From ccb29955c9d7de69d99fe91425d6246cc723def4 Mon Sep 17 00:00:00 2001
From: Jacob Vosmaer <contact@jacobvosmaer.nl>
Date: Wed, 6 Apr 2016 18:58:19 +0200
Subject: [PATCH] More tests, better descriptions
---
spec/requests/git_http_spec.rb | 39 +++++++++++++++++++++++-----------
1 file changed, 27 insertions(+), 12 deletions(-)
diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb
index 5d41d973083..8b217684911 100644
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -12,7 +12,7 @@ describe 'Git HTTP requests', lib: true do
context "when the project doesn't exist" do
context "when no authentication is provided" do
- it "responds with status 401" do
+ it "responds with status 401 (no project existence information leak)" do
download('doesnt/exist.git') do |response|
expect(response.status).to eq(401)
end
@@ -72,7 +72,7 @@ describe 'Git HTTP requests', lib: true do
expect(response.status).to eq(401)
end
end
-
+
context "with correct credentials" do
let(:env) { { user: user.username, password: user.password } }
@@ -81,11 +81,11 @@ describe 'Git HTTP requests', lib: true do
expect(response.status).to eq(200)
end
end
-
+
context 'but git-receive-pack is disabled' do
it "responds with status 404" do
allow(Gitlab.config.gitlab_shell).to receive(:receive_pack).and_return(false)
-
+
upload(path, env) do |response|
expect(response.status).to eq(404)
end
@@ -110,11 +110,17 @@ describe 'Git HTTP requests', lib: true do
end
context "when no authentication is provided" do
- it "responds with status 401" do
+ it "responds with status 401 to downloads" do
download(path, env) do |response|
expect(response.status).to eq(401)
end
end
+
+ it "responds with status 401 to uploads" do
+ upload(path, env) do |response|
+ expect(response.status).to eq(401)
+ end
+ end
end
context "when username and password are provided" do
@@ -159,18 +165,18 @@ describe 'Git HTTP requests', lib: true do
end
context "when the user isn't blocked" do
- it "downloads status 200" do
+ it "downloads get status 200" do
expect(Rack::Attack::Allow2Ban).to receive(:reset)
clone_get(path, env)
expect(response.status).to eq(200)
end
-
+
it "uploads get status 200" do
upload(path, env) do |response|
expect(response.status).to eq(200)
- end
+ end
end
end
@@ -211,7 +217,7 @@ describe 'Git HTTP requests', lib: true do
expect(response.status).to eq(404)
end
end
-
+
it "uploads get status 200 (because Git hooks do the real check)" do
upload(path, user: user.username, password: user.password) do |response|
expect(response.status).to eq(200)
@@ -222,15 +228,24 @@ describe 'Git HTTP requests', lib: true do
end
context "when a gitlab ci token is provided" do
- it "responds with status 200" do
- token = "123"
- project = FactoryGirl.create :empty_project
+ let(:token) { 123 }
+ let(:project) { FactoryGirl.create :empty_project }
+
+ before do
project.update_attributes(runners_token: token, builds_enabled: true)
+ end
+ it "downloads get status 200" do
clone_get "#{project.path_with_namespace}.git", user: 'gitlab-ci-token', password: token
expect(response.status).to eq(200)
end
+
+ it "uploads get status 401 (no project existence information leak)" do
+ push_get "#{project.path_with_namespace}.git", user: 'gitlab-ci-token', password: token
+
+ expect(response.status).to eq(401)
+ end
end
end
end
--
GitLab