spec/support/shared_examples/controllers/repositories/git_http_controller_shared_examples.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

# frozen_string_literal: true

RSpec.shared_examples Repositories::GitHttpController do
  include GitHttpHelpers

  let(:repository_path) { "#{container.full_path}.git" }
  let(:params) { { repository_path: repository_path } }

  describe 'HEAD #info_refs' do
    it 'returns 403' do
      head :info_refs, params: params

      expect(response).to have_gitlab_http_status(:forbidden)
    end
  end

  describe 'GET #info_refs' do
    let(:params) { super().merge(service: 'git-upload-pack') }

    it 'returns 401 for unauthenticated requests to public repositories when http protocol is disabled' do
      stub_application_setting(enabled_git_access_protocol: 'ssh')
      allow(controller).to receive(:basic_auth_provided?).and_call_original

      expect(controller).to receive(:http_download_allowed?).and_call_original

      get :info_refs, params: params

      expect(response).to have_gitlab_http_status(:unauthorized)
    end

    it 'calls the right access checker class with the right object' do
      allow(controller).to receive(:verify_workhorse_api!).and_return(true)

      access_double = double
      options = {
        authentication_abilities: [:download_code],
        repository_path: repository_path,
        redirected_path: nil,
        auth_result_type: :none
      }

      expect(access_checker_class).to receive(:new)
        .with(nil, container, 'http', hash_including(options))
        .and_return(access_double)

      allow(access_double).to receive(:check).and_return(false)

      get :info_refs, params: params
    end

    context 'with authorized user' do
      before do
        password = user.try(:password) || user.try(:token)
        request.headers.merge! auth_env(user.username, password, nil)
      end

      it 'returns 200' do
        get :info_refs, params: params

        expect(response).to have_gitlab_http_status(:ok)
      end

      it 'updates the user activity' do
        expect_next_instance_of(Users::ActivityService) do |activity_service|
          expect(activity_service).to receive(:execute)
        end

        get :info_refs, params: params
      end

      include_context 'parsed logs' do
        it 'adds user info to the logs' do
          get :info_refs, params: params

          user_log_data = { 'username' => user.username, 'user_id' => user.id }
          user_log_data['meta.user'] = user.username if user.is_a?(User)

          expect(log_data).to include(user_log_data)
        end
      end
    end
  end

  describe 'POST #git_upload_pack' do
    before do
      allow(controller).to receive(:verify_workhorse_api!).and_return(true)
    end

    it 'returns 200' do
      post :git_upload_pack, params: params

      expect(response).to have_gitlab_http_status(:ok)
    end
  end
end