+ end
+
+ context 'is not member of the project' do
+ it_behaves_like 'pushes fail for ssh and http'
+ end
+ end
+ end
+
+ context 'feature flag :user_mode_in_session is disabled' do
+ before do
+ stub_feature_flags(user_mode_in_session: false)
+ end
+
+ context 'with an admin user' do
+ let(:user) { create(:admin) }
+
+ context 'is member of the project' do
+ before do
+ project.add_developer(user)
+ end
+
+ it_behaves_like 'pushes succeed for ssh and http'
+ end
+
+ context 'is not member of the project' do
+ it_behaves_like 'pushes succeed for ssh and http'
+ end
+ end
+
+ context 'with a regular user' do
+ context 'is member of the project' do
+ before do
+ project.add_developer(user)
+ end
+
+ it_behaves_like 'pushes succeed for ssh and http'
+ end
+
+ context 'is not member of the project' do
+ it_behaves_like 'pushes fail for ssh and http'
+ end
+ end
+ end
+ end
end
describe 'POST /internal/post_receive', :clean_gitlab_redis_shared_state do
@@ -1308,10 +1397,6 @@ RSpec.describe API::Internal::Base do
let(:key_id) { key.id }
let(:otp) { '123456'}
- before do
- stub_feature_flags(two_factor_for_cli: true)
- end
-
subject do
post api('/internal/two_factor_otp_check'),
params: {
@@ -1321,76 +1406,10 @@ RSpec.describe API::Internal::Base do
}
end
- it_behaves_like 'actor key validations'
-
- context 'when the key is a deploy key' do
- let(:key_id) { create(:deploy_key).id }
-
- it 'returns an error message' do
- subject
-
- expect(json_response['success']).to be_falsey
- expect(json_response['message']).to eq('Deploy keys cannot be used for Two Factor')
- end
- end
-
- context 'when the two factor is enabled' do
- before do
- allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(true)
- end
-
- context 'when the OTP is valid' do
- it 'registers a new OTP session and returns success' do
- allow_any_instance_of(Users::ValidateOtpService).to receive(:execute).with(otp).and_return(status: :success)
-
- expect_next_instance_of(::Gitlab::Auth::Otp::SessionEnforcer) do |session_enforcer|
- expect(session_enforcer).to receive(:update_session).once
- end
-
- subject
-
- expect(json_response['success']).to be_truthy
- end
- end
-
- context 'when the OTP is invalid' do
- it 'is not success' do
- allow_any_instance_of(Users::ValidateOtpService).to receive(:execute).with(otp).and_return(status: :error)
-
- subject
-
- expect(json_response['success']).to be_falsey
- end
- end
- end
-
- context 'when the two factor is disabled' do
- before do
- allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(false)
- end
+ it 'is not available' do
+ subject
- it 'returns an error message' do
- subject
-
- expect(json_response['success']).to be_falsey
- expect(json_response['message']).to eq 'Two-factor authentication is not enabled for this user'
- end
- end
-
- context 'two_factor_for_cli feature is disabled' do
- before do
- stub_feature_flags(two_factor_for_cli: false)
- end
-
- context 'when two-factor is enabled for the user' do
- it 'returns user two factor config' do
- allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(true)
-
- subject
-
- expect(json_response['success']).to be_falsey
- end
- end
+ expect(json_response['success']).to be_falsey
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 10:59:48 +0300