1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe WebIde::RemoteIdeController, feature_category: :remote_development do
using RSpec::Parameterized::TableSyntax
let_it_be(:user) { create(:user) }
let_it_be(:top_nav_partial) { 'layouts/header/_default' }
let_it_be(:connection_token) { 'random1Connection3Token7' }
let_it_be(:remote_path) { 'test/foo/README.md' }
let_it_be(:return_url) { 'https://example.com/-/original/location' }
let_it_be(:csp_nonce) { 'just=some=noncense' }
let(:remote_host) { 'my-remote-host.example.com:1234' }
let(:ff_vscode_web_ide) { true }
before do
sign_in(user)
stub_feature_flags(vscode_web_ide: ff_vscode_web_ide)
allow_next_instance_of(described_class) do |instance|
allow(instance).to receive(:content_security_policy_nonce).and_return(csp_nonce)
end
end
shared_examples_for '404 response' do
it 'has not_found status' do
post_to_remote_ide
expect(response).to have_gitlab_http_status(:not_found)
end
end
describe "#index" do
context "when feature flag is on *and* user is not using legacy Web IDE" do
before do
post_to_remote_ide
end
it "renders the correct layout" do
expect(response).to render_template(layout: 'fullscreen')
end
it "renders with minimal: true" do
# This indirectly tests that `minimal: true` was passed to the fullscreen layout
expect(response).not_to render_template(top_nav_partial)
end
it "renders root element with data" do
expected = {
connection_token: connection_token,
remote_host: remote_host,
remote_path: remote_path,
return_url: return_url,
csp_nonce: csp_nonce
}
expect(find_root_element_data).to eq(expected)
end
it "updates the content security policy with the correct connect sources" do
expect(find_csp_source('connect-src')).to include(
"ws://#{remote_host}",
"wss://#{remote_host}",
"http://#{remote_host}",
"https://#{remote_host}"
)
end
it "updates the content security policy with the correct frame sources" do
expect(find_csp_source('frame-src')).to include("https://*.vscode-cdn.net/")
end
end
context 'when remote_host does not have port' do
let(:remote_host) { "my-remote-host.example.com" }
before do
post_to_remote_ide
end
it "updates the content security policy with the correct remote_host" do
expect(find_csp_source('connect-src')).to include(
"ws://#{remote_host}",
"wss://#{remote_host}",
"http://#{remote_host}",
"https://#{remote_host}"
)
end
it 'renders remote_host in root element data' do
expect(find_root_element_data).to include(remote_host: remote_host)
end
end
context 'when feature flag is off' do
let(:ff_vscode_web_ide) { false }
it_behaves_like '404 response'
end
context "when the remote host is invalid" do
let(:remote_host) { 'invalid:host:1:1:' }
it_behaves_like '404 response'
end
end
def find_root_element_data
ide_attrs = Nokogiri::HTML.parse(response.body).at_css('#ide').attributes.transform_values(&:value)
{
connection_token: ide_attrs['data-connection-token'],
remote_host: ide_attrs['data-remote-host'],
remote_path: ide_attrs['data-remote-path'],
return_url: ide_attrs['data-return-url'],
csp_nonce: ide_attrs['data-csp-nonce']
}
end
def find_csp_source(key)
csp = response.headers['Content-Security-Policy']
# Transform "default-src foo bar; connect-src foo bar; script-src ..."
# into array of values for a single directive based on the given key
csp.split(';')
.map(&:strip)
.find { |entry| entry.starts_with?(key) }
.split(' ')
.drop(1)
end
def post_to_remote_ide
params = {
connection_token: connection_token,
return_url: return_url
}
post ide_remote_path(remote_host: remote_host, remote_path: remote_path), params: params
end
end
|
