From d745ff0431130a760a7a59899c26410dc887f77a Mon Sep 17 00:00:00 2001
From: Krasimir Angelov <kangelov@gitlab.com>
Date: Tue, 2 Jul 2019 18:56:48 +0000
Subject: Add username to deploy tokens

This new attribute is optional and used when set instead of the default
format `gitlab+deploy-token-#{id}`.

Empty usernames will be saved as null in the database.

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/50228.
---
 .../settings/repository_controller_spec.rb         | 20 +++++++++++++
 .../projects/settings/repository_settings_spec.rb  |  6 ++++
 spec/lib/gitlab/auth_spec.rb                       |  9 ++++++
 spec/models/deploy_token_spec.rb                   | 35 ++++++++++++++++++++--
 spec/services/deploy_tokens/create_service_spec.rb | 16 ++++++++++
 5 files changed, 84 insertions(+), 2 deletions(-)

(limited to 'spec')

diff --git a/spec/controllers/projects/settings/repository_controller_spec.rb b/spec/controllers/projects/settings/repository_controller_spec.rb
index b34053fc993..7f67f67e775 100644
--- a/spec/controllers/projects/settings/repository_controller_spec.rb
+++ b/spec/controllers/projects/settings/repository_controller_spec.rb
@@ -32,4 +32,24 @@ describe Projects::Settings::RepositoryController do
       expect(RepositoryCleanupWorker).to have_received(:perform_async).once
     end
   end
+
+  describe 'POST create_deploy_token' do
+    let(:deploy_token_params) do
+      {
+        name: 'deployer_token',
+        expires_at: 1.month.from_now.to_date.to_s,
+        username: 'deployer',
+        read_repository: '1'
+      }
+    end
+
+    subject(:create_deploy_token) { post :create_deploy_token, params: { namespace_id: project.namespace, project_id: project, deploy_token: deploy_token_params } }
+
+    it 'creates deploy token' do
+      expect { create_deploy_token }.to change { DeployToken.active.count }.by(1)
+
+      expect(response).to have_gitlab_http_status(200)
+      expect(response).to render_template(:show)
+    end
+  end
 end
diff --git a/spec/features/projects/settings/repository_settings_spec.rb b/spec/features/projects/settings/repository_settings_spec.rb
index 8c7bc192c50..1edfee705c8 100644
--- a/spec/features/projects/settings/repository_settings_spec.rb
+++ b/spec/features/projects/settings/repository_settings_spec.rb
@@ -112,11 +112,17 @@ describe 'Projects > Settings > Repository settings' do
       it 'add a new deploy token' do
         fill_in 'deploy_token_name', with: 'new_deploy_key'
         fill_in 'deploy_token_expires_at', with: (Date.today + 1.month).to_s
+        fill_in 'deploy_token_username', with: 'deployer'
         check 'deploy_token_read_repository'
         check 'deploy_token_read_registry'
         click_button 'Create deploy token'
 
         expect(page).to have_content('Your new project deploy token has been created')
+
+        within('.created-deploy-token-container') do
+          expect(page).to have_selector("input[name='deploy-token-user'][value='deployer']")
+          expect(page).to have_selector("input[name='deploy-token'][readonly='readonly']")
+        end
       end
     end
 
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb
index 3b5ca7c950c..d9c73cff01e 100644
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -309,6 +309,15 @@ describe Gitlab::Auth do
             .to eq(auth_success)
         end
 
+        it 'succeeds when custom login and token are valid' do
+          deploy_token = create(:deploy_token, username: 'deployer', read_registry: false, projects: [project])
+          auth_success = Gitlab::Auth::Result.new(deploy_token, project, :deploy_token, [:download_code])
+
+          expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: 'deployer')
+          expect(gl_auth.find_for_git_client('deployer', deploy_token.token, project: project, ip: 'ip'))
+            .to eq(auth_success)
+        end
+
         it 'fails when login is not valid' do
           expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: 'random_login')
           expect(gl_auth.find_for_git_client('random_login', deploy_token.token, project: project, ip: 'ip'))
diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb
index 2fe82eaa778..8d951ab6f0f 100644
--- a/spec/models/deploy_token_spec.rb
+++ b/spec/models/deploy_token_spec.rb
@@ -8,6 +8,15 @@ describe DeployToken do
   it { is_expected.to have_many :project_deploy_tokens }
   it { is_expected.to have_many(:projects).through(:project_deploy_tokens) }
 
+  describe 'validations' do
+    let(:username_format_message) { "can contain only letters, digits, '_', '-', '+', and '.'" }
+
+    it { is_expected.to validate_length_of(:username).is_at_most(255) }
+    it { is_expected.to allow_value('GitLab+deploy_token-3.14').for(:username) }
+    it { is_expected.not_to allow_value('<script>').for(:username).with_message(username_format_message) }
+    it { is_expected.not_to allow_value('').for(:username).with_message(username_format_message) }
+  end
+
   describe '#ensure_token' do
     it 'ensures a token' do
       deploy_token.token = nil
@@ -87,8 +96,30 @@ describe DeployToken do
   end
 
   describe '#username' do
-    it 'returns a harcoded username' do
-      expect(deploy_token.username).to eq("gitlab+deploy-token-#{deploy_token.id}")
+    context 'persisted records' do
+      it 'returns a default username if none is set' do
+        expect(deploy_token.username).to eq("gitlab+deploy-token-#{deploy_token.id}")
+      end
+
+      it 'returns the username provided if one is set' do
+        deploy_token = create(:deploy_token, username: 'deployer')
+
+        expect(deploy_token.username).to eq('deployer')
+      end
+    end
+
+    context 'new records' do
+      it 'returns nil if no username is set' do
+        deploy_token = build(:deploy_token)
+
+        expect(deploy_token.username).to be_nil
+      end
+
+      it 'returns the username provided if one is set' do
+        deploy_token = build(:deploy_token, username: 'deployer')
+
+        expect(deploy_token.username).to eq('deployer')
+      end
     end
   end
 
diff --git a/spec/services/deploy_tokens/create_service_spec.rb b/spec/services/deploy_tokens/create_service_spec.rb
index 886ffd4593d..fbb66fe4cb7 100644
--- a/spec/services/deploy_tokens/create_service_spec.rb
+++ b/spec/services/deploy_tokens/create_service_spec.rb
@@ -32,6 +32,22 @@ describe DeployTokens::CreateService do
       end
     end
 
+    context 'when username is empty string' do
+      let(:deploy_token_params) { attributes_for(:deploy_token, username: '') }
+
+      it 'converts it to nil' do
+        expect(subject.read_attribute(:username)).to be_nil
+      end
+    end
+
+    context 'when username is provided' do
+      let(:deploy_token_params) { attributes_for(:deploy_token, username: 'deployer') }
+
+      it 'keeps the provided username' do
+        expect(subject.read_attribute(:username)).to eq('deployer')
+      end
+    end
+
     context 'when the deploy token is invalid' do
       let(:deploy_token_params) { attributes_for(:deploy_token, read_repository: false, read_registry: false) }
 
-- 
cgit v1.2.3