diff options
Diffstat (limited to 'spec/requests/api')
23 files changed, 0 insertions, 4708 deletions
diff --git a/spec/requests/api/api_helpers_spec.rb b/spec/requests/api/api_helpers_spec.rb deleted file mode 100644 index 20cb30a39bb..00000000000 --- a/spec/requests/api/api_helpers_spec.rb +++ /dev/null @@ -1,173 +0,0 @@ -require 'spec_helper' - -describe API, api: true do - include API::APIHelpers - include ApiHelpers - let(:user) { create(:user) } - let(:admin) { create(:admin) } - let(:key) { create(:key, user: user) } - - let(:params) { {} } - let(:env) { {} } - - def set_env(token_usr, identifier) - clear_env - clear_param - env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = token_usr.private_token - env[API::APIHelpers::SUDO_HEADER] = identifier - end - - def set_param(token_usr, identifier) - clear_env - clear_param - params[API::APIHelpers::PRIVATE_TOKEN_PARAM] = token_usr.private_token - params[API::APIHelpers::SUDO_PARAM] = identifier - end - - def clear_env - env.delete(API::APIHelpers::PRIVATE_TOKEN_HEADER) - env.delete(API::APIHelpers::SUDO_HEADER) - end - - def clear_param - params.delete(API::APIHelpers::PRIVATE_TOKEN_PARAM) - params.delete(API::APIHelpers::SUDO_PARAM) - end - - def error!(message, status) - raise Exception - end - - describe ".current_user" do - it "should return nil for an invalid token" do - env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = 'invalid token' - allow_any_instance_of(self.class).to receive(:doorkeeper_guard){ false } - expect(current_user).to be_nil - end - - it "should return nil for a user without access" do - env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = user.private_token - Gitlab::UserAccess.stub(allowed?: false) - expect(current_user).to be_nil - end - - it "should leave user as is when sudo not specified" do - env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = user.private_token - expect(current_user).to eq(user) - clear_env - params[API::APIHelpers::PRIVATE_TOKEN_PARAM] = user.private_token - expect(current_user).to eq(user) - end - - it "should change current user to sudo when admin" do - set_env(admin, user.id) - expect(current_user).to eq(user) - set_param(admin, user.id) - expect(current_user).to eq(user) - set_env(admin, user.username) - expect(current_user).to eq(user) - set_param(admin, user.username) - expect(current_user).to eq(user) - end - - it "should throw an error when the current user is not an admin and attempting to sudo" do - set_env(user, admin.id) - expect { current_user }.to raise_error - set_param(user, admin.id) - expect { current_user }.to raise_error - set_env(user, admin.username) - expect { current_user }.to raise_error - set_param(user, admin.username) - expect { current_user }.to raise_error - end - - it "should throw an error when the user cannot be found for a given id" do - id = user.id + admin.id - expect(user.id).not_to eq(id) - expect(admin.id).not_to eq(id) - set_env(admin, id) - expect { current_user }.to raise_error - - set_param(admin, id) - expect { current_user }.to raise_error - end - - it "should throw an error when the user cannot be found for a given username" do - username = "#{user.username}#{admin.username}" - expect(user.username).not_to eq(username) - expect(admin.username).not_to eq(username) - set_env(admin, username) - expect { current_user }.to raise_error - - set_param(admin, username) - expect { current_user }.to raise_error - end - - it "should handle sudo's to oneself" do - set_env(admin, admin.id) - expect(current_user).to eq(admin) - set_param(admin, admin.id) - expect(current_user).to eq(admin) - set_env(admin, admin.username) - expect(current_user).to eq(admin) - set_param(admin, admin.username) - expect(current_user).to eq(admin) - end - - it "should handle multiple sudo's to oneself" do - set_env(admin, user.id) - expect(current_user).to eq(user) - expect(current_user).to eq(user) - set_env(admin, user.username) - expect(current_user).to eq(user) - expect(current_user).to eq(user) - - set_param(admin, user.id) - expect(current_user).to eq(user) - expect(current_user).to eq(user) - set_param(admin, user.username) - expect(current_user).to eq(user) - expect(current_user).to eq(user) - end - - it "should handle multiple sudo's to oneself using string ids" do - set_env(admin, user.id.to_s) - expect(current_user).to eq(user) - expect(current_user).to eq(user) - - set_param(admin, user.id.to_s) - expect(current_user).to eq(user) - expect(current_user).to eq(user) - end - end - - describe '.sudo_identifier' do - it "should return integers when input is an int" do - set_env(admin, '123') - expect(sudo_identifier).to eq(123) - set_env(admin, '0001234567890') - expect(sudo_identifier).to eq(1234567890) - - set_param(admin, '123') - expect(sudo_identifier).to eq(123) - set_param(admin, '0001234567890') - expect(sudo_identifier).to eq(1234567890) - end - - it "should return string when input is an is not an int" do - set_env(admin, '12.30') - expect(sudo_identifier).to eq("12.30") - set_env(admin, 'hello') - expect(sudo_identifier).to eq('hello') - set_env(admin, ' 123') - expect(sudo_identifier).to eq(' 123') - - set_param(admin, '12.30') - expect(sudo_identifier).to eq("12.30") - set_param(admin, 'hello') - expect(sudo_identifier).to eq('hello') - set_param(admin, ' 123') - expect(sudo_identifier).to eq(' 123') - end - end -end diff --git a/spec/requests/api/branches_spec.rb b/spec/requests/api/branches_spec.rb deleted file mode 100644 index f40d68b75a4..00000000000 --- a/spec/requests/api/branches_spec.rb +++ /dev/null @@ -1,170 +0,0 @@ -require 'spec_helper' -require 'mime/types' - -describe API::API, api: true do - include ApiHelpers - - let(:user) { create(:user) } - let(:user2) { create(:user) } - let!(:project) { create(:project, creator_id: user.id) } - let!(:master) { create(:project_member, user: user, project: project, access_level: ProjectMember::MASTER) } - let!(:guest) { create(:project_member, user: user2, project: project, access_level: ProjectMember::GUEST) } - let!(:branch_name) { 'feature' } - let!(:branch_sha) { '0b4bc9a49b562e85de7cc9e834518ea6828729b9' } - - describe "GET /projects/:id/repository/branches" do - it "should return an array of project branches" do - get api("/projects/#{project.id}/repository/branches", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq(project.repository.branch_names.first) - end - end - - describe "GET /projects/:id/repository/branches/:branch" do - it "should return the branch information for a single branch" do - get api("/projects/#{project.id}/repository/branches/#{branch_name}", user) - expect(response.status).to eq(200) - - expect(json_response['name']).to eq(branch_name) - expect(json_response['commit']['id']).to eq(branch_sha) - expect(json_response['protected']).to eq(false) - end - - it "should return a 403 error if guest" do - get api("/projects/#{project.id}/repository/branches", user2) - expect(response.status).to eq(403) - end - - it "should return a 404 error if branch is not available" do - get api("/projects/#{project.id}/repository/branches/unknown", user) - expect(response.status).to eq(404) - end - end - - describe "PUT /projects/:id/repository/branches/:branch/protect" do - it "should protect a single branch" do - put api("/projects/#{project.id}/repository/branches/#{branch_name}/protect", user) - expect(response.status).to eq(200) - - expect(json_response['name']).to eq(branch_name) - expect(json_response['commit']['id']).to eq(branch_sha) - expect(json_response['protected']).to eq(true) - end - - it "should return a 404 error if branch not found" do - put api("/projects/#{project.id}/repository/branches/unknown/protect", user) - expect(response.status).to eq(404) - end - - it "should return a 403 error if guest" do - put api("/projects/#{project.id}/repository/branches/#{branch_name}/protect", user2) - expect(response.status).to eq(403) - end - - it "should return success when protect branch again" do - put api("/projects/#{project.id}/repository/branches/#{branch_name}/protect", user) - put api("/projects/#{project.id}/repository/branches/#{branch_name}/protect", user) - expect(response.status).to eq(200) - end - end - - describe "PUT /projects/:id/repository/branches/:branch/unprotect" do - it "should unprotect a single branch" do - put api("/projects/#{project.id}/repository/branches/#{branch_name}/unprotect", user) - expect(response.status).to eq(200) - - expect(json_response['name']).to eq(branch_name) - expect(json_response['commit']['id']).to eq(branch_sha) - expect(json_response['protected']).to eq(false) - end - - it "should return success when unprotect branch" do - put api("/projects/#{project.id}/repository/branches/unknown/unprotect", user) - expect(response.status).to eq(404) - end - - it "should return success when unprotect branch again" do - put api("/projects/#{project.id}/repository/branches/#{branch_name}/unprotect", user) - put api("/projects/#{project.id}/repository/branches/#{branch_name}/unprotect", user) - expect(response.status).to eq(200) - end - end - - describe "POST /projects/:id/repository/branches" do - it "should create a new branch" do - post api("/projects/#{project.id}/repository/branches", user), - branch_name: 'feature1', - ref: branch_sha - - expect(response.status).to eq(201) - - expect(json_response['name']).to eq('feature1') - expect(json_response['commit']['id']).to eq(branch_sha) - end - - it "should deny for user without push access" do - post api("/projects/#{project.id}/repository/branches", user2), - branch_name: branch_name, - ref: branch_sha - expect(response.status).to eq(403) - end - - it 'should return 400 if branch name is invalid' do - post api("/projects/#{project.id}/repository/branches", user), - branch_name: 'new design', - ref: branch_sha - expect(response.status).to eq(400) - expect(json_response['message']).to eq('Branch name invalid') - end - - it 'should return 400 if branch already exists' do - post api("/projects/#{project.id}/repository/branches", user), - branch_name: 'new_design1', - ref: branch_sha - expect(response.status).to eq(201) - - post api("/projects/#{project.id}/repository/branches", user), - branch_name: 'new_design1', - ref: branch_sha - expect(response.status).to eq(400) - expect(json_response['message']).to eq('Branch already exists') - end - - it 'should return 400 if ref name is invalid' do - post api("/projects/#{project.id}/repository/branches", user), - branch_name: 'new_design3', - ref: 'foo' - expect(response.status).to eq(400) - expect(json_response['message']).to eq('Invalid reference name') - end - end - - describe "DELETE /projects/:id/repository/branches/:branch" do - before { Repository.any_instance.stub(rm_branch: true) } - - it "should remove branch" do - delete api("/projects/#{project.id}/repository/branches/#{branch_name}", user) - expect(response.status).to eq(200) - expect(json_response['branch_name']).to eq(branch_name) - end - - it 'should return 404 if branch not exists' do - delete api("/projects/#{project.id}/repository/branches/foobar", user) - expect(response.status).to eq(404) - end - - it "should remove protected branch" do - project.protected_branches.create(name: branch_name) - delete api("/projects/#{project.id}/repository/branches/#{branch_name}", user) - expect(response.status).to eq(405) - expect(json_response['message']).to eq('Protected branch cant be removed') - end - - it "should not remove HEAD branch" do - delete api("/projects/#{project.id}/repository/branches/master", user) - expect(response.status).to eq(405) - expect(json_response['message']).to eq('Cannot remove HEAD branch') - end - end -end diff --git a/spec/requests/api/commits_spec.rb b/spec/requests/api/commits_spec.rb deleted file mode 100644 index 9ea60e1a4ad..00000000000 --- a/spec/requests/api/commits_spec.rb +++ /dev/null @@ -1,149 +0,0 @@ -require 'spec_helper' -require 'mime/types' - -describe API::API, api: true do - include ApiHelpers - let(:user) { create(:user) } - let(:user2) { create(:user) } - let!(:project) { create(:project, creator_id: user.id) } - let!(:master) { create(:project_member, user: user, project: project, access_level: ProjectMember::MASTER) } - let!(:guest) { create(:project_member, user: user2, project: project, access_level: ProjectMember::GUEST) } - let!(:note) { create(:note_on_commit, author: user, project: project, commit_id: project.repository.commit.id, note: 'a comment on a commit') } - - before { project.team << [user, :reporter] } - - describe "GET /projects/:id/repository/commits" do - context "authorized user" do - before { project.team << [user2, :reporter] } - - it "should return project commits" do - get api("/projects/#{project.id}/repository/commits", user) - expect(response.status).to eq(200) - - expect(json_response).to be_an Array - expect(json_response.first['id']).to eq(project.repository.commit.id) - end - end - - context "unauthorized user" do - it "should not return project commits" do - get api("/projects/#{project.id}/repository/commits") - expect(response.status).to eq(401) - end - end - end - - describe "GET /projects:id/repository/commits/:sha" do - context "authorized user" do - it "should return a commit by sha" do - get api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}", user) - expect(response.status).to eq(200) - expect(json_response['id']).to eq(project.repository.commit.id) - expect(json_response['title']).to eq(project.repository.commit.title) - end - - it "should return a 404 error if not found" do - get api("/projects/#{project.id}/repository/commits/invalid_sha", user) - expect(response.status).to eq(404) - end - end - - context "unauthorized user" do - it "should not return the selected commit" do - get api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}") - expect(response.status).to eq(401) - end - end - end - - describe "GET /projects:id/repository/commits/:sha/diff" do - context "authorized user" do - before { project.team << [user2, :reporter] } - - it "should return the diff of the selected commit" do - get api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/diff", user) - expect(response.status).to eq(200) - - expect(json_response).to be_an Array - expect(json_response.length).to be >= 1 - expect(json_response.first.keys).to include "diff" - end - - it "should return a 404 error if invalid commit" do - get api("/projects/#{project.id}/repository/commits/invalid_sha/diff", user) - expect(response.status).to eq(404) - end - end - - context "unauthorized user" do - it "should not return the diff of the selected commit" do - get api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/diff") - expect(response.status).to eq(401) - end - end - end - - describe 'GET /projects:id/repository/commits/:sha/comments' do - context 'authorized user' do - it 'should return merge_request comments' do - get api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/comments", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['note']).to eq('a comment on a commit') - expect(json_response.first['author']['id']).to eq(user.id) - end - - it 'should return a 404 error if merge_request_id not found' do - get api("/projects/#{project.id}/repository/commits/1234ab/comments", user) - expect(response.status).to eq(404) - end - end - - context 'unauthorized user' do - it 'should not return the diff of the selected commit' do - get api("/projects/#{project.id}/repository/commits/1234ab/comments") - expect(response.status).to eq(401) - end - end - end - - describe 'POST /projects:id/repository/commits/:sha/comments' do - context 'authorized user' do - it 'should return comment' do - post api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/comments", user), note: 'My comment' - expect(response.status).to eq(201) - expect(json_response['note']).to eq('My comment') - expect(json_response['path']).to be_nil - expect(json_response['line']).to be_nil - expect(json_response['line_type']).to be_nil - end - - it 'should return the inline comment' do - post api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/comments", user), note: 'My comment', path: project.repository.commit.diffs.first.new_path, line: 7, line_type: 'new' - expect(response.status).to eq(201) - expect(json_response['note']).to eq('My comment') - expect(json_response['path']).to eq(project.repository.commit.diffs.first.new_path) - expect(json_response['line']).to eq(7) - expect(json_response['line_type']).to eq('new') - end - - it 'should return 400 if note is missing' do - post api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/comments", user) - expect(response.status).to eq(400) - end - - it 'should return 404 if note is attached to non existent commit' do - post api("/projects/#{project.id}/repository/commits/1234ab/comments", user), note: 'My comment' - expect(response.status).to eq(404) - end - end - - context 'unauthorized user' do - it 'should not return the diff of the selected commit' do - post api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/comments") - expect(response.status).to eq(401) - end - end - end -end diff --git a/spec/requests/api/doorkeeper_access_spec.rb b/spec/requests/api/doorkeeper_access_spec.rb deleted file mode 100644 index 39949a90422..00000000000 --- a/spec/requests/api/doorkeeper_access_spec.rb +++ /dev/null @@ -1,31 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - - let!(:user) { create(:user) } - let!(:application) { Doorkeeper::Application.create!(:name => "MyApp", :redirect_uri => "https://app.com", :owner => user) } - let!(:token) { Doorkeeper::AccessToken.create! :application_id => application.id, :resource_owner_id => user.id } - - - describe "when unauthenticated" do - it "returns authentication success" do - get api("/user"), :access_token => token.token - expect(response.status).to eq(200) - end - end - - describe "when token invalid" do - it "returns authentication error" do - get api("/user"), :access_token => "123a" - expect(response.status).to eq(401) - end - end - - describe "authorization by private token" do - it "returns authentication success" do - get api("/user", user) - expect(response.status).to eq(200) - end - end -end diff --git a/spec/requests/api/files_spec.rb b/spec/requests/api/files_spec.rb deleted file mode 100644 index bab8888a631..00000000000 --- a/spec/requests/api/files_spec.rb +++ /dev/null @@ -1,164 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - let(:user) { create(:user) } - let!(:project) { create(:project, namespace: user.namespace ) } - let(:file_path) { 'files/ruby/popen.rb' } - - before { project.team << [user, :developer] } - - describe "GET /projects/:id/repository/files" do - it "should return file info" do - params = { - file_path: file_path, - ref: 'master', - } - - get api("/projects/#{project.id}/repository/files", user), params - expect(response.status).to eq(200) - expect(json_response['file_path']).to eq(file_path) - expect(json_response['file_name']).to eq('popen.rb') - expect(Base64.decode64(json_response['content']).lines.first).to eq("require 'fileutils'\n") - end - - it "should return a 400 bad request if no params given" do - get api("/projects/#{project.id}/repository/files", user) - expect(response.status).to eq(400) - end - - it "should return a 404 if such file does not exist" do - params = { - file_path: 'app/models/application.rb', - ref: 'master', - } - - get api("/projects/#{project.id}/repository/files", user), params - expect(response.status).to eq(404) - end - end - - describe "POST /projects/:id/repository/files" do - let(:valid_params) { - { - file_path: 'newfile.rb', - branch_name: 'master', - content: 'puts 8', - commit_message: 'Added newfile' - } - } - - it "should create a new file in project repo" do - Gitlab::Satellite::NewFileAction.any_instance.stub( - commit!: true, - ) - - post api("/projects/#{project.id}/repository/files", user), valid_params - expect(response.status).to eq(201) - expect(json_response['file_path']).to eq('newfile.rb') - end - - it "should return a 400 bad request if no params given" do - post api("/projects/#{project.id}/repository/files", user) - expect(response.status).to eq(400) - end - - it "should return a 400 if satellite fails to create file" do - Gitlab::Satellite::NewFileAction.any_instance.stub( - commit!: false, - ) - - post api("/projects/#{project.id}/repository/files", user), valid_params - expect(response.status).to eq(400) - end - end - - describe "PUT /projects/:id/repository/files" do - let(:valid_params) { - { - file_path: file_path, - branch_name: 'master', - content: 'puts 8', - commit_message: 'Changed file' - } - } - - it "should update existing file in project repo" do - Gitlab::Satellite::EditFileAction.any_instance.stub( - commit!: true, - ) - - put api("/projects/#{project.id}/repository/files", user), valid_params - expect(response.status).to eq(200) - expect(json_response['file_path']).to eq(file_path) - end - - it "should return a 400 bad request if no params given" do - put api("/projects/#{project.id}/repository/files", user) - expect(response.status).to eq(400) - end - - it 'should return a 400 if the checkout fails' do - Gitlab::Satellite::EditFileAction.any_instance.stub(:commit!) - .and_raise(Gitlab::Satellite::CheckoutFailed) - - put api("/projects/#{project.id}/repository/files", user), valid_params - expect(response.status).to eq(400) - - ref = valid_params[:branch_name] - expect(response.body).to match("ref '#{ref}' could not be checked out") - end - - it 'should return a 409 if the file was not modified' do - Gitlab::Satellite::EditFileAction.any_instance.stub(:commit!) - .and_raise(Gitlab::Satellite::CommitFailed) - - put api("/projects/#{project.id}/repository/files", user), valid_params - expect(response.status).to eq(409) - expect(response.body).to match("Maybe there was nothing to commit?") - end - - it 'should return a 409 if the push fails' do - Gitlab::Satellite::EditFileAction.any_instance.stub(:commit!) - .and_raise(Gitlab::Satellite::PushFailed) - - put api("/projects/#{project.id}/repository/files", user), valid_params - expect(response.status).to eq(409) - expect(response.body).to match("Maybe the file was changed by another process?") - end - end - - describe "DELETE /projects/:id/repository/files" do - let(:valid_params) { - { - file_path: file_path, - branch_name: 'master', - commit_message: 'Changed file' - } - } - - it "should delete existing file in project repo" do - Gitlab::Satellite::DeleteFileAction.any_instance.stub( - commit!: true, - ) - - delete api("/projects/#{project.id}/repository/files", user), valid_params - expect(response.status).to eq(200) - expect(json_response['file_path']).to eq(file_path) - end - - it "should return a 400 bad request if no params given" do - delete api("/projects/#{project.id}/repository/files", user) - expect(response.status).to eq(400) - end - - it "should return a 400 if satellite fails to create file" do - Gitlab::Satellite::DeleteFileAction.any_instance.stub( - commit!: false, - ) - - delete api("/projects/#{project.id}/repository/files", user), valid_params - expect(response.status).to eq(400) - end - end -end diff --git a/spec/requests/api/fork_spec.rb b/spec/requests/api/fork_spec.rb deleted file mode 100644 index fb3ff552c8d..00000000000 --- a/spec/requests/api/fork_spec.rb +++ /dev/null @@ -1,73 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - let(:user) { create(:user) } - let(:user2) { create(:user) } - let(:user3) { create(:user) } - let(:admin) { create(:admin) } - let(:project) { - create(:project, creator_id: user.id, - namespace: user.namespace) - } - let(:project_user2) { - create(:project_member, user: user2, - project: project, - access_level: ProjectMember::GUEST) - } - - describe 'POST /projects/fork/:id' do - before { project_user2 } - before { user3 } - - context 'when authenticated' do - it 'should fork if user has sufficient access to project' do - post api("/projects/fork/#{project.id}", user2) - expect(response.status).to eq(201) - expect(json_response['name']).to eq(project.name) - expect(json_response['path']).to eq(project.path) - expect(json_response['owner']['id']).to eq(user2.id) - expect(json_response['namespace']['id']).to eq(user2.namespace.id) - expect(json_response['forked_from_project']['id']).to eq(project.id) - end - - it 'should fork if user is admin' do - post api("/projects/fork/#{project.id}", admin) - expect(response.status).to eq(201) - expect(json_response['name']).to eq(project.name) - expect(json_response['path']).to eq(project.path) - expect(json_response['owner']['id']).to eq(admin.id) - expect(json_response['namespace']['id']).to eq(admin.namespace.id) - expect(json_response['forked_from_project']['id']).to eq(project.id) - end - - it 'should fail on missing project access for the project to fork' do - post api("/projects/fork/#{project.id}", user3) - expect(response.status).to eq(404) - expect(json_response['message']).to eq('404 Project Not Found') - end - - it 'should fail if forked project exists in the user namespace' do - post api("/projects/fork/#{project.id}", user) - expect(response.status).to eq(409) - expect(json_response['message']['base']).to eq(['Invalid fork destination']) - expect(json_response['message']['name']).to eq(['has already been taken']) - expect(json_response['message']['path']).to eq(['has already been taken']) - end - - it 'should fail if project to fork from does not exist' do - post api('/projects/fork/424242', user) - expect(response.status).to eq(404) - expect(json_response['message']).to eq('404 Project Not Found') - end - end - - context 'when unauthenticated' do - it 'should return authentication error' do - post api("/projects/fork/#{project.id}") - expect(response.status).to eq(401) - expect(json_response['message']).to eq('401 Unauthorized') - end - end - end -end diff --git a/spec/requests/api/group_members_spec.rb b/spec/requests/api/group_members_spec.rb deleted file mode 100644 index 8ba6876a95b..00000000000 --- a/spec/requests/api/group_members_spec.rb +++ /dev/null @@ -1,199 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - - let(:owner) { create(:user) } - let(:reporter) { create(:user) } - let(:developer) { create(:user) } - let(:master) { create(:user) } - let(:guest) { create(:user) } - let(:stranger) { create(:user) } - - let!(:group_with_members) do - group = create(:group) - group.add_users([reporter.id], GroupMember::REPORTER) - group.add_users([developer.id], GroupMember::DEVELOPER) - group.add_users([master.id], GroupMember::MASTER) - group.add_users([guest.id], GroupMember::GUEST) - group - end - - let!(:group_no_members) { create(:group) } - - before do - group_with_members.add_owner owner - group_no_members.add_owner owner - end - - describe "GET /groups/:id/members" do - context "when authenticated as user that is part or the group" do - it "each user: should return an array of members groups of group3" do - [owner, master, developer, reporter, guest].each do |user| - get api("/groups/#{group_with_members.id}/members", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(5) - expect(json_response.find { |e| e['id']==owner.id }['access_level']).to eq(GroupMember::OWNER) - expect(json_response.find { |e| e['id']==reporter.id }['access_level']).to eq(GroupMember::REPORTER) - expect(json_response.find { |e| e['id']==developer.id }['access_level']).to eq(GroupMember::DEVELOPER) - expect(json_response.find { |e| e['id']==master.id }['access_level']).to eq(GroupMember::MASTER) - expect(json_response.find { |e| e['id']==guest.id }['access_level']).to eq(GroupMember::GUEST) - end - end - - it "users not part of the group should get access error" do - get api("/groups/#{group_with_members.id}/members", stranger) - expect(response.status).to eq(403) - end - end - end - - describe "POST /groups/:id/members" do - context "when not a member of the group" do - it "should not add guest as member of group_no_members when adding being done by person outside the group" do - post api("/groups/#{group_no_members.id}/members", reporter), user_id: guest.id, access_level: GroupMember::MASTER - expect(response.status).to eq(403) - end - end - - context "when a member of the group" do - it "should return ok and add new member" do - new_user = create(:user) - - expect { - post api("/groups/#{group_no_members.id}/members", owner), - user_id: new_user.id, access_level: GroupMember::MASTER - }.to change { group_no_members.members.count }.by(1) - - expect(response.status).to eq(201) - expect(json_response['name']).to eq(new_user.name) - expect(json_response['access_level']).to eq(GroupMember::MASTER) - end - - it "should not allow guest to modify group members" do - new_user = create(:user) - - expect { - post api("/groups/#{group_with_members.id}/members", guest), - user_id: new_user.id, access_level: GroupMember::MASTER - }.not_to change { group_with_members.members.count } - - expect(response.status).to eq(403) - end - - it "should return error if member already exists" do - post api("/groups/#{group_with_members.id}/members", owner), user_id: master.id, access_level: GroupMember::MASTER - expect(response.status).to eq(409) - end - - it "should return a 400 error when user id is not given" do - post api("/groups/#{group_no_members.id}/members", owner), access_level: GroupMember::MASTER - expect(response.status).to eq(400) - end - - it "should return a 400 error when access level is not given" do - post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id - expect(response.status).to eq(400) - end - - it "should return a 422 error when access level is not known" do - post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id, access_level: 1234 - expect(response.status).to eq(422) - end - end - end - - describe 'PUT /groups/:id/members/:user_id' do - context 'when not a member of the group' do - it 'should return a 409 error if the user is not a group member' do - put( - api("/groups/#{group_no_members.id}/members/#{developer.id}", - owner), access_level: GroupMember::MASTER - ) - expect(response.status).to eq(404) - end - end - - context 'when a member of the group' do - it 'should return ok and update member access level' do - put( - api("/groups/#{group_with_members.id}/members/#{reporter.id}", - owner), - access_level: GroupMember::MASTER - ) - - expect(response.status).to eq(200) - - get api("/groups/#{group_with_members.id}/members", owner) - json_reporter = json_response.find do |e| - e['id'] == reporter.id - end - - expect(json_reporter['access_level']).to eq(GroupMember::MASTER) - end - - it 'should not allow guest to modify group members' do - put( - api("/groups/#{group_with_members.id}/members/#{developer.id}", - guest), - access_level: GroupMember::MASTER - ) - - expect(response.status).to eq(403) - - get api("/groups/#{group_with_members.id}/members", owner) - json_developer = json_response.find do |e| - e['id'] == developer.id - end - - expect(json_developer['access_level']).to eq(GroupMember::DEVELOPER) - end - - it 'should return a 400 error when access level is not given' do - put( - api("/groups/#{group_with_members.id}/members/#{master.id}", owner) - ) - expect(response.status).to eq(400) - end - - it 'should return a 422 error when access level is not known' do - put( - api("/groups/#{group_with_members.id}/members/#{master.id}", owner), - access_level: 1234 - ) - expect(response.status).to eq(422) - end - end - end - - describe "DELETE /groups/:id/members/:user_id" do - context "when not a member of the group" do - it "should not delete guest's membership of group_with_members" do - random_user = create(:user) - delete api("/groups/#{group_with_members.id}/members/#{owner.id}", random_user) - expect(response.status).to eq(403) - end - end - - context "when a member of the group" do - it "should delete guest's membership of group" do - expect { - delete api("/groups/#{group_with_members.id}/members/#{guest.id}", owner) - }.to change { group_with_members.members.count }.by(-1) - - expect(response.status).to eq(200) - end - - it "should return a 404 error when user id is not known" do - delete api("/groups/#{group_with_members.id}/members/1328", owner) - expect(response.status).to eq(404) - end - - it "should not allow guest to modify group members" do - delete api("/groups/#{group_with_members.id}/members/#{master.id}", guest) - expect(response.status).to eq(403) - end - end - end -end diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb deleted file mode 100644 index d963dbac9f1..00000000000 --- a/spec/requests/api/groups_spec.rb +++ /dev/null @@ -1,187 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - - let(:user1) { create(:user) } - let(:user2) { create(:user) } - let(:admin) { create(:admin) } - let!(:group1) { create(:group) } - let!(:group2) { create(:group) } - - before do - group1.add_owner(user1) - group2.add_owner(user2) - end - - describe "GET /groups" do - context "when unauthenticated" do - it "should return authentication error" do - get api("/groups") - expect(response.status).to eq(401) - end - end - - context "when authenticated as user" do - it "normal user: should return an array of groups of user1" do - get api("/groups", user1) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['name']).to eq(group1.name) - end - end - - context "when authenticated as admin" do - it "admin: should return an array of all groups" do - get api("/groups", admin) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - end - end - end - - describe "GET /groups/:id" do - context "when authenticated as user" do - it "should return one of user1's groups" do - get api("/groups/#{group1.id}", user1) - expect(response.status).to eq(200) - json_response['name'] == group1.name - end - - it "should not return a non existing group" do - get api("/groups/1328", user1) - expect(response.status).to eq(404) - end - - it "should not return a group not attached to user1" do - get api("/groups/#{group2.id}", user1) - expect(response.status).to eq(403) - end - end - - context "when authenticated as admin" do - it "should return any existing group" do - get api("/groups/#{group2.id}", admin) - expect(response.status).to eq(200) - json_response['name'] == group2.name - end - - it "should not return a non existing group" do - get api("/groups/1328", admin) - expect(response.status).to eq(404) - end - end - - context 'when using group path in URL' do - it 'should return any existing group' do - get api("/groups/#{group1.path}", admin) - expect(response.status).to eq(200) - json_response['name'] == group2.name - end - - it 'should not return a non existing group' do - get api('/groups/unknown', admin) - expect(response.status).to eq(404) - end - - it 'should not return a group not attached to user1' do - get api("/groups/#{group2.path}", user1) - expect(response.status).to eq(403) - end - end - end - - describe "POST /groups" do - context "when authenticated as user" do - it "should not create group" do - post api("/groups", user1), attributes_for(:group) - expect(response.status).to eq(403) - end - end - - context "when authenticated as admin" do - it "should create group" do - post api("/groups", admin), attributes_for(:group) - expect(response.status).to eq(201) - end - - it "should not create group, duplicate" do - post api("/groups", admin), {name: "Duplicate Test", path: group2.path} - expect(response.status).to eq(400) - expect(response.message).to eq("Bad Request") - end - - it "should return 400 bad request error if name not given" do - post api("/groups", admin), {path: group2.path} - expect(response.status).to eq(400) - end - - it "should return 400 bad request error if path not given" do - post api("/groups", admin), { name: 'test' } - expect(response.status).to eq(400) - end - end - end - - describe "DELETE /groups/:id" do - context "when authenticated as user" do - it "should remove group" do - delete api("/groups/#{group1.id}", user1) - expect(response.status).to eq(200) - end - - it "should not remove a group if not an owner" do - user3 = create(:user) - group1.add_user(user3, Gitlab::Access::MASTER) - delete api("/groups/#{group1.id}", user3) - expect(response.status).to eq(403) - end - - it "should not remove a non existing group" do - delete api("/groups/1328", user1) - expect(response.status).to eq(404) - end - - it "should not remove a group not attached to user1" do - delete api("/groups/#{group2.id}", user1) - expect(response.status).to eq(403) - end - end - - context "when authenticated as admin" do - it "should remove any existing group" do - delete api("/groups/#{group2.id}", admin) - expect(response.status).to eq(200) - end - - it "should not remove a non existing group" do - delete api("/groups/1328", admin) - expect(response.status).to eq(404) - end - end - end - - describe "POST /groups/:id/projects/:project_id" do - let(:project) { create(:project) } - before(:each) do - Projects::TransferService.any_instance.stub(execute: true) - allow(Project).to receive(:find).and_return(project) - end - - context "when authenticated as user" do - it "should not transfer project to group" do - post api("/groups/#{group1.id}/projects/#{project.id}", user2) - expect(response.status).to eq(403) - end - end - - context "when authenticated as admin" do - it "should transfer project to group" do - post api("/groups/#{group1.id}/projects/#{project.id}", admin) - expect(response.status).to eq(201) - end - end - end -end diff --git a/spec/requests/api/internal_spec.rb b/spec/requests/api/internal_spec.rb deleted file mode 100644 index 4c7d15d6594..00000000000 --- a/spec/requests/api/internal_spec.rb +++ /dev/null @@ -1,229 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - let(:user) { create(:user) } - let(:key) { create(:key, user: user) } - let(:project) { create(:project) } - let(:secret_token) { File.read Rails.root.join('.gitlab_shell_secret') } - - describe "GET /internal/check", no_db: true do - it do - get api("/internal/check"), secret_token: secret_token - - expect(response.status).to eq(200) - expect(json_response['api_version']).to eq(API::API.version) - end - end - - describe "GET /internal/broadcast_message" do - context "broadcast message exists" do - let!(:broadcast_message) { create(:broadcast_message, starts_at: Time.now.yesterday, ends_at: Time.now.tomorrow ) } - - it do - get api("/internal/broadcast_message"), secret_token: secret_token - - expect(response.status).to eq(200) - expect(json_response["message"]).to eq(broadcast_message.message) - end - end - - context "broadcast message doesn't exist" do - it do - get api("/internal/broadcast_message"), secret_token: secret_token - - expect(response.status).to eq(200) - expect(json_response).to be_empty - end - end - end - - describe "GET /internal/discover" do - it do - get(api("/internal/discover"), key_id: key.id, secret_token: secret_token) - - expect(response.status).to eq(200) - - expect(json_response['name']).to eq(user.name) - end - end - - describe "POST /internal/allowed" do - context "access granted" do - before do - project.team << [user, :developer] - end - - context "git pull" do - it do - pull(key, project) - - expect(response.status).to eq(200) - expect(json_response["status"]).to be_truthy - end - end - - context "git push" do - it do - push(key, project) - - expect(response.status).to eq(200) - expect(json_response["status"]).to be_truthy - end - end - end - - context "access denied" do - before do - project.team << [user, :guest] - end - - context "git pull" do - it do - pull(key, project) - - expect(response.status).to eq(200) - expect(json_response["status"]).to be_falsey - end - end - - context "git push" do - it do - push(key, project) - - expect(response.status).to eq(200) - expect(json_response["status"]).to be_falsey - end - end - end - - context "blocked user" do - let(:personal_project) { create(:project, namespace: user.namespace) } - - before do - user.block - end - - context "git pull" do - it do - pull(key, personal_project) - - expect(response.status).to eq(200) - expect(json_response["status"]).to be_falsey - end - end - - context "git push" do - it do - push(key, personal_project) - - expect(response.status).to eq(200) - expect(json_response["status"]).to be_falsey - end - end - end - - context "archived project" do - let(:personal_project) { create(:project, namespace: user.namespace) } - - before do - project.team << [user, :developer] - project.archive! - end - - context "git pull" do - it do - pull(key, project) - - expect(response.status).to eq(200) - expect(json_response["status"]).to be_truthy - end - end - - context "git push" do - it do - push(key, project) - - expect(response.status).to eq(200) - expect(json_response["status"]).to be_falsey - end - end - end - - context "deploy key" do - let(:key) { create(:deploy_key) } - - context "added to project" do - before do - key.projects << project - end - - it do - archive(key, project) - - expect(response.status).to eq(200) - expect(json_response["status"]).to be_truthy - end - end - - context "not added to project" do - it do - archive(key, project) - - expect(response.status).to eq(200) - expect(json_response["status"]).to be_falsey - end - end - end - - context 'project does not exist' do - it do - pull(key, OpenStruct.new(path_with_namespace: 'gitlab/notexists')) - - expect(response.status).to eq(200) - expect(json_response["status"]).to be_falsey - end - end - - context 'user does not exist' do - it do - pull(OpenStruct.new(id: 0), project) - - expect(response.status).to eq(200) - expect(json_response["status"]).to be_falsey - end - end - end - - def pull(key, project) - post( - api("/internal/allowed"), - key_id: key.id, - project: project.path_with_namespace, - action: 'git-upload-pack', - secret_token: secret_token - ) - end - - def push(key, project) - post( - api("/internal/allowed"), - changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master', - key_id: key.id, - project: project.path_with_namespace, - action: 'git-receive-pack', - secret_token: secret_token - ) - end - - def archive(key, project) - post( - api("/internal/allowed"), - ref: 'master', - key_id: key.id, - project: project.path_with_namespace, - action: 'git-upload-archive', - secret_token: secret_token - ) - end -end diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb deleted file mode 100644 index b6b0427debf..00000000000 --- a/spec/requests/api/issues_spec.rb +++ /dev/null @@ -1,330 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - let(:user) { create(:user) } - let!(:project) { create(:project, namespace: user.namespace ) } - let!(:closed_issue) do - create :closed_issue, - author: user, - assignee: user, - project: project, - state: :closed, - milestone: milestone - end - let!(:issue) do - create :issue, - author: user, - assignee: user, - project: project, - milestone: milestone - end - let!(:label) do - create(:label, title: 'label', color: '#FFAABB', project: project) - end - let!(:label_link) { create(:label_link, label: label, target: issue) } - let!(:milestone) { create(:milestone, title: '1.0.0', project: project) } - let!(:empty_milestone) do - create(:milestone, title: '2.0.0', project: project) - end - - before { project.team << [user, :reporter] } - - describe "GET /issues" do - context "when unauthenticated" do - it "should return authentication error" do - get api("/issues") - expect(response.status).to eq(401) - end - end - - context "when authenticated" do - it "should return an array of issues" do - get api("/issues", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['title']).to eq(issue.title) - end - - it "should add pagination headers" do - get api("/issues?per_page=3", user) - expect(response.headers['Link']).to eq( - '<http://www.example.com/api/v3/issues?page=1&per_page=3>; rel="first", <http://www.example.com/api/v3/issues?page=1&per_page=3>; rel="last"' - ) - end - - it 'should return an array of closed issues' do - get api('/issues?state=closed', user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(closed_issue.id) - end - - it 'should return an array of opened issues' do - get api('/issues?state=opened', user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(issue.id) - end - - it 'should return an array of all issues' do - get api('/issues?state=all', user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - expect(json_response.first['id']).to eq(issue.id) - expect(json_response.second['id']).to eq(closed_issue.id) - end - - it 'should return an array of labeled issues' do - get api("/issues?labels=#{label.title}", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['labels']).to eq([label.title]) - end - - it 'should return an array of labeled issues when at least one label matches' do - get api("/issues?labels=#{label.title},foo,bar", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['labels']).to eq([label.title]) - end - - it 'should return an empty array if no issue matches labels' do - get api('/issues?labels=foo,bar', user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'should return an array of labeled issues matching given state' do - get api("/issues?labels=#{label.title}&state=opened", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['labels']).to eq([label.title]) - expect(json_response.first['state']).to eq('opened') - end - - it 'should return an empty array if no issue matches labels and state filters' do - get api("/issues?labels=#{label.title}&state=closed", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - end - end - - describe "GET /projects/:id/issues" do - let(:base_url) { "/projects/#{project.id}" } - let(:title) { milestone.title } - - it "should return project issues" do - get api("#{base_url}/issues", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['title']).to eq(issue.title) - end - - it 'should return an array of labeled project issues' do - get api("#{base_url}/issues?labels=#{label.title}", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['labels']).to eq([label.title]) - end - - it 'should return an array of labeled project issues when at least one label matches' do - get api("#{base_url}/issues?labels=#{label.title},foo,bar", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['labels']).to eq([label.title]) - end - - it 'should return an empty array if no project issue matches labels' do - get api("#{base_url}/issues?labels=foo,bar", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'should return an empty array if no issue matches milestone' do - get api("#{base_url}/issues?milestone=#{empty_milestone.title}", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'should return an empty array if milestone does not exist' do - get api("#{base_url}/issues?milestone=foo", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'should return an array of issues in given milestone' do - get api("#{base_url}/issues?milestone=#{title}", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - expect(json_response.first['id']).to eq(issue.id) - expect(json_response.second['id']).to eq(closed_issue.id) - end - - it 'should return an array of issues matching state in milestone' do - get api("#{base_url}/issues?milestone=#{milestone.title}"\ - '&state=closed', user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(closed_issue.id) - end - end - - describe "GET /projects/:id/issues/:issue_id" do - it "should return a project issue by id" do - get api("/projects/#{project.id}/issues/#{issue.id}", user) - expect(response.status).to eq(200) - expect(json_response['title']).to eq(issue.title) - expect(json_response['iid']).to eq(issue.iid) - end - - it "should return 404 if issue id not found" do - get api("/projects/#{project.id}/issues/54321", user) - expect(response.status).to eq(404) - end - end - - describe "POST /projects/:id/issues" do - it "should create a new project issue" do - post api("/projects/#{project.id}/issues", user), - title: 'new issue', labels: 'label, label2' - expect(response.status).to eq(201) - expect(json_response['title']).to eq('new issue') - expect(json_response['description']).to be_nil - expect(json_response['labels']).to eq(['label', 'label2']) - end - - it "should return a 400 bad request if title not given" do - post api("/projects/#{project.id}/issues", user), labels: 'label, label2' - expect(response.status).to eq(400) - end - - it 'should return 400 on invalid label names' do - post api("/projects/#{project.id}/issues", user), - title: 'new issue', - labels: 'label, ?' - expect(response.status).to eq(400) - expect(json_response['message']['labels']['?']['title']).to eq(['is invalid']) - end - - it 'should return 400 if title is too long' do - post api("/projects/#{project.id}/issues", user), - title: 'g' * 256 - expect(response.status).to eq(400) - expect(json_response['message']['title']).to eq([ - 'is too long (maximum is 255 characters)' - ]) - end - end - - describe "PUT /projects/:id/issues/:issue_id to update only title" do - it "should update a project issue" do - put api("/projects/#{project.id}/issues/#{issue.id}", user), - title: 'updated title' - expect(response.status).to eq(200) - - expect(json_response['title']).to eq('updated title') - end - - it "should return 404 error if issue id not found" do - put api("/projects/#{project.id}/issues/44444", user), - title: 'updated title' - expect(response.status).to eq(404) - end - - it 'should return 400 on invalid label names' do - put api("/projects/#{project.id}/issues/#{issue.id}", user), - title: 'updated title', - labels: 'label, ?' - expect(response.status).to eq(400) - expect(json_response['message']['labels']['?']['title']).to eq(['is invalid']) - end - end - - describe 'PUT /projects/:id/issues/:issue_id to update labels' do - let!(:label) { create(:label, title: 'dummy', project: project) } - let!(:label_link) { create(:label_link, label: label, target: issue) } - - it 'should not update labels if not present' do - put api("/projects/#{project.id}/issues/#{issue.id}", user), - title: 'updated title' - expect(response.status).to eq(200) - expect(json_response['labels']).to eq([label.title]) - end - - it 'should remove all labels' do - put api("/projects/#{project.id}/issues/#{issue.id}", user), - labels: '' - expect(response.status).to eq(200) - expect(json_response['labels']).to eq([]) - end - - it 'should update labels' do - put api("/projects/#{project.id}/issues/#{issue.id}", user), - labels: 'foo,bar' - expect(response.status).to eq(200) - expect(json_response['labels']).to include 'foo' - expect(json_response['labels']).to include 'bar' - end - - it 'should return 400 on invalid label names' do - put api("/projects/#{project.id}/issues/#{issue.id}", user), - labels: 'label, ?' - expect(response.status).to eq(400) - expect(json_response['message']['labels']['?']['title']).to eq(['is invalid']) - end - - it 'should allow special label names' do - put api("/projects/#{project.id}/issues/#{issue.id}", user), - labels: 'label:foo, label-bar,label_bar,label/bar' - expect(response.status).to eq(200) - expect(json_response['labels']).to include 'label:foo' - expect(json_response['labels']).to include 'label-bar' - expect(json_response['labels']).to include 'label_bar' - expect(json_response['labels']).to include 'label/bar' - end - - it 'should return 400 if title is too long' do - put api("/projects/#{project.id}/issues/#{issue.id}", user), - title: 'g' * 256 - expect(response.status).to eq(400) - expect(json_response['message']['title']).to eq([ - 'is too long (maximum is 255 characters)' - ]) - end - end - - describe "PUT /projects/:id/issues/:issue_id to update state and label" do - it "should update a project issue" do - put api("/projects/#{project.id}/issues/#{issue.id}", user), - labels: 'label2', state_event: "close" - expect(response.status).to eq(200) - - expect(json_response['labels']).to include 'label2' - expect(json_response['state']).to eq "closed" - end - end - - describe "DELETE /projects/:id/issues/:issue_id" do - it "should delete a project issue" do - delete api("/projects/#{project.id}/issues/#{issue.id}", user) - expect(response.status).to eq(405) - end - end -end diff --git a/spec/requests/api/labels_spec.rb b/spec/requests/api/labels_spec.rb deleted file mode 100644 index aff109a9424..00000000000 --- a/spec/requests/api/labels_spec.rb +++ /dev/null @@ -1,170 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - - let(:user) { create(:user) } - let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) } - let!(:label1) { create(:label, title: 'label1', project: project) } - - before do - project.team << [user, :master] - end - - - describe 'GET /projects/:id/labels' do - it 'should return project labels' do - get api("/projects/#{project.id}/labels", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(1) - expect(json_response.first['name']).to eq(label1.name) - end - end - - describe 'POST /projects/:id/labels' do - it 'should return created label' do - post api("/projects/#{project.id}/labels", user), - name: 'Foo', - color: '#FFAABB' - expect(response.status).to eq(201) - expect(json_response['name']).to eq('Foo') - expect(json_response['color']).to eq('#FFAABB') - end - - it 'should return a 400 bad request if name not given' do - post api("/projects/#{project.id}/labels", user), color: '#FFAABB' - expect(response.status).to eq(400) - end - - it 'should return a 400 bad request if color not given' do - post api("/projects/#{project.id}/labels", user), name: 'Foobar' - expect(response.status).to eq(400) - end - - it 'should return 400 for invalid color' do - post api("/projects/#{project.id}/labels", user), - name: 'Foo', - color: '#FFAA' - expect(response.status).to eq(400) - expect(json_response['message']['color']).to eq(['is invalid']) - end - - it 'should return 400 for too long color code' do - post api("/projects/#{project.id}/labels", user), - name: 'Foo', - color: '#FFAAFFFF' - expect(response.status).to eq(400) - expect(json_response['message']['color']).to eq(['is invalid']) - end - - it 'should return 400 for invalid name' do - post api("/projects/#{project.id}/labels", user), - name: '?', - color: '#FFAABB' - expect(response.status).to eq(400) - expect(json_response['message']['title']).to eq(['is invalid']) - end - - it 'should return 409 if label already exists' do - post api("/projects/#{project.id}/labels", user), - name: 'label1', - color: '#FFAABB' - expect(response.status).to eq(409) - expect(json_response['message']).to eq('Label already exists') - end - end - - describe 'DELETE /projects/:id/labels' do - it 'should return 200 for existing label' do - delete api("/projects/#{project.id}/labels", user), name: 'label1' - expect(response.status).to eq(200) - end - - it 'should return 404 for non existing label' do - delete api("/projects/#{project.id}/labels", user), name: 'label2' - expect(response.status).to eq(404) - expect(json_response['message']).to eq('404 Label Not Found') - end - - it 'should return 400 for wrong parameters' do - delete api("/projects/#{project.id}/labels", user) - expect(response.status).to eq(400) - end - end - - describe 'PUT /projects/:id/labels' do - it 'should return 200 if name and colors are changed' do - put api("/projects/#{project.id}/labels", user), - name: 'label1', - new_name: 'New Label', - color: '#FFFFFF' - expect(response.status).to eq(200) - expect(json_response['name']).to eq('New Label') - expect(json_response['color']).to eq('#FFFFFF') - end - - it 'should return 200 if name is changed' do - put api("/projects/#{project.id}/labels", user), - name: 'label1', - new_name: 'New Label' - expect(response.status).to eq(200) - expect(json_response['name']).to eq('New Label') - expect(json_response['color']).to eq(label1.color) - end - - it 'should return 200 if colors is changed' do - put api("/projects/#{project.id}/labels", user), - name: 'label1', - color: '#FFFFFF' - expect(response.status).to eq(200) - expect(json_response['name']).to eq(label1.name) - expect(json_response['color']).to eq('#FFFFFF') - end - - it 'should return 404 if label does not exist' do - put api("/projects/#{project.id}/labels", user), - name: 'label2', - new_name: 'label3' - expect(response.status).to eq(404) - end - - it 'should return 400 if no label name given' do - put api("/projects/#{project.id}/labels", user), new_name: 'label2' - expect(response.status).to eq(400) - expect(json_response['message']).to eq('400 (Bad request) "name" not given') - end - - it 'should return 400 if no new parameters given' do - put api("/projects/#{project.id}/labels", user), name: 'label1' - expect(response.status).to eq(400) - expect(json_response['message']).to eq('Required parameters '\ - '"new_name" or "color" missing') - end - - it 'should return 400 for invalid name' do - put api("/projects/#{project.id}/labels", user), - name: 'label1', - new_name: '?', - color: '#FFFFFF' - expect(response.status).to eq(400) - expect(json_response['message']['title']).to eq(['is invalid']) - end - - it 'should return 400 for invalid name' do - put api("/projects/#{project.id}/labels", user), - name: 'label1', - color: '#FF' - expect(response.status).to eq(400) - expect(json_response['message']['color']).to eq(['is invalid']) - end - - it 'should return 400 for too long color code' do - post api("/projects/#{project.id}/labels", user), - name: 'Foo', - color: '#FFAAFFFF' - expect(response.status).to eq(400) - expect(json_response['message']['color']).to eq(['is invalid']) - end - end -end diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb deleted file mode 100644 index 9e252441a4f..00000000000 --- a/spec/requests/api/merge_requests_spec.rb +++ /dev/null @@ -1,409 +0,0 @@ -require "spec_helper" - -describe API::API, api: true do - include ApiHelpers - let(:user) { create(:user) } - let!(:project) {create(:project, creator_id: user.id, namespace: user.namespace) } - let!(:merge_request) { create(:merge_request, :simple, author: user, assignee: user, source_project: project, target_project: project, title: "Test") } - let!(:merge_request_closed) { create(:merge_request, state: "closed", author: user, assignee: user, source_project: project, target_project: project, title: "Closed test") } - let!(:merge_request_merged) { create(:merge_request, state: "merged", author: user, assignee: user, source_project: project, target_project: project, title: "Merged test") } - let!(:note) { create(:note_on_merge_request, author: user, project: project, noteable: merge_request, note: "a comment on a MR") } - before { - project.team << [user, :reporters] - } - - describe "GET /projects/:id/merge_requests" do - context "when unauthenticated" do - it "should return authentication error" do - get api("/projects/#{project.id}/merge_requests") - expect(response.status).to eq(401) - end - end - - context "when authenticated" do - it "should return an array of all merge_requests" do - get api("/projects/#{project.id}/merge_requests", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.last['title']).to eq(merge_request.title) - end - - it "should return an array of all merge_requests" do - get api("/projects/#{project.id}/merge_requests?state", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.last['title']).to eq(merge_request.title) - end - - it "should return an array of open merge_requests" do - get api("/projects/#{project.id}/merge_requests?state=opened", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.last['title']).to eq(merge_request.title) - end - - it "should return an array of closed merge_requests" do - get api("/projects/#{project.id}/merge_requests?state=closed", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - expect(json_response.second['title']).to eq(merge_request_closed.title) - expect(json_response.first['title']).to eq(merge_request_merged.title) - end - - it "should return an array of merged merge_requests" do - get api("/projects/#{project.id}/merge_requests?state=merged", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['title']).to eq(merge_request_merged.title) - end - - context "with ordering" do - before do - @mr_later = mr_with_later_created_and_updated_at_time - @mr_earlier = mr_with_earlier_created_and_updated_at_time - end - - it "should return an array of merge_requests in ascending order" do - get api("/projects/#{project.id}/merge_requests?sort=asc", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.last['id']).to eq(@mr_earlier.id) - expect(json_response.first['id']).to eq(@mr_later.id) - end - - it "should return an array of merge_requests in descending order" do - get api("/projects/#{project.id}/merge_requests?sort=desc", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.first['id']).to eq(@mr_later.id) - expect(json_response.last['id']).to eq(@mr_earlier.id) - end - - it "should return an array of merge_requests ordered by updated_at" do - get api("/projects/#{project.id}/merge_requests?order_by=updated_at", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.last['id']).to eq(@mr_earlier.id) - expect(json_response.first['id']).to eq(@mr_later.id) - end - - it "should return an array of merge_requests ordered by created_at" do - get api("/projects/#{project.id}/merge_requests?sort=created_at", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.last['id']).to eq(@mr_earlier.id) - expect(json_response.first['id']).to eq(@mr_later.id) - end - end - end - end - - describe "GET /projects/:id/merge_request/:merge_request_id" do - it "should return merge_request" do - get api("/projects/#{project.id}/merge_request/#{merge_request.id}", user) - expect(response.status).to eq(200) - expect(json_response['title']).to eq(merge_request.title) - expect(json_response['iid']).to eq(merge_request.iid) - end - - it "should return a 404 error if merge_request_id not found" do - get api("/projects/#{project.id}/merge_request/999", user) - expect(response.status).to eq(404) - end - end - - describe 'GET /projects/:id/merge_request/:merge_request_id/changes' do - it 'should return the change information of the merge_request' do - get api("/projects/#{project.id}/merge_request/#{merge_request.id}/changes", user) - expect(response.status).to eq 200 - expect(json_response['changes'].size).to eq(merge_request.diffs.size) - end - - it 'returns a 404 when merge_request_id not found' do - get api("/projects/#{project.id}/merge_request/999/changes", user) - expect(response.status).to eq(404) - end - end - - describe "POST /projects/:id/merge_requests" do - context 'between branches projects' do - it "should return merge_request" do - post api("/projects/#{project.id}/merge_requests", user), - title: 'Test merge_request', - source_branch: 'stable', - target_branch: 'master', - author: user, - labels: 'label, label2' - expect(response.status).to eq(201) - expect(json_response['title']).to eq('Test merge_request') - expect(json_response['labels']).to eq(['label', 'label2']) - end - - it "should return 422 when source_branch equals target_branch" do - post api("/projects/#{project.id}/merge_requests", user), - title: "Test merge_request", source_branch: "master", target_branch: "master", author: user - expect(response.status).to eq(422) - end - - it "should return 400 when source_branch is missing" do - post api("/projects/#{project.id}/merge_requests", user), - title: "Test merge_request", target_branch: "master", author: user - expect(response.status).to eq(400) - end - - it "should return 400 when target_branch is missing" do - post api("/projects/#{project.id}/merge_requests", user), - title: "Test merge_request", source_branch: "stable", author: user - expect(response.status).to eq(400) - end - - it "should return 400 when title is missing" do - post api("/projects/#{project.id}/merge_requests", user), - target_branch: 'master', source_branch: 'stable' - expect(response.status).to eq(400) - end - - it 'should return 400 on invalid label names' do - post api("/projects/#{project.id}/merge_requests", user), - title: 'Test merge_request', - source_branch: 'stable', - target_branch: 'master', - author: user, - labels: 'label, ?' - expect(response.status).to eq(400) - expect(json_response['message']['labels']['?']['title']).to eq( - ['is invalid'] - ) - end - - context 'with existing MR' do - before do - post api("/projects/#{project.id}/merge_requests", user), - title: 'Test merge_request', - source_branch: 'stable', - target_branch: 'master', - author: user - @mr = MergeRequest.all.last - end - - it 'should return 409 when MR already exists for source/target' do - expect do - post api("/projects/#{project.id}/merge_requests", user), - title: 'New test merge_request', - source_branch: 'stable', - target_branch: 'master', - author: user - end.to change { MergeRequest.count }.by(0) - expect(response.status).to eq(409) - end - end - end - - context 'forked projects' do - let!(:user2) { create(:user) } - let!(:fork_project) { create(:project, forked_from_project: project, namespace: user2.namespace, creator_id: user2.id) } - let!(:unrelated_project) { create(:project, namespace: create(:user).namespace, creator_id: user2.id) } - - before :each do |each| - fork_project.team << [user2, :reporters] - end - - it "should return merge_request" do - post api("/projects/#{fork_project.id}/merge_requests", user2), - title: 'Test merge_request', source_branch: "stable", target_branch: "master", author: user2, target_project_id: project.id, description: 'Test description for Test merge_request' - expect(response.status).to eq(201) - expect(json_response['title']).to eq('Test merge_request') - expect(json_response['description']).to eq('Test description for Test merge_request') - end - - it "should not return 422 when source_branch equals target_branch" do - expect(project.id).not_to eq(fork_project.id) - expect(fork_project.forked?).to be_truthy - expect(fork_project.forked_from_project).to eq(project) - post api("/projects/#{fork_project.id}/merge_requests", user2), - title: 'Test merge_request', source_branch: "master", target_branch: "master", author: user2, target_project_id: project.id - expect(response.status).to eq(201) - expect(json_response['title']).to eq('Test merge_request') - end - - it "should return 400 when source_branch is missing" do - post api("/projects/#{fork_project.id}/merge_requests", user2), - title: 'Test merge_request', target_branch: "master", author: user2, target_project_id: project.id - expect(response.status).to eq(400) - end - - it "should return 400 when target_branch is missing" do - post api("/projects/#{fork_project.id}/merge_requests", user2), - title: 'Test merge_request', target_branch: "master", author: user2, target_project_id: project.id - expect(response.status).to eq(400) - end - - it "should return 400 when title is missing" do - post api("/projects/#{fork_project.id}/merge_requests", user2), - target_branch: 'master', source_branch: 'stable', author: user2, target_project_id: project.id - expect(response.status).to eq(400) - end - - context 'when target_branch is specified' do - it 'should return 422 if not a forked project' do - post api("/projects/#{project.id}/merge_requests", user), - title: 'Test merge_request', - target_branch: 'master', - source_branch: 'stable', - author: user, - target_project_id: fork_project.id - expect(response.status).to eq(422) - end - - it 'should return 422 if targeting a different fork' do - post api("/projects/#{fork_project.id}/merge_requests", user2), - title: 'Test merge_request', - target_branch: 'master', - source_branch: 'stable', - author: user2, - target_project_id: unrelated_project.id - expect(response.status).to eq(422) - end - end - - it "should return 201 when target_branch is specified and for the same project" do - post api("/projects/#{fork_project.id}/merge_requests", user2), - title: 'Test merge_request', target_branch: 'master', source_branch: 'stable', author: user2, target_project_id: fork_project.id - expect(response.status).to eq(201) - end - end - end - - describe "PUT /projects/:id/merge_request/:merge_request_id to close MR" do - it "should return merge_request" do - put api("/projects/#{project.id}/merge_request/#{merge_request.id}", user), state_event: "close" - expect(response.status).to eq(200) - expect(json_response['state']).to eq('closed') - end - end - - describe "PUT /projects/:id/merge_request/:merge_request_id/merge" do - it "should return merge_request in case of success" do - MergeRequest.any_instance.stub(can_be_merged?: true, automerge!: true) - put api("/projects/#{project.id}/merge_request/#{merge_request.id}/merge", user) - expect(response.status).to eq(200) - end - - it "should return 405 if branch can't be merged" do - MergeRequest.any_instance.stub(can_be_merged?: false) - put api("/projects/#{project.id}/merge_request/#{merge_request.id}/merge", user) - expect(response.status).to eq(405) - expect(json_response['message']).to eq('Branch cannot be merged') - end - - it "should return 405 if merge_request is not open" do - merge_request.close - put api("/projects/#{project.id}/merge_request/#{merge_request.id}/merge", user) - expect(response.status).to eq(405) - expect(json_response['message']).to eq('405 Method Not Allowed') - end - - it "should return 401 if user has no permissions to merge" do - user2 = create(:user) - project.team << [user2, :reporter] - put api("/projects/#{project.id}/merge_request/#{merge_request.id}/merge", user2) - expect(response.status).to eq(401) - expect(json_response['message']).to eq('401 Unauthorized') - end - end - - describe "PUT /projects/:id/merge_request/:merge_request_id" do - it "should return merge_request" do - put api("/projects/#{project.id}/merge_request/#{merge_request.id}", user), title: "New title" - expect(response.status).to eq(200) - expect(json_response['title']).to eq('New title') - end - - it "should return merge_request" do - put api("/projects/#{project.id}/merge_request/#{merge_request.id}", user), description: "New description" - expect(response.status).to eq(200) - expect(json_response['description']).to eq('New description') - end - - it "should return 422 when source_branch and target_branch are renamed the same" do - put api("/projects/#{project.id}/merge_request/#{merge_request.id}", user), - source_branch: "master", target_branch: "master" - expect(response.status).to eq(422) - end - - it "should return merge_request with renamed target_branch" do - put api("/projects/#{project.id}/merge_request/#{merge_request.id}", user), target_branch: "wiki" - expect(response.status).to eq(200) - expect(json_response['target_branch']).to eq('wiki') - end - - it 'should return 400 on invalid label names' do - put api("/projects/#{project.id}/merge_request/#{merge_request.id}", - user), - title: 'new issue', - labels: 'label, ?' - expect(response.status).to eq(400) - expect(json_response['message']['labels']['?']['title']).to eq(['is invalid']) - end - end - - describe "POST /projects/:id/merge_request/:merge_request_id/comments" do - it "should return comment" do - post api("/projects/#{project.id}/merge_request/#{merge_request.id}/comments", user), note: "My comment" - expect(response.status).to eq(201) - expect(json_response['note']).to eq('My comment') - end - - it "should return 400 if note is missing" do - post api("/projects/#{project.id}/merge_request/#{merge_request.id}/comments", user) - expect(response.status).to eq(400) - end - - it "should return 404 if note is attached to non existent merge request" do - post api("/projects/#{project.id}/merge_request/404/comments", user), - note: 'My comment' - expect(response.status).to eq(404) - end - end - - describe "GET :id/merge_request/:merge_request_id/comments" do - it "should return merge_request comments" do - get api("/projects/#{project.id}/merge_request/#{merge_request.id}/comments", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['note']).to eq("a comment on a MR") - expect(json_response.first['author']['id']).to eq(user.id) - end - - it "should return a 404 error if merge_request_id not found" do - get api("/projects/#{project.id}/merge_request/999/comments", user) - expect(response.status).to eq(404) - end - end - - def mr_with_later_created_and_updated_at_time - merge_request - merge_request.created_at += 1.hour - merge_request.updated_at += 30.minutes - merge_request.save - merge_request - end - - def mr_with_earlier_created_and_updated_at_time - merge_request_closed - merge_request_closed.created_at -= 1.hour - merge_request_closed.updated_at -= 30.minutes - merge_request_closed.save - merge_request_closed - end -end diff --git a/spec/requests/api/milestones_spec.rb b/spec/requests/api/milestones_spec.rb deleted file mode 100644 index effb0723476..00000000000 --- a/spec/requests/api/milestones_spec.rb +++ /dev/null @@ -1,116 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - let(:user) { create(:user) } - let!(:project) { create(:project, namespace: user.namespace ) } - let!(:milestone) { create(:milestone, project: project) } - - before { project.team << [user, :developer] } - - describe 'GET /projects/:id/milestones' do - it 'should return project milestones' do - get api("/projects/#{project.id}/milestones", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['title']).to eq(milestone.title) - end - - it 'should return a 401 error if user not authenticated' do - get api("/projects/#{project.id}/milestones") - expect(response.status).to eq(401) - end - end - - describe 'GET /projects/:id/milestones/:milestone_id' do - it 'should return a project milestone by id' do - get api("/projects/#{project.id}/milestones/#{milestone.id}", user) - expect(response.status).to eq(200) - expect(json_response['title']).to eq(milestone.title) - expect(json_response['iid']).to eq(milestone.iid) - end - - it 'should return 401 error if user not authenticated' do - get api("/projects/#{project.id}/milestones/#{milestone.id}") - expect(response.status).to eq(401) - end - - it 'should return a 404 error if milestone id not found' do - get api("/projects/#{project.id}/milestones/1234", user) - expect(response.status).to eq(404) - end - end - - describe 'POST /projects/:id/milestones' do - it 'should create a new project milestone' do - post api("/projects/#{project.id}/milestones", user), title: 'new milestone' - expect(response.status).to eq(201) - expect(json_response['title']).to eq('new milestone') - expect(json_response['description']).to be_nil - end - - it 'should create a new project milestone with description and due date' do - post api("/projects/#{project.id}/milestones", user), - title: 'new milestone', description: 'release', due_date: '2013-03-02' - expect(response.status).to eq(201) - expect(json_response['description']).to eq('release') - expect(json_response['due_date']).to eq('2013-03-02') - end - - it 'should return a 400 error if title is missing' do - post api("/projects/#{project.id}/milestones", user) - expect(response.status).to eq(400) - end - end - - describe 'PUT /projects/:id/milestones/:milestone_id' do - it 'should update a project milestone' do - put api("/projects/#{project.id}/milestones/#{milestone.id}", user), - title: 'updated title' - expect(response.status).to eq(200) - expect(json_response['title']).to eq('updated title') - end - - it 'should return a 404 error if milestone id not found' do - put api("/projects/#{project.id}/milestones/1234", user), - title: 'updated title' - expect(response.status).to eq(404) - end - end - - describe 'PUT /projects/:id/milestones/:milestone_id to close milestone' do - it 'should update a project milestone' do - put api("/projects/#{project.id}/milestones/#{milestone.id}", user), - state_event: 'close' - expect(response.status).to eq(200) - - expect(json_response['state']).to eq('closed') - end - end - - describe 'PUT /projects/:id/milestones/:milestone_id to test observer on close' do - it 'should create an activity event when an milestone is closed' do - expect(Event).to receive(:create) - - put api("/projects/#{project.id}/milestones/#{milestone.id}", user), - state_event: 'close' - end - end - - describe 'GET /projects/:id/milestones/:milestone_id/issues' do - before do - milestone.issues << create(:issue) - end - it 'should return project issues for a particular milestone' do - get api("/projects/#{project.id}/milestones/#{milestone.id}/issues", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['milestone']['title']).to eq(milestone.title) - end - - it 'should return a 401 error if user not authenticated' do - get api("/projects/#{project.id}/milestones/#{milestone.id}/issues") - expect(response.status).to eq(401) - end - end -end diff --git a/spec/requests/api/namespaces_spec.rb b/spec/requests/api/namespaces_spec.rb deleted file mode 100644 index 6ddaaa0a6dd..00000000000 --- a/spec/requests/api/namespaces_spec.rb +++ /dev/null @@ -1,27 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - let(:admin) { create(:admin) } - let!(:group1) { create(:group) } - let!(:group2) { create(:group) } - - describe "GET /namespaces" do - context "when unauthenticated" do - it "should return authentication error" do - get api("/namespaces") - expect(response.status).to eq(401) - end - end - - context "when authenticated as admin" do - it "admin: should return an array of all namespaces" do - get api("/namespaces", admin) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - - expect(json_response.length).to eq(Namespace.count) - end - end - end -end diff --git a/spec/requests/api/notes_spec.rb b/spec/requests/api/notes_spec.rb deleted file mode 100644 index 8b177af4689..00000000000 --- a/spec/requests/api/notes_spec.rb +++ /dev/null @@ -1,188 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - let(:user) { create(:user) } - let!(:project) { create(:project, namespace: user.namespace ) } - let!(:issue) { create(:issue, project: project, author: user) } - let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, author: user) } - let!(:snippet) { create(:project_snippet, project: project, author: user) } - let!(:issue_note) { create(:note, noteable: issue, project: project, author: user) } - let!(:merge_request_note) { create(:note, noteable: merge_request, project: project, author: user) } - let!(:snippet_note) { create(:note, noteable: snippet, project: project, author: user) } - before { project.team << [user, :reporter] } - - describe "GET /projects/:id/noteable/:noteable_id/notes" do - context "when noteable is an Issue" do - it "should return an array of issue notes" do - get api("/projects/#{project.id}/issues/#{issue.id}/notes", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['body']).to eq(issue_note.note) - end - - it "should return a 404 error when issue id not found" do - get api("/projects/#{project.id}/issues/123/notes", user) - expect(response.status).to eq(404) - end - end - - context "when noteable is a Snippet" do - it "should return an array of snippet notes" do - get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['body']).to eq(snippet_note.note) - end - - it "should return a 404 error when snippet id not found" do - get api("/projects/#{project.id}/snippets/42/notes", user) - expect(response.status).to eq(404) - end - end - - context "when noteable is a Merge Request" do - it "should return an array of merge_requests notes" do - get api("/projects/#{project.id}/merge_requests/#{merge_request.id}/notes", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['body']).to eq(merge_request_note.note) - end - - it "should return a 404 error if merge request id not found" do - get api("/projects/#{project.id}/merge_requests/4444/notes", user) - expect(response.status).to eq(404) - end - end - end - - describe "GET /projects/:id/noteable/:noteable_id/notes/:note_id" do - context "when noteable is an Issue" do - it "should return an issue note by id" do - get api("/projects/#{project.id}/issues/#{issue.id}/notes/#{issue_note.id}", user) - expect(response.status).to eq(200) - expect(json_response['body']).to eq(issue_note.note) - end - - it "should return a 404 error if issue note not found" do - get api("/projects/#{project.id}/issues/#{issue.id}/notes/123", user) - expect(response.status).to eq(404) - end - end - - context "when noteable is a Snippet" do - it "should return a snippet note by id" do - get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/#{snippet_note.id}", user) - expect(response.status).to eq(200) - expect(json_response['body']).to eq(snippet_note.note) - end - - it "should return a 404 error if snippet note not found" do - get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/123", user) - expect(response.status).to eq(404) - end - end - end - - describe "POST /projects/:id/noteable/:noteable_id/notes" do - context "when noteable is an Issue" do - it "should create a new issue note" do - post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!' - expect(response.status).to eq(201) - expect(json_response['body']).to eq('hi!') - expect(json_response['author']['username']).to eq(user.username) - end - - it "should return a 400 bad request error if body not given" do - post api("/projects/#{project.id}/issues/#{issue.id}/notes", user) - expect(response.status).to eq(400) - end - - it "should return a 401 unauthorized error if user not authenticated" do - post api("/projects/#{project.id}/issues/#{issue.id}/notes"), body: 'hi!' - expect(response.status).to eq(401) - end - end - - context "when noteable is a Snippet" do - it "should create a new snippet note" do - post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user), body: 'hi!' - expect(response.status).to eq(201) - expect(json_response['body']).to eq('hi!') - expect(json_response['author']['username']).to eq(user.username) - end - - it "should return a 400 bad request error if body not given" do - post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user) - expect(response.status).to eq(400) - end - - it "should return a 401 unauthorized error if user not authenticated" do - post api("/projects/#{project.id}/snippets/#{snippet.id}/notes"), body: 'hi!' - expect(response.status).to eq(401) - end - end - end - - describe "POST /projects/:id/noteable/:noteable_id/notes to test observer on create" do - it "should create an activity event when an issue note is created" do - expect(Event).to receive(:create) - - post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!' - end - end - - describe 'PUT /projects/:id/noteable/:noteable_id/notes/:note_id' do - context 'when noteable is an Issue' do - it 'should return modified note' do - put api("/projects/#{project.id}/issues/#{issue.id}/"\ - "notes/#{issue_note.id}", user), body: 'Hello!' - expect(response.status).to eq(200) - expect(json_response['body']).to eq('Hello!') - end - - it 'should return a 404 error when note id not found' do - put api("/projects/#{project.id}/issues/#{issue.id}/notes/123", user), - body: 'Hello!' - expect(response.status).to eq(404) - end - - it 'should return a 400 bad request error if body not given' do - put api("/projects/#{project.id}/issues/#{issue.id}/"\ - "notes/#{issue_note.id}", user) - expect(response.status).to eq(400) - end - end - - context 'when noteable is a Snippet' do - it 'should return modified note' do - put api("/projects/#{project.id}/snippets/#{snippet.id}/"\ - "notes/#{snippet_note.id}", user), body: 'Hello!' - expect(response.status).to eq(200) - expect(json_response['body']).to eq('Hello!') - end - - it 'should return a 404 error when note id not found' do - put api("/projects/#{project.id}/snippets/#{snippet.id}/"\ - "notes/123", user), body: "Hello!" - expect(response.status).to eq(404) - end - end - - context 'when noteable is a Merge Request' do - it 'should return modified note' do - put api("/projects/#{project.id}/merge_requests/#{merge_request.id}/"\ - "notes/#{merge_request_note.id}", user), body: 'Hello!' - expect(response.status).to eq(200) - expect(json_response['body']).to eq('Hello!') - end - - it 'should return a 404 error when note id not found' do - put api("/projects/#{project.id}/merge_requests/#{merge_request.id}/"\ - "notes/123", user), body: "Hello!" - expect(response.status).to eq(404) - end - end - end - -end diff --git a/spec/requests/api/project_hooks_spec.rb b/spec/requests/api/project_hooks_spec.rb deleted file mode 100644 index 81fe68de662..00000000000 --- a/spec/requests/api/project_hooks_spec.rb +++ /dev/null @@ -1,129 +0,0 @@ -require 'spec_helper' - -describe API::API, 'ProjectHooks', api: true do - include ApiHelpers - let(:user) { create(:user) } - let(:user3) { create(:user) } - let!(:project) { create(:project, creator_id: user.id, namespace: user.namespace) } - let!(:hook) { create(:project_hook, project: project, url: "http://example.com") } - - before do - project.team << [user, :master] - project.team << [user3, :developer] - end - - describe "GET /projects/:id/hooks" do - context "authorized user" do - it "should return project hooks" do - get api("/projects/#{project.id}/hooks", user) - expect(response.status).to eq(200) - - expect(json_response).to be_an Array - expect(json_response.count).to eq(1) - expect(json_response.first['url']).to eq("http://example.com") - end - end - - context "unauthorized user" do - it "should not access project hooks" do - get api("/projects/#{project.id}/hooks", user3) - expect(response.status).to eq(403) - end - end - end - - describe "GET /projects/:id/hooks/:hook_id" do - context "authorized user" do - it "should return a project hook" do - get api("/projects/#{project.id}/hooks/#{hook.id}", user) - expect(response.status).to eq(200) - expect(json_response['url']).to eq(hook.url) - end - - it "should return a 404 error if hook id is not available" do - get api("/projects/#{project.id}/hooks/1234", user) - expect(response.status).to eq(404) - end - end - - context "unauthorized user" do - it "should not access an existing hook" do - get api("/projects/#{project.id}/hooks/#{hook.id}", user3) - expect(response.status).to eq(403) - end - end - - it "should return a 404 error if hook id is not available" do - get api("/projects/#{project.id}/hooks/1234", user) - expect(response.status).to eq(404) - end - end - - describe "POST /projects/:id/hooks" do - it "should add hook to project" do - expect { - post api("/projects/#{project.id}/hooks", user), - url: "http://example.com", issues_events: true - }.to change {project.hooks.count}.by(1) - expect(response.status).to eq(201) - end - - it "should return a 400 error if url not given" do - post api("/projects/#{project.id}/hooks", user) - expect(response.status).to eq(400) - end - - it "should return a 422 error if url not valid" do - post api("/projects/#{project.id}/hooks", user), "url" => "ftp://example.com" - expect(response.status).to eq(422) - end - end - - describe "PUT /projects/:id/hooks/:hook_id" do - it "should update an existing project hook" do - put api("/projects/#{project.id}/hooks/#{hook.id}", user), - url: 'http://example.org', push_events: false - expect(response.status).to eq(200) - expect(json_response['url']).to eq('http://example.org') - end - - it "should return 404 error if hook id not found" do - put api("/projects/#{project.id}/hooks/1234", user), url: 'http://example.org' - expect(response.status).to eq(404) - end - - it "should return 400 error if url is not given" do - put api("/projects/#{project.id}/hooks/#{hook.id}", user) - expect(response.status).to eq(400) - end - - it "should return a 422 error if url is not valid" do - put api("/projects/#{project.id}/hooks/#{hook.id}", user), url: 'ftp://example.com' - expect(response.status).to eq(422) - end - end - - describe "DELETE /projects/:id/hooks/:hook_id" do - it "should delete hook from project" do - expect { - delete api("/projects/#{project.id}/hooks/#{hook.id}", user) - }.to change {project.hooks.count}.by(-1) - expect(response.status).to eq(200) - end - - it "should return success when deleting hook" do - delete api("/projects/#{project.id}/hooks/#{hook.id}", user) - expect(response.status).to eq(200) - end - - it "should return success when deleting non existent hook" do - delete api("/projects/#{project.id}/hooks/42", user) - expect(response.status).to eq(200) - end - - it "should return a 405 error if hook id not given" do - delete api("/projects/#{project.id}/hooks", user) - expect(response.status).to eq(405) - end - end -end diff --git a/spec/requests/api/project_members_spec.rb b/spec/requests/api/project_members_spec.rb deleted file mode 100644 index 8419a364ed1..00000000000 --- a/spec/requests/api/project_members_spec.rb +++ /dev/null @@ -1,153 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - let(:user) { create(:user) } - let(:user2) { create(:user) } - let(:user3) { create(:user) } - let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) } - let(:project_member) { create(:project_member, user: user, project: project, access_level: ProjectMember::MASTER) } - let(:project_member2) { create(:project_member, user: user3, project: project, access_level: ProjectMember::DEVELOPER) } - - describe "GET /projects/:id/members" do - before { project_member } - before { project_member2 } - - it "should return project team members" do - get api("/projects/#{project.id}/members", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.count).to eq(2) - expect(json_response.map { |u| u['username'] }).to include user.username - end - - it "finds team members with query string" do - get api("/projects/#{project.id}/members", user), query: user.username - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.count).to eq(1) - expect(json_response.first['username']).to eq(user.username) - end - - it "should return a 404 error if id not found" do - get api("/projects/9999/members", user) - expect(response.status).to eq(404) - end - end - - describe "GET /projects/:id/members/:user_id" do - before { project_member } - - it "should return project team member" do - get api("/projects/#{project.id}/members/#{user.id}", user) - expect(response.status).to eq(200) - expect(json_response['username']).to eq(user.username) - expect(json_response['access_level']).to eq(ProjectMember::MASTER) - end - - it "should return a 404 error if user id not found" do - get api("/projects/#{project.id}/members/1234", user) - expect(response.status).to eq(404) - end - end - - describe "POST /projects/:id/members" do - it "should add user to project team" do - expect { - post api("/projects/#{project.id}/members", user), user_id: user2.id, - access_level: ProjectMember::DEVELOPER - }.to change { ProjectMember.count }.by(1) - - expect(response.status).to eq(201) - expect(json_response['username']).to eq(user2.username) - expect(json_response['access_level']).to eq(ProjectMember::DEVELOPER) - end - - it "should return a 201 status if user is already project member" do - post api("/projects/#{project.id}/members", user), user_id: user2.id, - access_level: ProjectMember::DEVELOPER - expect { - post api("/projects/#{project.id}/members", user), user_id: user2.id, - access_level: ProjectMember::DEVELOPER - }.not_to change { ProjectMember.count } - - expect(response.status).to eq(201) - expect(json_response['username']).to eq(user2.username) - expect(json_response['access_level']).to eq(ProjectMember::DEVELOPER) - end - - it "should return a 400 error when user id is not given" do - post api("/projects/#{project.id}/members", user), access_level: ProjectMember::MASTER - expect(response.status).to eq(400) - end - - it "should return a 400 error when access level is not given" do - post api("/projects/#{project.id}/members", user), user_id: user2.id - expect(response.status).to eq(400) - end - - it "should return a 422 error when access level is not known" do - post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234 - expect(response.status).to eq(422) - end - end - - describe "PUT /projects/:id/members/:user_id" do - before { project_member2 } - - it "should update project team member" do - put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: ProjectMember::MASTER - expect(response.status).to eq(200) - expect(json_response['username']).to eq(user3.username) - expect(json_response['access_level']).to eq(ProjectMember::MASTER) - end - - it "should return a 404 error if user_id is not found" do - put api("/projects/#{project.id}/members/1234", user), access_level: ProjectMember::MASTER - expect(response.status).to eq(404) - end - - it "should return a 400 error when access level is not given" do - put api("/projects/#{project.id}/members/#{user3.id}", user) - expect(response.status).to eq(400) - end - - it "should return a 422 error when access level is not known" do - put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123 - expect(response.status).to eq(422) - end - end - - describe "DELETE /projects/:id/members/:user_id" do - before { project_member } - before { project_member2 } - - it "should remove user from project team" do - expect { - delete api("/projects/#{project.id}/members/#{user3.id}", user) - }.to change { ProjectMember.count }.by(-1) - end - - it "should return 200 if team member is not part of a project" do - delete api("/projects/#{project.id}/members/#{user3.id}", user) - expect { - delete api("/projects/#{project.id}/members/#{user3.id}", user) - }.to_not change { ProjectMember.count } - end - - it "should return 200 if team member already removed" do - delete api("/projects/#{project.id}/members/#{user3.id}", user) - delete api("/projects/#{project.id}/members/#{user3.id}", user) - expect(response.status).to eq(200) - end - - it "should return 200 OK when the user was not member" do - expect { - delete api("/projects/#{project.id}/members/1000000", user) - }.to change { ProjectMember.count }.by(0) - expect(response.status).to eq(200) - expect(json_response['message']).to eq("Access revoked") - expect(json_response['id']).to eq(1000000) - end - end -end diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb deleted file mode 100644 index cc387378d3a..00000000000 --- a/spec/requests/api/projects_spec.rb +++ /dev/null @@ -1,825 +0,0 @@ -# -*- coding: utf-8 -*- -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - include Gitlab::CurrentSettings - let(:user) { create(:user) } - let(:user2) { create(:user) } - let(:user3) { create(:user) } - let(:admin) { create(:admin) } - let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) } - let(:project2) { create(:project, path: 'project2', creator_id: user.id, namespace: user.namespace) } - let(:project3) { create(:project, path: 'project3', creator_id: user.id, namespace: user.namespace) } - let(:snippet) { create(:project_snippet, author: user, project: project, title: 'example') } - let(:project_member) { create(:project_member, user: user, project: project, access_level: ProjectMember::MASTER) } - let(:project_member2) { create(:project_member, user: user3, project: project, access_level: ProjectMember::DEVELOPER) } - let(:user4) { create(:user) } - let(:project3) do - create(:project, - name: 'second_project', - path: 'second_project', - creator_id: user.id, - namespace: user.namespace, - merge_requests_enabled: false, - issues_enabled: false, wiki_enabled: false, - snippets_enabled: false, visibility_level: 0) - end - let(:project_member3) do - create(:project_member, - user: user4, - project: project3, - access_level: ProjectMember::MASTER) - end - let(:project4) do - create(:project, - name: 'third_project', - path: 'third_project', - creator_id: user4.id, - namespace: user4.namespace) - end - - describe 'GET /projects' do - before { project } - - context 'when unauthenticated' do - it 'should return authentication error' do - get api('/projects') - expect(response.status).to eq(401) - end - end - - context 'when authenticated' do - it 'should return an array of projects' do - get api('/projects', user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq(project.name) - expect(json_response.first['owner']['username']).to eq(user.username) - end - - it 'should include the project labels as the tag_list' do - get api('/projects', user) - response.status.should == 200 - json_response.should be_an Array - json_response.first.keys.should include('tag_list') - end - - context 'and using search' do - it 'should return searched project' do - get api('/projects', user), { search: project.name } - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - end - end - - context 'and using sorting' do - before do - project2 - project3 - end - - it 'should return the correct order when sorted by id' do - get api('/projects', user), { order_by: 'id', sort: 'desc'} - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['id']).to eq(project3.id) - end - end - end - end - - describe 'GET /projects/all' do - before { project } - - context 'when unauthenticated' do - it 'should return authentication error' do - get api('/projects/all') - expect(response.status).to eq(401) - end - end - - context 'when authenticated as regular user' do - it 'should return authentication error' do - get api('/projects/all', user) - expect(response.status).to eq(403) - end - end - - context 'when authenticated as admin' do - it 'should return an array of all projects' do - get api('/projects/all', admin) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - project_name = project.name - - expect(json_response.detect { - |project| project['name'] == project_name - }['name']).to eq(project_name) - - expect(json_response.detect { - |project| project['owner']['username'] == user.username - }['owner']['username']).to eq(user.username) - end - end - end - - describe 'POST /projects' do - context 'maximum number of projects reached' do - it 'should not create new project and respond with 403' do - allow_any_instance_of(User).to receive(:projects_limit_left).and_return(0) - expect { - post api('/projects', user2), name: 'foo' - }.to change {Project.count}.by(0) - expect(response.status).to eq(403) - end - end - - it 'should create new project without path and return 201' do - expect { post api('/projects', user), name: 'foo' }. - to change { Project.count }.by(1) - expect(response.status).to eq(201) - end - - it 'should create last project before reaching project limit' do - allow_any_instance_of(User).to receive(:projects_limit_left).and_return(1) - post api('/projects', user2), name: 'foo' - expect(response.status).to eq(201) - end - - it 'should not create new project without name and return 400' do - expect { post api('/projects', user) }.to_not change { Project.count } - expect(response.status).to eq(400) - end - - it "should assign attributes to project" do - project = attributes_for(:project, { - path: 'camelCasePath', - description: Faker::Lorem.sentence, - issues_enabled: false, - merge_requests_enabled: false, - wiki_enabled: false - }) - - post api('/projects', user), project - - project.each_pair do |k,v| - expect(json_response[k.to_s]).to eq(v) - end - end - - it 'should set a project as public' do - project = attributes_for(:project, :public) - post api('/projects', user), project - expect(json_response['public']).to be_truthy - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PUBLIC) - end - - it 'should set a project as public using :public' do - project = attributes_for(:project, { public: true }) - post api('/projects', user), project - expect(json_response['public']).to be_truthy - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PUBLIC) - end - - it 'should set a project as internal' do - project = attributes_for(:project, :internal) - post api('/projects', user), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::INTERNAL) - end - - it 'should set a project as internal overriding :public' do - project = attributes_for(:project, :internal, { public: true }) - post api('/projects', user), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::INTERNAL) - end - - it 'should set a project as private' do - project = attributes_for(:project, :private) - post api('/projects', user), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PRIVATE) - end - - it 'should set a project as private using :public' do - project = attributes_for(:project, { public: false }) - post api('/projects', user), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PRIVATE) - end - - context 'when a visibility level is restricted' do - before do - @project = attributes_for(:project, { public: true }) - allow_any_instance_of(ApplicationSetting).to( - receive(:restricted_visibility_levels).and_return([20]) - ) - end - - it 'should not allow a non-admin to use a restricted visibility level' do - post api('/projects', user), @project - expect(response.status).to eq(400) - expect(json_response['message']['visibility_level'].first).to( - match('restricted by your GitLab administrator') - ) - end - - it 'should allow an admin to override restricted visibility settings' do - post api('/projects', admin), @project - expect(json_response['public']).to be_truthy - expect(json_response['visibility_level']).to( - eq(Gitlab::VisibilityLevel::PUBLIC) - ) - end - end - end - - describe 'POST /projects/user/:id' do - before { project } - before { admin } - - it 'should create new project without path and return 201' do - expect { post api("/projects/user/#{user.id}", admin), name: 'foo' }.to change {Project.count}.by(1) - expect(response.status).to eq(201) - end - - it 'should respond with 400 on failure and not project' do - expect { post api("/projects/user/#{user.id}", admin) }. - to_not change { Project.count } - - expect(response.status).to eq(400) - expect(json_response['message']['name']).to eq([ - 'can\'t be blank', - 'is too short (minimum is 0 characters)', - Gitlab::Regex.project_name_regex_message - ]) - expect(json_response['message']['path']).to eq([ - 'can\'t be blank', - 'is too short (minimum is 0 characters)', - Gitlab::Regex.send(:project_path_regex_message) - ]) - end - - it 'should assign attributes to project' do - project = attributes_for(:project, { - description: Faker::Lorem.sentence, - issues_enabled: false, - merge_requests_enabled: false, - wiki_enabled: false - }) - - post api("/projects/user/#{user.id}", admin), project - - project.each_pair do |k,v| - next if k == :path - expect(json_response[k.to_s]).to eq(v) - end - end - - it 'should set a project as public' do - project = attributes_for(:project, :public) - post api("/projects/user/#{user.id}", admin), project - expect(json_response['public']).to be_truthy - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PUBLIC) - end - - it 'should set a project as public using :public' do - project = attributes_for(:project, { public: true }) - post api("/projects/user/#{user.id}", admin), project - expect(json_response['public']).to be_truthy - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PUBLIC) - end - - it 'should set a project as internal' do - project = attributes_for(:project, :internal) - post api("/projects/user/#{user.id}", admin), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::INTERNAL) - end - - it 'should set a project as internal overriding :public' do - project = attributes_for(:project, :internal, { public: true }) - post api("/projects/user/#{user.id}", admin), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::INTERNAL) - end - - it 'should set a project as private' do - project = attributes_for(:project, :private) - post api("/projects/user/#{user.id}", admin), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PRIVATE) - end - - it 'should set a project as private using :public' do - project = attributes_for(:project, { public: false }) - post api("/projects/user/#{user.id}", admin), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PRIVATE) - end - end - - describe 'GET /projects/:id' do - before { project } - before { project_member } - - it 'should return a project by id' do - get api("/projects/#{project.id}", user) - expect(response.status).to eq(200) - expect(json_response['name']).to eq(project.name) - expect(json_response['owner']['username']).to eq(user.username) - end - - it 'should return a project by path name' do - get api("/projects/#{project.id}", user) - expect(response.status).to eq(200) - expect(json_response['name']).to eq(project.name) - end - - it 'should return a 404 error if not found' do - get api('/projects/42', user) - expect(response.status).to eq(404) - expect(json_response['message']).to eq('404 Project Not Found') - end - - it 'should return a 404 error if user is not a member' do - other_user = create(:user) - get api("/projects/#{project.id}", other_user) - expect(response.status).to eq(404) - end - - describe 'permissions' do - context 'personal project' do - it 'Sets project access and returns 200' do - project.team << [user, :master] - get api("/projects/#{project.id}", user) - - expect(response.status).to eq(200) - expect(json_response['permissions']['project_access']['access_level']). - to eq(Gitlab::Access::MASTER) - expect(json_response['permissions']['group_access']).to be_nil - end - end - - context 'group project' do - it 'should set the owner and return 200' do - project2 = create(:project, group: create(:group)) - project2.group.add_owner(user) - get api("/projects/#{project2.id}", user) - - expect(response.status).to eq(200) - expect(json_response['permissions']['project_access']).to be_nil - expect(json_response['permissions']['group_access']['access_level']). - to eq(Gitlab::Access::OWNER) - end - end - end - end - - describe 'GET /projects/:id/events' do - before { project_member2 } - - it 'should return a project events' do - get api("/projects/#{project.id}/events", user) - expect(response.status).to eq(200) - json_event = json_response.first - - expect(json_event['action_name']).to eq('joined') - expect(json_event['project_id'].to_i).to eq(project.id) - expect(json_event['author_username']).to eq(user3.username) - end - - it 'should return a 404 error if not found' do - get api('/projects/42/events', user) - expect(response.status).to eq(404) - expect(json_response['message']).to eq('404 Project Not Found') - end - - it 'should return a 404 error if user is not a member' do - other_user = create(:user) - get api("/projects/#{project.id}/events", other_user) - expect(response.status).to eq(404) - end - end - - describe 'GET /projects/:id/snippets' do - before { snippet } - - it 'should return an array of project snippets' do - get api("/projects/#{project.id}/snippets", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['title']).to eq(snippet.title) - end - end - - describe 'GET /projects/:id/snippets/:snippet_id' do - it 'should return a project snippet' do - get api("/projects/#{project.id}/snippets/#{snippet.id}", user) - expect(response.status).to eq(200) - expect(json_response['title']).to eq(snippet.title) - end - - it 'should return a 404 error if snippet id not found' do - get api("/projects/#{project.id}/snippets/1234", user) - expect(response.status).to eq(404) - end - end - - describe 'POST /projects/:id/snippets' do - it 'should create a new project snippet' do - post api("/projects/#{project.id}/snippets", user), - title: 'api test', file_name: 'sample.rb', code: 'test', - visibility_level: '0' - expect(response.status).to eq(201) - expect(json_response['title']).to eq('api test') - end - - it 'should return a 400 error if invalid snippet is given' do - post api("/projects/#{project.id}/snippets", user) - expect(status).to eq(400) - end - end - - describe 'PUT /projects/:id/snippets/:shippet_id' do - it 'should update an existing project snippet' do - put api("/projects/#{project.id}/snippets/#{snippet.id}", user), - code: 'updated code' - expect(response.status).to eq(200) - expect(json_response['title']).to eq('example') - expect(snippet.reload.content).to eq('updated code') - end - - it 'should update an existing project snippet with new title' do - put api("/projects/#{project.id}/snippets/#{snippet.id}", user), - title: 'other api test' - expect(response.status).to eq(200) - expect(json_response['title']).to eq('other api test') - end - end - - describe 'DELETE /projects/:id/snippets/:snippet_id' do - before { snippet } - - it 'should delete existing project snippet' do - expect { - delete api("/projects/#{project.id}/snippets/#{snippet.id}", user) - }.to change { Snippet.count }.by(-1) - expect(response.status).to eq(200) - end - - it 'should return 404 when deleting unknown snippet id' do - delete api("/projects/#{project.id}/snippets/1234", user) - expect(response.status).to eq(404) - end - end - - describe 'GET /projects/:id/snippets/:snippet_id/raw' do - it 'should get a raw project snippet' do - get api("/projects/#{project.id}/snippets/#{snippet.id}/raw", user) - expect(response.status).to eq(200) - end - - it 'should return a 404 error if raw project snippet not found' do - get api("/projects/#{project.id}/snippets/5555/raw", user) - expect(response.status).to eq(404) - end - end - - describe :deploy_keys do - let(:deploy_keys_project) { create(:deploy_keys_project, project: project) } - let(:deploy_key) { deploy_keys_project.deploy_key } - - describe 'GET /projects/:id/keys' do - before { deploy_key } - - it 'should return array of ssh keys' do - get api("/projects/#{project.id}/keys", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['title']).to eq(deploy_key.title) - end - end - - describe 'GET /projects/:id/keys/:key_id' do - it 'should return a single key' do - get api("/projects/#{project.id}/keys/#{deploy_key.id}", user) - expect(response.status).to eq(200) - expect(json_response['title']).to eq(deploy_key.title) - end - - it 'should return 404 Not Found with invalid ID' do - get api("/projects/#{project.id}/keys/404", user) - expect(response.status).to eq(404) - end - end - - describe 'POST /projects/:id/keys' do - it 'should not create an invalid ssh key' do - post api("/projects/#{project.id}/keys", user), { title: 'invalid key' } - expect(response.status).to eq(400) - expect(json_response['message']['key']).to eq([ - 'can\'t be blank', - 'is too short (minimum is 0 characters)', - 'is invalid' - ]) - end - - it 'should not create a key without title' do - post api("/projects/#{project.id}/keys", user), key: 'some key' - expect(response.status).to eq(400) - expect(json_response['message']['title']).to eq([ - 'can\'t be blank', - 'is too short (minimum is 0 characters)' - ]) - end - - it 'should create new ssh key' do - key_attrs = attributes_for :key - expect { - post api("/projects/#{project.id}/keys", user), key_attrs - }.to change{ project.deploy_keys.count }.by(1) - end - end - - describe 'DELETE /projects/:id/keys/:key_id' do - before { deploy_key } - - it 'should delete existing key' do - expect { - delete api("/projects/#{project.id}/keys/#{deploy_key.id}", user) - }.to change{ project.deploy_keys.count }.by(-1) - end - - it 'should return 404 Not Found with invalid ID' do - delete api("/projects/#{project.id}/keys/404", user) - expect(response.status).to eq(404) - end - end - end - - describe :fork_admin do - let(:project_fork_target) { create(:project) } - let(:project_fork_source) { create(:project, :public) } - - describe 'POST /projects/:id/fork/:forked_from_id' do - let(:new_project_fork_source) { create(:project, :public) } - - it "shouldn't available for non admin users" do - post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", user) - expect(response.status).to eq(403) - end - - it 'should allow project to be forked from an existing project' do - expect(project_fork_target.forked?).not_to be_truthy - post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin) - expect(response.status).to eq(201) - project_fork_target.reload - expect(project_fork_target.forked_from_project.id).to eq(project_fork_source.id) - expect(project_fork_target.forked_project_link).not_to be_nil - expect(project_fork_target.forked?).to be_truthy - end - - it 'should fail if forked_from project which does not exist' do - post api("/projects/#{project_fork_target.id}/fork/9999", admin) - expect(response.status).to eq(404) - end - - it 'should fail with 409 if already forked' do - post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin) - project_fork_target.reload - expect(project_fork_target.forked_from_project.id).to eq(project_fork_source.id) - post api("/projects/#{project_fork_target.id}/fork/#{new_project_fork_source.id}", admin) - expect(response.status).to eq(409) - project_fork_target.reload - expect(project_fork_target.forked_from_project.id).to eq(project_fork_source.id) - expect(project_fork_target.forked?).to be_truthy - end - end - - describe 'DELETE /projects/:id/fork' do - - it "shouldn't available for non admin users" do - delete api("/projects/#{project_fork_target.id}/fork", user) - expect(response.status).to eq(403) - end - - it 'should make forked project unforked' do - post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin) - project_fork_target.reload - expect(project_fork_target.forked_from_project).not_to be_nil - expect(project_fork_target.forked?).to be_truthy - delete api("/projects/#{project_fork_target.id}/fork", admin) - expect(response.status).to eq(200) - project_fork_target.reload - expect(project_fork_target.forked_from_project).to be_nil - expect(project_fork_target.forked?).not_to be_truthy - end - - it 'should be idempotent if not forked' do - expect(project_fork_target.forked_from_project).to be_nil - delete api("/projects/#{project_fork_target.id}/fork", admin) - expect(response.status).to eq(200) - expect(project_fork_target.reload.forked_from_project).to be_nil - end - end - end - - describe 'GET /projects/search/:query' do - let!(:query) { 'query'} - let!(:search) { create(:empty_project, name: query, creator_id: user.id, namespace: user.namespace) } - let!(:pre) { create(:empty_project, name: "pre_#{query}", creator_id: user.id, namespace: user.namespace) } - let!(:post) { create(:empty_project, name: "#{query}_post", creator_id: user.id, namespace: user.namespace) } - let!(:pre_post) { create(:empty_project, name: "pre_#{query}_post", creator_id: user.id, namespace: user.namespace) } - let!(:unfound) { create(:empty_project, name: 'unfound', creator_id: user.id, namespace: user.namespace) } - let!(:internal) { create(:empty_project, :internal, name: "internal #{query}") } - let!(:unfound_internal) { create(:empty_project, :internal, name: 'unfound internal') } - let!(:public) { create(:empty_project, :public, name: "public #{query}") } - let!(:unfound_public) { create(:empty_project, :public, name: 'unfound public') } - - context 'when unauthenticated' do - it 'should return authentication error' do - get api("/projects/search/#{query}") - expect(response.status).to eq(401) - end - end - - context 'when authenticated' do - it 'should return an array of projects' do - get api("/projects/search/#{query}",user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(6) - json_response.each {|project| expect(project['name']).to match(/.*query.*/)} - end - end - - context 'when authenticated as a different user' do - it 'should return matching public projects' do - get api("/projects/search/#{query}", user2) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(2) - json_response.each {|project| expect(project['name']).to match(/(internal|public) query/)} - end - end - end - - describe 'PUT /projects/:id̈́' do - before { project } - before { user } - before { user3 } - before { user4 } - before { project3 } - before { project4 } - before { project_member3 } - before { project_member2 } - - context 'when unauthenticated' do - it 'should return authentication error' do - project_param = { name: 'bar' } - put api("/projects/#{project.id}"), project_param - expect(response.status).to eq(401) - end - end - - context 'when authenticated as project owner' do - it 'should update name' do - project_param = { name: 'bar' } - put api("/projects/#{project.id}", user), project_param - expect(response.status).to eq(200) - project_param.each_pair do |k, v| - expect(json_response[k.to_s]).to eq(v) - end - end - - it 'should update visibility_level' do - project_param = { visibility_level: 20 } - put api("/projects/#{project3.id}", user), project_param - expect(response.status).to eq(200) - project_param.each_pair do |k, v| - expect(json_response[k.to_s]).to eq(v) - end - end - - it 'should not update name to existing name' do - project_param = { name: project3.name } - put api("/projects/#{project.id}", user), project_param - expect(response.status).to eq(400) - expect(json_response['message']['name']).to eq(['has already been taken']) - end - - it 'should update path & name to existing path & name in different namespace' do - project_param = { path: project4.path, name: project4.name } - put api("/projects/#{project3.id}", user), project_param - expect(response.status).to eq(200) - project_param.each_pair do |k, v| - expect(json_response[k.to_s]).to eq(v) - end - end - end - - context 'when authenticated as project master' do - it 'should update path' do - project_param = { path: 'bar' } - put api("/projects/#{project3.id}", user4), project_param - expect(response.status).to eq(200) - project_param.each_pair do |k, v| - expect(json_response[k.to_s]).to eq(v) - end - end - - it 'should update other attributes' do - project_param = { issues_enabled: true, - wiki_enabled: true, - snippets_enabled: true, - merge_requests_enabled: true, - description: 'new description' } - - put api("/projects/#{project3.id}", user4), project_param - expect(response.status).to eq(200) - project_param.each_pair do |k, v| - expect(json_response[k.to_s]).to eq(v) - end - end - - it 'should not update path to existing path' do - project_param = { path: project.path } - put api("/projects/#{project3.id}", user4), project_param - expect(response.status).to eq(400) - expect(json_response['message']['path']).to eq(['has already been taken']) - end - - it 'should not update name' do - project_param = { name: 'bar' } - put api("/projects/#{project3.id}", user4), project_param - expect(response.status).to eq(403) - end - - it 'should not update visibility_level' do - project_param = { visibility_level: 20 } - put api("/projects/#{project3.id}", user4), project_param - expect(response.status).to eq(403) - end - end - - context 'when authenticated as project developer' do - it 'should not update other attributes' do - project_param = { path: 'bar', - issues_enabled: true, - wiki_enabled: true, - snippets_enabled: true, - merge_requests_enabled: true, - description: 'new description' } - put api("/projects/#{project.id}", user3), project_param - expect(response.status).to eq(403) - end - end - end - - describe 'DELETE /projects/:id' do - context 'when authenticated as user' do - it 'should remove project' do - expect(GitlabShellWorker).to( - receive(:perform_async).with(:remove_repository, - /#{project.path_with_namespace}/) - ).twice - - delete api("/projects/#{project.id}", user) - expect(response.status).to eq(200) - end - - it 'should not remove a project if not an owner' do - user3 = create(:user) - project.team << [user3, :developer] - delete api("/projects/#{project.id}", user3) - expect(response.status).to eq(403) - end - - it 'should not remove a non existing project' do - delete api('/projects/1328', user) - expect(response.status).to eq(404) - end - - it 'should not remove a project not attached to user' do - delete api("/projects/#{project.id}", user2) - expect(response.status).to eq(404) - end - end - - context 'when authenticated as admin' do - it 'should remove any existing project' do - delete api("/projects/#{project.id}", admin) - expect(response.status).to eq(200) - end - - it 'should not remove a non existing project' do - delete api('/projects/1328', admin) - expect(response.status).to eq(404) - end - end - end -end diff --git a/spec/requests/api/repositories_spec.rb b/spec/requests/api/repositories_spec.rb deleted file mode 100644 index 09a79553f72..00000000000 --- a/spec/requests/api/repositories_spec.rb +++ /dev/null @@ -1,247 +0,0 @@ -require 'spec_helper' -require 'mime/types' - -describe API::API, api: true do - include ApiHelpers - include RepoHelpers - - let(:user) { create(:user) } - let(:user2) { create(:user) } - let!(:project) { create(:project, creator_id: user.id) } - let!(:master) { create(:project_member, user: user, project: project, access_level: ProjectMember::MASTER) } - let!(:guest) { create(:project_member, user: user2, project: project, access_level: ProjectMember::GUEST) } - - describe "GET /projects/:id/repository/tags" do - it "should return an array of project tags" do - get api("/projects/#{project.id}/repository/tags", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq(project.repo.tags.sort_by(&:name).reverse.first.name) - end - end - - describe 'POST /projects/:id/repository/tags' do - context 'lightweight tags' do - it 'should create a new tag' do - post api("/projects/#{project.id}/repository/tags", user), - tag_name: 'v7.0.1', - ref: 'master' - - expect(response.status).to eq(201) - expect(json_response['name']).to eq('v7.0.1') - end - end - - context 'annotated tag' do - it 'should create a new annotated tag' do - # Identity must be set in .gitconfig to create annotated tag. - repo_path = project.repository.path_to_repo - system(*%W(git --git-dir=#{repo_path} config user.name #{user.name})) - system(*%W(git --git-dir=#{repo_path} config user.email #{user.email})) - - post api("/projects/#{project.id}/repository/tags", user), - tag_name: 'v7.1.0', - ref: 'master', - message: 'Release 7.1.0' - - expect(response.status).to eq(201) - expect(json_response['name']).to eq('v7.1.0') - expect(json_response['message']).to eq('Release 7.1.0') - end - end - - it 'should deny for user without push access' do - post api("/projects/#{project.id}/repository/tags", user2), - tag_name: 'v1.9.0', - ref: '621491c677087aa243f165eab467bfdfbee00be1' - expect(response.status).to eq(403) - end - - it 'should return 400 if tag name is invalid' do - post api("/projects/#{project.id}/repository/tags", user), - tag_name: 'v 1.0.0', - ref: 'master' - expect(response.status).to eq(400) - expect(json_response['message']).to eq('Tag name invalid') - end - - it 'should return 400 if tag already exists' do - post api("/projects/#{project.id}/repository/tags", user), - tag_name: 'v8.0.0', - ref: 'master' - expect(response.status).to eq(201) - post api("/projects/#{project.id}/repository/tags", user), - tag_name: 'v8.0.0', - ref: 'master' - expect(response.status).to eq(400) - expect(json_response['message']).to eq('Tag already exists') - end - - it 'should return 400 if ref name is invalid' do - post api("/projects/#{project.id}/repository/tags", user), - tag_name: 'mytag', - ref: 'foo' - expect(response.status).to eq(400) - expect(json_response['message']).to eq('Invalid reference name') - end - end - - describe "GET /projects/:id/repository/tree" do - context "authorized user" do - before { project.team << [user2, :reporter] } - - it "should return project commits" do - get api("/projects/#{project.id}/repository/tree", user) - expect(response.status).to eq(200) - - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq('encoding') - expect(json_response.first['type']).to eq('tree') - expect(json_response.first['mode']).to eq('040000') - end - - it 'should return a 404 for unknown ref' do - get api("/projects/#{project.id}/repository/tree?ref_name=foo", user) - expect(response.status).to eq(404) - - expect(json_response).to be_an Object - json_response['message'] == '404 Tree Not Found' - end - end - - context "unauthorized user" do - it "should not return project commits" do - get api("/projects/#{project.id}/repository/tree") - expect(response.status).to eq(401) - end - end - end - - describe "GET /projects/:id/repository/blobs/:sha" do - it "should get the raw file contents" do - get api("/projects/#{project.id}/repository/blobs/master?filepath=README.md", user) - expect(response.status).to eq(200) - end - - it "should return 404 for invalid branch_name" do - get api("/projects/#{project.id}/repository/blobs/invalid_branch_name?filepath=README.md", user) - expect(response.status).to eq(404) - end - - it "should return 404 for invalid file" do - get api("/projects/#{project.id}/repository/blobs/master?filepath=README.invalid", user) - expect(response.status).to eq(404) - end - - it "should return a 400 error if filepath is missing" do - get api("/projects/#{project.id}/repository/blobs/master", user) - expect(response.status).to eq(400) - end - end - - describe "GET /projects/:id/repository/commits/:sha/blob" do - it "should get the raw file contents" do - get api("/projects/#{project.id}/repository/commits/master/blob?filepath=README.md", user) - expect(response.status).to eq(200) - end - end - - describe "GET /projects/:id/repository/raw_blobs/:sha" do - it "should get the raw file contents" do - get api("/projects/#{project.id}/repository/raw_blobs/#{sample_blob.oid}", user) - expect(response.status).to eq(200) - end - - it 'should return a 404 for unknown blob' do - get api("/projects/#{project.id}/repository/raw_blobs/123456", user) - expect(response.status).to eq(404) - - expect(json_response).to be_an Object - json_response['message'] == '404 Blob Not Found' - end - end - - describe "GET /projects/:id/repository/archive(.:format)?:sha" do - it "should get the archive" do - get api("/projects/#{project.id}/repository/archive", user) - repo_name = project.repository.name.gsub("\.git", "") - expect(response.status).to eq(200) - expect(response.headers['Content-Disposition']).to match(/filename\=\"#{repo_name}\-[^\.]+\.tar.gz\"/) - expect(response.content_type).to eq(MIME::Types.type_for('file.tar.gz').first.content_type) - end - - it "should get the archive.zip" do - get api("/projects/#{project.id}/repository/archive.zip", user) - repo_name = project.repository.name.gsub("\.git", "") - expect(response.status).to eq(200) - expect(response.headers['Content-Disposition']).to match(/filename\=\"#{repo_name}\-[^\.]+\.zip\"/) - expect(response.content_type).to eq(MIME::Types.type_for('file.zip').first.content_type) - end - - it "should get the archive.tar.bz2" do - get api("/projects/#{project.id}/repository/archive.tar.bz2", user) - repo_name = project.repository.name.gsub("\.git", "") - expect(response.status).to eq(200) - expect(response.headers['Content-Disposition']).to match(/filename\=\"#{repo_name}\-[^\.]+\.tar.bz2\"/) - expect(response.content_type).to eq(MIME::Types.type_for('file.tar.bz2').first.content_type) - end - - it "should return 404 for invalid sha" do - get api("/projects/#{project.id}/repository/archive/?sha=xxx", user) - expect(response.status).to eq(404) - end - end - - describe 'GET /projects/:id/repository/compare' do - it "should compare branches" do - get api("/projects/#{project.id}/repository/compare", user), from: 'master', to: 'feature' - expect(response.status).to eq(200) - expect(json_response['commits']).to be_present - expect(json_response['diffs']).to be_present - end - - it "should compare tags" do - get api("/projects/#{project.id}/repository/compare", user), from: 'v1.0.0', to: 'v1.1.0' - expect(response.status).to eq(200) - expect(json_response['commits']).to be_present - expect(json_response['diffs']).to be_present - end - - it "should compare commits" do - get api("/projects/#{project.id}/repository/compare", user), from: sample_commit.id, to: sample_commit.parent_id - expect(response.status).to eq(200) - expect(json_response['commits']).to be_empty - expect(json_response['diffs']).to be_empty - expect(json_response['compare_same_ref']).to be_falsey - end - - it "should compare commits in reverse order" do - get api("/projects/#{project.id}/repository/compare", user), from: sample_commit.parent_id, to: sample_commit.id - expect(response.status).to eq(200) - expect(json_response['commits']).to be_present - expect(json_response['diffs']).to be_present - end - - it "should compare same refs" do - get api("/projects/#{project.id}/repository/compare", user), from: 'master', to: 'master' - expect(response.status).to eq(200) - expect(json_response['commits']).to be_empty - expect(json_response['diffs']).to be_empty - expect(json_response['compare_same_ref']).to be_truthy - end - end - - describe 'GET /projects/:id/repository/contributors' do - it 'should return valid data' do - get api("/projects/#{project.id}/repository/contributors", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - contributor = json_response.first - expect(contributor['email']).to eq('dmitriy.zaporozhets@gmail.com') - expect(contributor['name']).to eq('Dmitriy Zaporozhets') - expect(contributor['commits']).to eq(13) - expect(contributor['additions']).to eq(0) - expect(contributor['deletions']).to eq(0) - end - end -end diff --git a/spec/requests/api/services_spec.rb b/spec/requests/api/services_spec.rb deleted file mode 100644 index 51c543578df..00000000000 --- a/spec/requests/api/services_spec.rb +++ /dev/null @@ -1,56 +0,0 @@ -require "spec_helper" - -describe API::API, api: true do - include ApiHelpers - let(:user) { create(:user) } - let(:project) {create(:project, creator_id: user.id, namespace: user.namespace) } - - describe "POST /projects/:id/services/gitlab-ci" do - it "should update gitlab-ci settings" do - put api("/projects/#{project.id}/services/gitlab-ci", user), token: 'secret-token', project_url: "http://ci.example.com/projects/1" - - expect(response.status).to eq(200) - end - - it "should return if required fields missing" do - put api("/projects/#{project.id}/services/gitlab-ci", user), project_url: "http://ci.example.com/projects/1", active: true - - expect(response.status).to eq(400) - end - end - - describe "DELETE /projects/:id/services/gitlab-ci" do - it "should update gitlab-ci settings" do - delete api("/projects/#{project.id}/services/gitlab-ci", user) - - expect(response.status).to eq(200) - expect(project.gitlab_ci_service).to be_nil - end - end - - describe 'PUT /projects/:id/services/hipchat' do - it 'should update hipchat settings' do - put api("/projects/#{project.id}/services/hipchat", user), - token: 'secret-token', room: 'test' - - expect(response.status).to eq(200) - expect(project.hipchat_service).not_to be_nil - end - - it 'should return if required fields missing' do - put api("/projects/#{project.id}/services/gitlab-ci", user), - token: 'secret-token', active: true - - expect(response.status).to eq(400) - end - end - - describe 'DELETE /projects/:id/services/hipchat' do - it 'should delete hipchat settings' do - delete api("/projects/#{project.id}/services/hipchat", user) - - expect(response.status).to eq(200) - expect(project.hipchat_service).to be_nil - end - end -end diff --git a/spec/requests/api/session_spec.rb b/spec/requests/api/session_spec.rb deleted file mode 100644 index fbd57b34a58..00000000000 --- a/spec/requests/api/session_spec.rb +++ /dev/null @@ -1,78 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - - let(:user) { create(:user) } - - describe "POST /session" do - context "when valid password" do - it "should return private token" do - post api("/session"), email: user.email, password: '12345678' - expect(response.status).to eq(201) - - expect(json_response['email']).to eq(user.email) - expect(json_response['private_token']).to eq(user.private_token) - expect(json_response['is_admin']).to eq(user.is_admin?) - expect(json_response['can_create_project']).to eq(user.can_create_project?) - expect(json_response['can_create_group']).to eq(user.can_create_group?) - end - end - - context 'when email has case-typo and password is valid' do - it 'should return private token' do - post api('/session'), email: user.email.upcase, password: '12345678' - expect(response.status).to eq 201 - - expect(json_response['email']).to eq user.email - expect(json_response['private_token']).to eq user.private_token - expect(json_response['is_admin']).to eq user.is_admin? - expect(json_response['can_create_project']).to eq user.can_create_project? - expect(json_response['can_create_group']).to eq user.can_create_group? - end - end - - context 'when login has case-typo and password is valid' do - it 'should return private token' do - post api('/session'), login: user.username.upcase, password: '12345678' - expect(response.status).to eq 201 - - expect(json_response['email']).to eq user.email - expect(json_response['private_token']).to eq user.private_token - expect(json_response['is_admin']).to eq user.is_admin? - expect(json_response['can_create_project']).to eq user.can_create_project? - expect(json_response['can_create_group']).to eq user.can_create_group? - end - end - - context "when invalid password" do - it "should return authentication error" do - post api("/session"), email: user.email, password: '123' - expect(response.status).to eq(401) - - expect(json_response['email']).to be_nil - expect(json_response['private_token']).to be_nil - end - end - - context "when empty password" do - it "should return authentication error" do - post api("/session"), email: user.email - expect(response.status).to eq(401) - - expect(json_response['email']).to be_nil - expect(json_response['private_token']).to be_nil - end - end - - context "when empty name" do - it "should return authentication error" do - post api("/session"), password: user.password - expect(response.status).to eq(401) - - expect(json_response['email']).to be_nil - expect(json_response['private_token']).to be_nil - end - end - end -end diff --git a/spec/requests/api/system_hooks_spec.rb b/spec/requests/api/system_hooks_spec.rb deleted file mode 100644 index a9d86bbce6c..00000000000 --- a/spec/requests/api/system_hooks_spec.rb +++ /dev/null @@ -1,81 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - - let(:user) { create(:user) } - let(:admin) { create(:admin) } - let!(:hook) { create(:system_hook, url: "http://example.com") } - - before { stub_request(:post, hook.url) } - - describe "GET /hooks" do - context "when no user" do - it "should return authentication error" do - get api("/hooks") - expect(response.status).to eq(401) - end - end - - context "when not an admin" do - it "should return forbidden error" do - get api("/hooks", user) - expect(response.status).to eq(403) - end - end - - context "when authenticated as admin" do - it "should return an array of hooks" do - get api("/hooks", admin) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['url']).to eq(hook.url) - end - end - end - - describe "POST /hooks" do - it "should create new hook" do - expect { - post api("/hooks", admin), url: 'http://example.com' - }.to change { SystemHook.count }.by(1) - end - - it "should respond with 400 if url not given" do - post api("/hooks", admin) - expect(response.status).to eq(400) - end - - it "should not create new hook without url" do - expect { - post api("/hooks", admin) - }.to_not change { SystemHook.count } - end - end - - describe "GET /hooks/:id" do - it "should return hook by id" do - get api("/hooks/#{hook.id}", admin) - expect(response.status).to eq(200) - expect(json_response['event_name']).to eq('project_create') - end - - it "should return 404 on failure" do - get api("/hooks/404", admin) - expect(response.status).to eq(404) - end - end - - describe "DELETE /hooks/:id" do - it "should delete a hook" do - expect { - delete api("/hooks/#{hook.id}", admin) - }.to change { SystemHook.count }.by(-1) - end - - it "should return success if hook id not found" do - delete api("/hooks/12345", admin) - expect(response.status).to eq(200) - end - end -end diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb deleted file mode 100644 index e6d5545f812..00000000000 --- a/spec/requests/api/users_spec.rb +++ /dev/null @@ -1,524 +0,0 @@ -require 'spec_helper' - -describe API::API, api: true do - include ApiHelpers - - let(:user) { create(:user) } - let(:admin) { create(:admin) } - let(:key) { create(:key, user: user) } - - describe "GET /users" do - context "when unauthenticated" do - it "should return authentication error" do - get api("/users") - expect(response.status).to eq(401) - end - end - - context "when authenticated" do - it "should return an array of users" do - get api("/users", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - username = user.username - expect(json_response.detect { - |user| user['username'] == username - }['username']).to eq(username) - end - end - - context "when admin" do - it "should return an array of users" do - get api("/users", admin) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first.keys).to include 'email' - expect(json_response.first.keys).to include 'identities' - expect(json_response.first.keys).to include 'can_create_project' - end - end - end - - describe "GET /users/:id" do - it "should return a user by id" do - get api("/users/#{user.id}", user) - expect(response.status).to eq(200) - expect(json_response['username']).to eq(user.username) - end - - it "should return a 401 if unauthenticated" do - get api("/users/9998") - expect(response.status).to eq(401) - end - - it "should return a 404 error if user id not found" do - get api("/users/9999", user) - expect(response.status).to eq(404) - expect(json_response['message']).to eq('404 Not found') - end - end - - describe "POST /users" do - before{ admin } - - it "should create user" do - expect { - post api("/users", admin), attributes_for(:user, projects_limit: 3) - }.to change { User.count }.by(1) - end - - it "should create user with correct attributes" do - post api('/users', admin), attributes_for(:user, admin: true, can_create_group: true) - expect(response.status).to eq(201) - user_id = json_response['id'] - new_user = User.find(user_id) - expect(new_user).not_to eq(nil) - expect(new_user.admin).to eq(true) - expect(new_user.can_create_group).to eq(true) - end - - it "should create non-admin user" do - post api('/users', admin), attributes_for(:user, admin: false, can_create_group: false) - expect(response.status).to eq(201) - user_id = json_response['id'] - new_user = User.find(user_id) - expect(new_user).not_to eq(nil) - expect(new_user.admin).to eq(false) - expect(new_user.can_create_group).to eq(false) - end - - it "should create non-admin users by default" do - post api('/users', admin), attributes_for(:user) - expect(response.status).to eq(201) - user_id = json_response['id'] - new_user = User.find(user_id) - expect(new_user).not_to eq(nil) - expect(new_user.admin).to eq(false) - end - - it "should return 201 Created on success" do - post api("/users", admin), attributes_for(:user, projects_limit: 3) - expect(response.status).to eq(201) - end - - it "should not create user with invalid email" do - post api('/users', admin), - email: 'invalid email', - password: 'password', - name: 'test' - expect(response.status).to eq(400) - end - - it 'should return 400 error if name not given' do - post api('/users', admin), email: 'test@example.com', password: 'pass1234' - expect(response.status).to eq(400) - end - - it 'should return 400 error if password not given' do - post api('/users', admin), email: 'test@example.com', name: 'test' - expect(response.status).to eq(400) - end - - it "should return 400 error if email not given" do - post api('/users', admin), password: 'pass1234', name: 'test' - expect(response.status).to eq(400) - end - - it 'should return 400 error if user does not validate' do - post api('/users', admin), - password: 'pass', - email: 'test@example.com', - username: 'test!', - name: 'test', - bio: 'g' * 256, - projects_limit: -1 - expect(response.status).to eq(400) - expect(json_response['message']['password']). - to eq(['is too short (minimum is 8 characters)']) - expect(json_response['message']['bio']). - to eq(['is too long (maximum is 255 characters)']) - expect(json_response['message']['projects_limit']). - to eq(['must be greater than or equal to 0']) - expect(json_response['message']['username']). - to eq([Gitlab::Regex.send(:namespace_regex_message)]) - end - - it "shouldn't available for non admin users" do - post api("/users", user), attributes_for(:user) - expect(response.status).to eq(403) - end - - context 'with existing user' do - before do - post api('/users', admin), - email: 'test@example.com', - password: 'password', - username: 'test', - name: 'foo' - end - - it 'should return 409 conflict error if user with same email exists' do - expect { - post api('/users', admin), - name: 'foo', - email: 'test@example.com', - password: 'password', - username: 'foo' - }.to change { User.count }.by(0) - expect(response.status).to eq(409) - expect(json_response['message']).to eq('Email has already been taken') - end - - it 'should return 409 conflict error if same username exists' do - expect do - post api('/users', admin), - name: 'foo', - email: 'foo@example.com', - password: 'password', - username: 'test' - end.to change { User.count }.by(0) - expect(response.status).to eq(409) - expect(json_response['message']).to eq('Username has already been taken') - end - end - end - - describe "GET /users/sign_up" do - - it "should redirect to sign in page" do - get "/users/sign_up" - expect(response.status).to eq(302) - expect(response).to redirect_to(new_user_session_path) - end - end - - describe "PUT /users/:id" do - let!(:admin_user) { create(:admin) } - - before { admin } - - it "should update user with new bio" do - put api("/users/#{user.id}", admin), {bio: 'new test bio'} - expect(response.status).to eq(200) - expect(json_response['bio']).to eq('new test bio') - expect(user.reload.bio).to eq('new test bio') - end - - it 'should update user with his own email' do - put api("/users/#{user.id}", admin), email: user.email - expect(response.status).to eq(200) - expect(json_response['email']).to eq(user.email) - expect(user.reload.email).to eq(user.email) - end - - it 'should update user with his own username' do - put api("/users/#{user.id}", admin), username: user.username - expect(response.status).to eq(200) - expect(json_response['username']).to eq(user.username) - expect(user.reload.username).to eq(user.username) - end - - it "should update admin status" do - put api("/users/#{user.id}", admin), {admin: true} - expect(response.status).to eq(200) - expect(json_response['is_admin']).to eq(true) - expect(user.reload.admin).to eq(true) - end - - it "should not update admin status" do - put api("/users/#{admin_user.id}", admin), {can_create_group: false} - expect(response.status).to eq(200) - expect(json_response['is_admin']).to eq(true) - expect(admin_user.reload.admin).to eq(true) - expect(admin_user.can_create_group).to eq(false) - end - - it "should not allow invalid update" do - put api("/users/#{user.id}", admin), {email: 'invalid email'} - expect(response.status).to eq(400) - expect(user.reload.email).not_to eq('invalid email') - end - - it "shouldn't available for non admin users" do - put api("/users/#{user.id}", user), attributes_for(:user) - expect(response.status).to eq(403) - end - - it "should return 404 for non-existing user" do - put api("/users/999999", admin), {bio: 'update should fail'} - expect(response.status).to eq(404) - expect(json_response['message']).to eq('404 Not found') - end - - it 'should return 400 error if user does not validate' do - put api("/users/#{user.id}", admin), - password: 'pass', - email: 'test@example.com', - username: 'test!', - name: 'test', - bio: 'g' * 256, - projects_limit: -1 - expect(response.status).to eq(400) - expect(json_response['message']['password']). - to eq(['is too short (minimum is 8 characters)']) - expect(json_response['message']['bio']). - to eq(['is too long (maximum is 255 characters)']) - expect(json_response['message']['projects_limit']). - to eq(['must be greater than or equal to 0']) - expect(json_response['message']['username']). - to eq([Gitlab::Regex.send(:namespace_regex_message)]) - end - - context "with existing user" do - before { - post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' } - post api("/users", admin), { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' } - @user = User.all.last - } - - it 'should return 409 conflict error if email address exists' do - put api("/users/#{@user.id}", admin), email: 'test@example.com' - expect(response.status).to eq(409) - expect(@user.reload.email).to eq(@user.email) - end - - it 'should return 409 conflict error if username taken' do - @user_id = User.all.last.id - put api("/users/#{@user.id}", admin), username: 'test' - expect(response.status).to eq(409) - expect(@user.reload.username).to eq(@user.username) - end - end - end - - describe "POST /users/:id/keys" do - before { admin } - - it "should not create invalid ssh key" do - post api("/users/#{user.id}/keys", admin), { title: "invalid key" } - expect(response.status).to eq(400) - expect(json_response['message']).to eq('400 (Bad request) "key" not given') - end - - it 'should not create key without title' do - post api("/users/#{user.id}/keys", admin), key: 'some key' - expect(response.status).to eq(400) - expect(json_response['message']).to eq('400 (Bad request) "title" not given') - end - - it "should create ssh key" do - key_attrs = attributes_for :key - expect { - post api("/users/#{user.id}/keys", admin), key_attrs - }.to change{ user.keys.count }.by(1) - end - end - - describe 'GET /user/:uid/keys' do - before { admin } - - context 'when unauthenticated' do - it 'should return authentication error' do - get api("/users/#{user.id}/keys") - expect(response.status).to eq(401) - end - end - - context 'when authenticated' do - it 'should return 404 for non-existing user' do - get api('/users/999999/keys', admin) - expect(response.status).to eq(404) - expect(json_response['message']).to eq('404 User Not Found') - end - - it 'should return array of ssh keys' do - user.keys << key - user.save - get api("/users/#{user.id}/keys", admin) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['title']).to eq(key.title) - end - end - end - - describe 'DELETE /user/:uid/keys/:id' do - before { admin } - - context 'when unauthenticated' do - it 'should return authentication error' do - delete api("/users/#{user.id}/keys/42") - expect(response.status).to eq(401) - end - end - - context 'when authenticated' do - it 'should delete existing key' do - user.keys << key - user.save - expect { - delete api("/users/#{user.id}/keys/#{key.id}", admin) - }.to change { user.keys.count }.by(-1) - expect(response.status).to eq(200) - end - - it 'should return 404 error if user not found' do - user.keys << key - user.save - delete api("/users/999999/keys/#{key.id}", admin) - expect(response.status).to eq(404) - expect(json_response['message']).to eq('404 User Not Found') - end - - it 'should return 404 error if key not foud' do - delete api("/users/#{user.id}/keys/42", admin) - expect(response.status).to eq(404) - expect(json_response['message']).to eq('404 Key Not Found') - end - end - end - - describe "DELETE /users/:id" do - before { admin } - - it "should delete user" do - delete api("/users/#{user.id}", admin) - expect(response.status).to eq(200) - expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound - expect(json_response['email']).to eq(user.email) - end - - it "should not delete for unauthenticated user" do - delete api("/users/#{user.id}") - expect(response.status).to eq(401) - end - - it "shouldn't available for non admin users" do - delete api("/users/#{user.id}", user) - expect(response.status).to eq(403) - end - - it "should return 404 for non-existing user" do - delete api("/users/999999", admin) - expect(response.status).to eq(404) - expect(json_response['message']).to eq('404 User Not Found') - end - end - - describe "GET /user" do - it "should return current user" do - get api("/user", user) - expect(response.status).to eq(200) - expect(json_response['email']).to eq(user.email) - expect(json_response['is_admin']).to eq(user.is_admin?) - expect(json_response['can_create_project']).to eq(user.can_create_project?) - expect(json_response['can_create_group']).to eq(user.can_create_group?) - expect(json_response['projects_limit']).to eq(user.projects_limit) - end - - it "should return 401 error if user is unauthenticated" do - get api("/user") - expect(response.status).to eq(401) - end - end - - describe "GET /user/keys" do - context "when unauthenticated" do - it "should return authentication error" do - get api("/user/keys") - expect(response.status).to eq(401) - end - end - - context "when authenticated" do - it "should return array of ssh keys" do - user.keys << key - user.save - get api("/user/keys", user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first["title"]).to eq(key.title) - end - end - end - - describe "GET /user/keys/:id" do - it "should return single key" do - user.keys << key - user.save - get api("/user/keys/#{key.id}", user) - expect(response.status).to eq(200) - expect(json_response["title"]).to eq(key.title) - end - - it "should return 404 Not Found within invalid ID" do - get api("/user/keys/42", user) - expect(response.status).to eq(404) - expect(json_response['message']).to eq('404 Not found') - end - - it "should return 404 error if admin accesses user's ssh key" do - user.keys << key - user.save - admin - get api("/user/keys/#{key.id}", admin) - expect(response.status).to eq(404) - expect(json_response['message']).to eq('404 Not found') - end - end - - describe "POST /user/keys" do - it "should create ssh key" do - key_attrs = attributes_for :key - expect { - post api("/user/keys", user), key_attrs - }.to change{ user.keys.count }.by(1) - expect(response.status).to eq(201) - end - - it "should return a 401 error if unauthorized" do - post api("/user/keys"), title: 'some title', key: 'some key' - expect(response.status).to eq(401) - end - - it "should not create ssh key without key" do - post api("/user/keys", user), title: 'title' - expect(response.status).to eq(400) - expect(json_response['message']).to eq('400 (Bad request) "key" not given') - end - - it 'should not create ssh key without title' do - post api('/user/keys', user), key: 'some key' - expect(response.status).to eq(400) - expect(json_response['message']).to eq('400 (Bad request) "title" not given') - end - - it "should not create ssh key without title" do - post api("/user/keys", user), key: "somekey" - expect(response.status).to eq(400) - end - end - - describe "DELETE /user/keys/:id" do - it "should delete existed key" do - user.keys << key - user.save - expect { - delete api("/user/keys/#{key.id}", user) - }.to change{user.keys.count}.by(-1) - expect(response.status).to eq(200) - end - - it "should return success if key ID not found" do - delete api("/user/keys/42", user) - expect(response.status).to eq(200) - end - - it "should return 401 error if unauthorized" do - user.keys << key - user.save - delete api("/user/keys/#{key.id}") - expect(response.status).to eq(401) - end - end -end |