From ac7661924eebd6eb0fa72848e2b4bf4391ebf113 Mon Sep 17 00:00:00 2001
From: George Koltsov <gkoltsov@gitlab.com>
Date: Fri, 26 Jul 2019 14:03:06 +0100
Subject: Update security/webhooks.md doc page & specs

Updating security/webhooks.md to match new behaviour
as well as drying up few specs to extract shared
examples
---
 spec/validators/system_hook_url_validator_spec.rb | 25 ++++++++++++++---------
 1 file changed, 15 insertions(+), 10 deletions(-)

(limited to 'spec/validators')

diff --git a/spec/validators/system_hook_url_validator_spec.rb b/spec/validators/system_hook_url_validator_spec.rb
index fc4261666e7..78e95db2b47 100644
--- a/spec/validators/system_hook_url_validator_spec.rb
+++ b/spec/validators/system_hook_url_validator_spec.rb
@@ -11,43 +11,48 @@ describe SystemHookUrlValidator do
 
     subject { validator.validate(badge) }
 
-    it 'does not block urls pointing to localhost' do
+    it 'blocks urls pointing to localhost' do
       badge.link_url = 'https://127.0.0.1'
 
       subject
 
-      expect(badge.errors).not_to be_present
+      expect(badge.errors).to be_present
     end
 
-    it 'does not block urls pointing to the local network' do
+    it 'blocks urls pointing to the local network' do
       badge.link_url = 'https://192.168.1.1'
 
       subject
 
-      expect(badge.errors).not_to be_present
+      expect(badge.errors).to be_present
     end
   end
 
-  context 'when local requests are not allowed' do
-    let(:validator) { described_class.new(attributes: [:link_url], allow_localhost: false, allow_local_network: false) }
+  context 'when local requests are allowed' do
+    let(:validator) { described_class.new(attributes: [:link_url]) }
     let!(:badge) { build(:badge, link_url: 'http://www.example.com') }
+    let!(:settings) { create(:application_setting) }
 
     subject { validator.validate(badge) }
 
-    it 'blocks urls pointing to localhost' do
+    before do
+      stub_application_setting(allow_local_requests_from_system_hooks: true)
+    end
+
+    it 'does not block urls pointing to localhost' do
       badge.link_url = 'https://127.0.0.1'
 
       subject
 
-      expect(badge.errors).to be_present
+      expect(badge.errors).not_to be_present
     end
 
-    it 'blocks urls pointing to the local network' do
+    it 'does not block urls pointing to the local network' do
       badge.link_url = 'https://192.168.1.1'
 
       subject
 
-      expect(badge.errors).to be_present
+      expect(badge.errors).not_to be_present
     end
   end
 end
-- 
cgit v1.2.3