diff options
Diffstat (limited to 'spec/requests/api/npm_project_packages_spec.rb')
| -rw-r--r-- | spec/requests/api/npm_project_packages_spec.rb | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/spec/requests/api/npm_project_packages_spec.rb b/spec/requests/api/npm_project_packages_spec.rb index 1421f20ac28..7ea238c0607 100644 --- a/spec/requests/api/npm_project_packages_spec.rb +++ b/spec/requests/api/npm_project_packages_spec.rb @@ -6,25 +6,25 @@ RSpec.describe API::NpmProjectPackages do include_context 'npm api setup' describe 'GET /api/v4/projects/:id/packages/npm/*package_name' do - it_behaves_like 'handling get metadata requests' do + it_behaves_like 'handling get metadata requests', scope: :project do let(:url) { api("/projects/#{project.id}/packages/npm/#{package_name}") } end end describe 'GET /api/v4/projects/:id/packages/npm/-/package/*package_name/dist-tags' do - it_behaves_like 'handling get dist tags requests' do + it_behaves_like 'handling get dist tags requests', scope: :project do let(:url) { api("/projects/#{project.id}/packages/npm/-/package/#{package_name}/dist-tags") } end end describe 'PUT /api/v4/projects/:id/packages/npm/-/package/*package_name/dist-tags/:tag' do - it_behaves_like 'handling create dist tag requests' do + it_behaves_like 'handling create dist tag requests', scope: :project do let(:url) { api("/projects/#{project.id}/packages/npm/-/package/#{package_name}/dist-tags/#{tag_name}") } end end describe 'DELETE /api/v4/projects/:id/packages/npm/-/package/*package_name/dist-tags/:tag' do - it_behaves_like 'handling delete dist tag requests' do + it_behaves_like 'handling delete dist tag requests', scope: :project do let(:url) { api("/projects/#{project.id}/packages/npm/-/package/#{package_name}/dist-tags/#{tag_name}") } end end @@ -32,10 +32,14 @@ RSpec.describe API::NpmProjectPackages do describe 'GET /api/v4/projects/:id/packages/npm/*package_name/-/*file_name' do let_it_be(:package_file) { package.package_files.first } - let(:params) { {} } - let(:url) { api("/projects/#{project.id}/packages/npm/#{package_file.package.name}/-/#{package_file.file_name}") } + let(:headers) { {} } + let(:url) { api("/projects/#{project.id}/packages/npm/#{package.name}/-/#{package_file.file_name}") } - subject { get(url, params: params) } + subject { get(url, headers: headers) } + + before do + project.add_developer(user) + end shared_examples 'a package file that requires auth' do it 'denies download with no token' do @@ -45,7 +49,7 @@ RSpec.describe API::NpmProjectPackages do end context 'with access token' do - let(:params) { { access_token: token.token } } + let(:headers) { build_token_auth_header(token.token) } it 'returns the file' do subject @@ -56,7 +60,7 @@ RSpec.describe API::NpmProjectPackages do end context 'with job token' do - let(:params) { { job_token: job.token } } + let(:headers) { build_token_auth_header(job.token) } it 'returns the file' do subject @@ -86,7 +90,7 @@ RSpec.describe API::NpmProjectPackages do it_behaves_like 'a package file that requires auth' context 'with guest' do - let(:params) { { access_token: token.token } } + let(:headers) { build_token_auth_header(token.token) } it 'denies download when not enough permissions' do project.add_guest(user) @@ -108,7 +112,11 @@ RSpec.describe API::NpmProjectPackages do end describe 'PUT /api/v4/projects/:id/packages/npm/:package_name' do - RSpec.shared_examples 'handling invalid record with 400 error' do + before do + project.add_developer(user) + end + + shared_examples 'handling invalid record with 400 error' do it 'handles an ActiveRecord::RecordInvalid exception with 400 error' do expect { upload_package_with_token(package_name, params) } .not_to change { project.packages.count } @@ -261,7 +269,9 @@ RSpec.describe API::NpmProjectPackages do end def upload_package(package_name, params = {}) - put api("/projects/#{project.id}/packages/npm/#{package_name.sub('/', '%2f')}"), params: params + token = params.delete(:access_token) || params.delete(:job_token) + headers = build_token_auth_header(token) + put api("/projects/#{project.id}/packages/npm/#{package_name.sub('/', '%2f')}"), params: params, headers: headers end def upload_package_with_token(package_name, params = {}) |