Skip to content
Snippets Groups Projects
Commit 42fb2516 authored by Patricio Cano's avatar Patricio Cano
Browse files

Add more tests to the allowed protocols feature

parent c98f89ea
No related branches found
No related tags found
1 merge request!4696Add setting that allows admins to choose which Git access protocols are enabled.
Hide whitespace changes
Inline Side-by-side
spec/lib/gitlab/git_access_spec.rb
+ 37
0
View file @ 42fb2516
@@ -67,6 +67,43 @@ describe Gitlab::GitAccess, lib: true do
@@ -67,6 +67,43 @@ describe Gitlab::GitAccess, lib: true do
end end
end end
   
describe '#check with single protocols allowed' do
def disable_protocol(protocol)
settings = ::ApplicationSetting.create_from_defaults
settings.update_attribute(:enabled_git_access_protocols, protocol)
end
context 'ssh disabled' do
before do
disable_protocol('ssh')
@acc = Gitlab::GitAccess.new(actor, project, 'ssh')
end
it 'blocks ssh git push' do
expect(@acc.check('git-receive-pack').allowed?).to be_falsey
end
it 'blocks ssh git pull' do
expect(@acc.check('git-upload-pack').allowed?).to be_falsey
end
end
context 'http disabled' do
before do
disable_protocol('http')
@acc = Gitlab::GitAccess.new(actor, project, 'http')
end
it 'blocks http push' do
expect(@acc.check('git-receive-pack').allowed?).to be_falsey
end
it 'blocks http git pull' do
expect(@acc.check('git-upload-pack').allowed?).to be_falsey
end
end
end
describe 'download_access_check' do describe 'download_access_check' do
describe 'master permissions' do describe 'master permissions' do
before { project.team << [user, :master] } before { project.team << [user, :master] }
spec/requests/api/internal_spec.rb
+ 66
5
View file @ 42fb2516
@@ -207,26 +207,86 @@ describe API::API, api: true do
@@ -207,26 +207,86 @@ describe API::API, api: true do
expect(json_response["status"]).to be_falsey expect(json_response["status"]).to be_falsey
end end
end end
context 'ssh access has been disabled' do
before do
settings = ::ApplicationSetting.create_from_defaults
settings.update_attribute(:enabled_git_access_protocols, 'http')
end
it 'rejects the SSH push' do
push(key, project)
expect(response.status).to eq(200)
expect(json_response['status']).to be_falsey
expect(json_response['message']).to eq 'Git access over SSH is not allowed'
end
it 'rejects the SSH pull' do
pull(key, project)
expect(response.status).to eq(200)
expect(json_response['status']).to be_falsey
expect(json_response['message']).to eq 'Git access over SSH is not allowed'
end
end
context 'http access has been disabled' do
before do
settings = ::ApplicationSetting.create_from_defaults
settings.update_attribute(:enabled_git_access_protocols, 'ssh')
end
it 'rejects the HTTP push' do
push(key, project, 'http')
expect(response.status).to eq(200)
expect(json_response['status']).to be_falsey
expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
end
it 'rejects the HTTP pull' do
pull(key, project, 'http')
expect(response.status).to eq(200)
expect(json_response['status']).to be_falsey
expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
end
end
context 'web actions are always allowed' do
it 'allows WEB push' do
settings = ::ApplicationSetting.create_from_defaults
settings.update_attribute(:enabled_git_access_protocols, 'ssh')
project.team << [user, :developer]
push(key, project, 'web')
expect(response.status).to eq(200)
expect(json_response['status']).to be_truthy
end
end
end end
   
def pull(key, project) def pull(key, project, protocol = 'ssh')
post( post(
api("/internal/allowed"), api("/internal/allowed"),
key_id: key.id, key_id: key.id,
project: project.path_with_namespace, project: project.path_with_namespace,
action: 'git-upload-pack', action: 'git-upload-pack',
secret_token: secret_token secret_token: secret_token,
protocol: protocol
) )
end end
   
def push(key, project) def push(key, project, protocol = 'ssh')
post( post(
api("/internal/allowed"), api("/internal/allowed"),
changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master', changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master',
key_id: key.id, key_id: key.id,
project: project.path_with_namespace, project: project.path_with_namespace,
action: 'git-receive-pack', action: 'git-receive-pack',
secret_token: secret_token secret_token: secret_token,
protocol: protocol
) )
end end
   
@@ -237,7 +297,8 @@ describe API::API, api: true do
@@ -237,7 +297,8 @@ describe API::API, api: true do
key_id: key.id, key_id: key.id,
project: project.path_with_namespace, project: project.path_with_namespace,
action: 'git-upload-archive', action: 'git-upload-archive',
secret_token: secret_token secret_token: secret_token,
protocol: 'ssh'
) )
end end
end end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment