Skip to content
Snippets Groups Projects
Commit 1954cb80 authored by Kamil Trzcińśki's avatar Kamil Trzcińśki
Browse files

Added missing LFS specs

parent a387ff7b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
spec/requests/lfs_http_spec.rb
+ 213
22
View file @ 1954cb80
@@ -15,7 +15,6 @@ describe 'Git LFS API and storage' do
let(:authorization) { }
let(:sendfile) { }
let(:pipeline) { create(:ci_empty_pipeline, project: project) }
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
 
let(:sample_oid) { lfs_object.oid }
let(:sample_size) { lfs_object.size }
@@ -258,14 +257,63 @@ describe 'Git LFS API and storage' do
it_behaves_like 'responds with a file'
end
 
context 'when build is authorized' do
context 'when build is authorized as' do
let(:authorization) { authorize_ci_project }
 
let(:update_permissions) do
project.lfs_objects << lfs_object
shared_examples 'can download LFS only from own projects' do
context 'for own project' do
let(:pipeline) { create(:ci_empty_pipeline, project: project) }
let(:update_permissions) do
project.team << [user, :reporter]
project.lfs_objects << lfs_object
end
it_behaves_like 'responds with a file'
end
context 'for other project' do
let(:other_project) { create(:empty_project) }
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
let(:update_permissions) do
project.lfs_objects << lfs_object
end
it 'rejects downloading code' do
expect(response).to have_http_status(other_project_status)
end
end
end
 
it_behaves_like 'responds with a file'
context 'administrator' do
let(:user) { create(:admin) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it_behaves_like 'can download LFS only from own projects' do
# We render 403, because administrator does have normally access
let(:other_project_status) { 403 }
end
end
context 'regular user' do
let(:user) { create(:user) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it_behaves_like 'can download LFS only from own projects' do
# We render 404, to prevent data leakage about existence of the project
let(:other_project_status) { 404 }
end
end
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
it_behaves_like 'can download LFS only from own projects' do
# We render 401, to prevent data leakage about existence of the project
let(:other_project_status) { 401 }
end
end
end
end
 
@@ -445,10 +493,62 @@ describe 'Git LFS API and storage' do
end
end
 
context 'when CI is authorized' do
context 'when build is authorized as' do
let(:authorization) { authorize_ci_project }
 
it_behaves_like 'an authorized requests'
let(:update_lfs_permissions) do
project.lfs_objects << lfs_object
end
shared_examples 'can download LFS only from own projects' do
context 'for own project' do
let(:pipeline) { create(:ci_empty_pipeline, project: project) }
let(:update_user_permissions) do
project.team << [user, :reporter]
end
it_behaves_like 'an authorized requests'
end
context 'for other project' do
let(:other_project) { create(:empty_project) }
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
it 'rejects downloading code' do
expect(response).to have_http_status(other_project_status)
end
end
end
context 'administrator' do
let(:user) { create(:admin) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it_behaves_like 'can download LFS only from own projects' do
# We render 403, because administrator does have normally access
let(:other_project_status) { 403 }
end
end
context 'regular user' do
let(:user) { create(:user) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it_behaves_like 'can download LFS only from own projects' do
# We render 404, to prevent data leakage about existence of the project
let(:other_project_status) { 404 }
end
end
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
it_behaves_like 'can download LFS only from own projects' do
# We render 401, to prevent data leakage about existence of the project
let(:other_project_status) { 401 }
end
end
end
 
context 'when user is not authenticated' do
@@ -597,11 +697,37 @@ describe 'Git LFS API and storage' do
end
end
 
context 'when CI is authorized' do
context 'when build is authorized' do
let(:authorization) { authorize_ci_project }
 
it 'responds with 401' do
expect(response).to have_http_status(401)
context 'build has an user' do
let(:user) { create(:user) }
context 'tries to push to own project' do
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it 'responds with 403' do
expect(response).to have_http_status(403)
end
end
context 'tries to push to other project' do
let(:other_project) { create(:empty_project) }
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it 'responds with 403' do
expect(response).to have_http_status(403)
end
end
end
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
it 'responds with 401' do
expect(response).to have_http_status(401)
end
end
end
end
@@ -623,14 +749,6 @@ describe 'Git LFS API and storage' do
end
end
end
context 'when CI is authorized' do
let(:authorization) { authorize_ci_project }
it 'responds with status 401' do
expect(response).to have_http_status(401)
end
end
end
 
describe 'unsupported' do
@@ -793,10 +911,51 @@ describe 'Git LFS API and storage' do
end
end
 
context 'when CI is authenticated' do
context 'when build is authorized' do
let(:authorization) { authorize_ci_project }
 
it_behaves_like 'unauthorized'
context 'build has an user' do
let(:user) { create(:user) }
context 'tries to push to own project' do
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
before do
project.team << [user, :developer]
put_authorize
end
it 'responds with 403' do
expect(response).to have_http_status(403)
end
end
context 'tries to push to other project' do
let(:other_project) { create(:empty_project) }
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
before do
put_authorize
end
it 'responds with 404' do
expect(response).to have_http_status(404)
end
end
end
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
before do
put_authorize
end
it 'responds with 401' do
expect(response).to have_http_status(401)
end
end
end
 
context 'for unauthenticated' do
@@ -853,10 +1012,42 @@ describe 'Git LFS API and storage' do
end
end
 
context 'when CI is authenticated' do
context 'when build is authorized' do
let(:authorization) { authorize_ci_project }
 
it_behaves_like 'unauthorized'
before do
put_authorize
end
context 'build has an user' do
let(:user) { create(:user) }
context 'tries to push to own project' do
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it 'responds with 403' do
expect(response).to have_http_status(403)
end
end
context 'tries to push to other project' do
let(:other_project) { create(:empty_project) }
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it 'responds with 403' do
expect(response).to have_http_status(403)
end
end
end
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
it 'responds with 401' do
expect(response).to have_http_status(401)
end
end
end
 
context 'for unauthenticated' do
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment