diff options
Diffstat (limited to 'spec/requests/ide_controller_spec.rb')
-rw-r--r-- | spec/requests/ide_controller_spec.rb | 153 |
1 files changed, 37 insertions, 116 deletions
diff --git a/spec/requests/ide_controller_spec.rb b/spec/requests/ide_controller_spec.rb index b287ded799d..fe7210e4372 100644 --- a/spec/requests/ide_controller_spec.rb +++ b/spec/requests/ide_controller_spec.rb @@ -19,16 +19,15 @@ RSpec.describe IdeController, feature_category: :web_ide do let_it_be(:top_nav_partial) { 'layouts/header/_default' } let(:user) { creator } - let(:branch) { '' } - def find_csp_frame_src + def find_csp_source(key) csp = response.headers['Content-Security-Policy'] - # Transform "frame-src foo bar; connect-src foo bar; script-src ..." - # into array of connect-src values + # Transform "default-src foo bar; connect-src foo bar; script-src ..." + # into array of values for a single directive based on the given key csp.split(';') .map(&:strip) - .find { |entry| entry.starts_with?('frame-src') } + .find { |entry| entry.starts_with?(key) } .split(' ') .drop(1) end @@ -42,14 +41,14 @@ RSpec.describe IdeController, feature_category: :web_ide do subject { get route } shared_examples 'user access rights check' do - context 'user can read project' do + context 'when user can read project' do it 'increases the views counter' do expect(Gitlab::UsageDataCounters::WebIdeCounter).to receive(:increment_views_count) subject end - context 'user can read project but cannot push code' do + context 'when user can read project but cannot push code' do include ProjectForksHelper let(:user) { reporter } @@ -60,7 +59,15 @@ RSpec.describe IdeController, feature_category: :web_ide do expect(response).to have_gitlab_http_status(:ok) expect(assigns(:project)).to eq project - expect(assigns(:fork_info)).to eq({ fork_path: controller.helpers.ide_fork_and_edit_path(project, branch, '', with_notice: false) }) + + expect(assigns(:fork_info)).to eq({ + fork_path: controller.helpers.ide_fork_and_edit_path( + project, + '', + '', + with_notice: false + ) + }) end it 'has nil fork_info if user cannot fork' do @@ -81,13 +88,13 @@ RSpec.describe IdeController, feature_category: :web_ide do expect(response).to have_gitlab_http_status(:ok) expect(assigns(:project)).to eq project - expect(assigns(:fork_info)).to eq({ ide_path: controller.helpers.ide_edit_path(fork, branch, '') }) + expect(assigns(:fork_info)).to eq({ ide_path: controller.helpers.ide_edit_path(fork, '', '') }) end end end end - context 'user cannot read project' do + context 'when user cannot read project' do let(:user) { other_user } it 'returns 404' do @@ -98,7 +105,7 @@ RSpec.describe IdeController, feature_category: :web_ide do end end - context '/-/ide' do + context 'with /-/ide' do let(:route) { '/-/ide' } it 'returns 404' do @@ -108,7 +115,7 @@ RSpec.describe IdeController, feature_category: :web_ide do end end - context '/-/ide/project' do + context 'with /-/ide/project' do let(:route) { '/-/ide/project' } it 'returns 404' do @@ -118,7 +125,7 @@ RSpec.describe IdeController, feature_category: :web_ide do end end - context '/-/ide/project/:project' do + context 'with /-/ide/project/:project' do let(:route) { "/-/ide/project/#{project.full_path}" } it 'instantiates project instance var and returns 200' do @@ -126,16 +133,13 @@ RSpec.describe IdeController, feature_category: :web_ide do expect(response).to have_gitlab_http_status(:ok) expect(assigns(:project)).to eq project - expect(assigns(:branch)).to be_nil - expect(assigns(:path)).to be_nil - expect(assigns(:merge_request)).to be_nil expect(assigns(:fork_info)).to be_nil end it_behaves_like 'user access rights check' - %w(edit blob tree).each do |action| - context "/-/ide/project/:project/#{action}" do + %w[edit blob tree].each do |action| + context "with /-/ide/project/:project/#{action}" do let(:route) { "/-/ide/project/#{project.full_path}/#{action}" } it 'instantiates project instance var and returns 200' do @@ -143,89 +147,13 @@ RSpec.describe IdeController, feature_category: :web_ide do expect(response).to have_gitlab_http_status(:ok) expect(assigns(:project)).to eq project - expect(assigns(:branch)).to be_nil - expect(assigns(:path)).to be_nil - expect(assigns(:merge_request)).to be_nil expect(assigns(:fork_info)).to be_nil end it_behaves_like 'user access rights check' - - context "/-/ide/project/:project/#{action}/:branch" do - let(:branch) { 'master' } - let(:route) { "/-/ide/project/#{project.full_path}/#{action}/#{branch}" } - - it 'instantiates project and branch instance vars and returns 200' do - subject - - expect(response).to have_gitlab_http_status(:ok) - expect(assigns(:project)).to eq project - expect(assigns(:branch)).to eq branch - expect(assigns(:path)).to be_nil - expect(assigns(:merge_request)).to be_nil - expect(assigns(:fork_info)).to be_nil - end - - it_behaves_like 'user access rights check' - - context "/-/ide/project/:project/#{action}/:branch/-" do - let(:branch) { 'branch/slash' } - let(:route) { "/-/ide/project/#{project.full_path}/#{action}/#{branch}/-" } - - it 'instantiates project and branch instance vars and returns 200' do - subject - - expect(response).to have_gitlab_http_status(:ok) - expect(assigns(:project)).to eq project - expect(assigns(:branch)).to eq branch - expect(assigns(:path)).to be_nil - expect(assigns(:merge_request)).to be_nil - expect(assigns(:fork_info)).to be_nil - end - - it_behaves_like 'user access rights check' - - context "/-/ide/project/:project/#{action}/:branch/-/:path" do - let(:branch) { 'master' } - let(:route) { "/-/ide/project/#{project.full_path}/#{action}/#{branch}/-/foo/.bar" } - - it 'instantiates project, branch, and path instance vars and returns 200' do - subject - - expect(response).to have_gitlab_http_status(:ok) - expect(assigns(:project)).to eq project - expect(assigns(:branch)).to eq branch - expect(assigns(:path)).to eq 'foo/.bar' - expect(assigns(:merge_request)).to be_nil - expect(assigns(:fork_info)).to be_nil - end - - it_behaves_like 'user access rights check' - end - end - end end end - context '/-/ide/project/:project/merge_requests/:merge_request_id' do - let!(:merge_request) { create(:merge_request, source_project: project, target_project: project) } - - let(:route) { "/-/ide/project/#{project.full_path}/merge_requests/#{merge_request.id}" } - - it 'instantiates project and merge_request instance vars and returns 200' do - subject - - expect(response).to have_gitlab_http_status(:ok) - expect(assigns(:project)).to eq project - expect(assigns(:branch)).to be_nil - expect(assigns(:path)).to be_nil - expect(assigns(:merge_request)).to eq merge_request.id.to_s - expect(assigns(:fork_info)).to be_nil - end - - it_behaves_like 'user access rights check' - end - describe 'Snowplow view event', :snowplow do it 'is tracked' do subject @@ -237,33 +165,18 @@ RSpec.describe IdeController, feature_category: :web_ide do user: user ) end - - context 'when route_hll_to_snowplow_phase2 FF is disabled' do - before do - stub_feature_flags(route_hll_to_snowplow_phase2: false) - end - - it 'does not track Snowplow event' do - subject - - expect_no_snowplow_event - end - end end # This indirectly tests that `minimal: true` was passed to the fullscreen layout describe 'layout' do - where(:ff_state, :use_legacy_web_ide, :expect_top_nav) do - false | false | true - false | true | true - true | true | true - true | false | false + where(:ff_state, :expect_top_nav) do + false | true + true | false end with_them do before do stub_feature_flags(vscode_web_ide: ff_state) - allow(user).to receive(:use_legacy_web_ide).and_return(use_legacy_web_ide) subject end @@ -279,15 +192,23 @@ RSpec.describe IdeController, feature_category: :web_ide do end end - describe 'frame-src content security policy' do + describe 'content security policy' do let(:route) { '/-/ide' } - before do + it 'updates the content security policy with the correct frame sources' do subject + + expect(find_csp_source('frame-src')).to include("http://www.example.com/assets/webpack/", "https://*.vscode-cdn.net/") + expect(find_csp_source('worker-src')).to include("http://www.example.com/assets/webpack/") end - it 'adds https://*.vscode-cdn.net in frame-src CSP policy' do - expect(find_csp_frame_src).to include("https://*.vscode-cdn.net/") + it 'with relative_url_root, updates the content security policy with the correct frame sources' do + stub_config_setting(relative_url_root: '/gitlab') + + subject + + expect(find_csp_source('frame-src')).to include("http://www.example.com/gitlab/assets/webpack/") + expect(find_csp_source('worker-src')).to include("http://www.example.com/gitlab/assets/webpack/") end end end |