From 3c2b4a1cede956d5160ccf08d0a561bf31248161 Mon Sep 17 00:00:00 2001
From: Ahmad Sherif <me@ahmadsherif.com>
Date: Mon, 22 Jul 2019 16:56:40 +0200
Subject: Enable serving static objects from an external storage

It consists of two parts:

1. Redirecting users to the configured external storage
1. Allowing the external storage to request the static object(s)
   on behalf of the user by means of specific tokens

Part of https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6829
---
 spec/lib/gitlab/auth/user_auth_finders_spec.rb | 54 ++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

(limited to 'spec/lib/gitlab/auth')

diff --git a/spec/lib/gitlab/auth/user_auth_finders_spec.rb b/spec/lib/gitlab/auth/user_auth_finders_spec.rb
index 41265da97a4..dd8070c1240 100644
--- a/spec/lib/gitlab/auth/user_auth_finders_spec.rb
+++ b/spec/lib/gitlab/auth/user_auth_finders_spec.rb
@@ -115,6 +115,60 @@ describe Gitlab::Auth::UserAuthFinders do
     end
   end
 
+  describe '#find_user_from_static_object_token' do
+    context 'when request format is archive' do
+      before do
+        env['SCRIPT_NAME'] = 'project/-/archive/master.zip'
+      end
+
+      context 'when token header param is present' do
+        context 'when token is correct' do
+          it 'returns the user' do
+            request.headers['X-Gitlab-Static-Object-Token'] = user.static_object_token
+
+            expect(find_user_from_static_object_token(:archive)).to eq(user)
+          end
+        end
+
+        context 'when token is incorrect' do
+          it 'returns the user' do
+            request.headers['X-Gitlab-Static-Object-Token'] = 'foobar'
+
+            expect { find_user_from_static_object_token(:archive) }.to raise_error(Gitlab::Auth::UnauthorizedError)
+          end
+        end
+      end
+
+      context 'when token query param is present' do
+        context 'when token is correct' do
+          it 'returns the user' do
+            set_param(:token, user.static_object_token)
+
+            expect(find_user_from_static_object_token(:archive)).to eq(user)
+          end
+        end
+
+        context 'when token is incorrect' do
+          it 'returns the user' do
+            set_param(:token, 'foobar')
+
+            expect { find_user_from_static_object_token(:archive) }.to raise_error(Gitlab::Auth::UnauthorizedError)
+          end
+        end
+      end
+    end
+
+    context 'when request format is not archive' do
+      before do
+        env['script_name'] = 'url'
+      end
+
+      it 'returns nil' do
+        expect(find_user_from_static_object_token(:foo)).to be_nil
+      end
+    end
+  end
+
   describe '#find_user_from_access_token' do
     let(:personal_access_token) { create(:personal_access_token, user: user) }
 
-- 
cgit v1.2.3