gitlab-org--gitlab-foss/spec/lib/gitlab/lfs_token_spec.rb

# frozen_string_literal: true

require 'spec_helper'

describe Gitlab::LfsToken, :clean_gitlab_redis_shared_state do
  describe '#token' do
    shared_examples 'a valid LFS token' do
      it 'returns a computed token' do
        token = lfs_token.token

        expect(token).not_to be_nil
        expect(token).to be_a String
        expect(described_class.new(actor).token_valid?(token)).to be_truthy
      end
    end

    context 'when the actor is a user' do
      let(:actor) { create(:user, username: 'test_user_lfs_1') }
      let(:lfs_token) { described_class.new(actor) }

      it_behaves_like 'a valid LFS token'

      it 'returns the correct username' do
        expect(lfs_token.actor_name).to eq(actor.username)
      end

      it 'returns the correct token type' do
        expect(lfs_token.type).to eq(:lfs_token)
      end
    end

    context 'when the actor is a key' do
      let(:user) { create(:user, username: 'test_user_lfs_2') }
      let(:actor) { create(:key, user: user) }
      let(:lfs_token) { described_class.new(actor) }

      it_behaves_like 'a valid LFS token'

      it 'returns the correct username' do
        expect(lfs_token.actor_name).to eq(user.username)
      end

      it 'returns the correct token type' do
        expect(lfs_token.type).to eq(:lfs_token)
      end
    end

    context 'when the actor is a deploy key' do
      let(:actor_id) { 1 }
      let(:actor) { create(:deploy_key) }
      let(:project) { create(:project) }
      let(:lfs_token) { described_class.new(actor) }

      before do
        allow(actor).to receive(:id).and_return(actor_id)
      end

      it_behaves_like 'a valid LFS token'

      it 'returns the correct username' do
        expect(lfs_token.actor_name).to eq("lfs+deploy-key-#{actor_id}")
      end

      it 'returns the correct token type' do
        expect(lfs_token.type).to eq(:lfs_deploy_token)
      end
    end

    context 'when the actor is invalid' do
      it 'raises an exception' do
        expect { described_class.new('invalid') }.to raise_error('Bad Actor')
      end
    end
  end

  describe '#token_valid?' do
    let(:actor) { create(:user, username: 'test_user_lfs_1') }
    let(:lfs_token) { described_class.new(actor) }

    context 'where the token is invalid' do
      context "because it's junk" do
        it 'returns false' do
          expect(lfs_token.token_valid?('junk')).to be_falsey
        end
      end

      context "because it's been fiddled with" do
        it 'returns false' do
          fiddled_token = lfs_token.token.tap { |token| token[0] = 'E' }
          expect(lfs_token.token_valid?(fiddled_token)).to be_falsey
        end
      end

      context "because it was generated with a different secret" do
        it 'returns false' do
          different_actor = create(:user, username: 'test_user_lfs_2')
          different_secret_token = described_class.new(different_actor).token
          expect(lfs_token.token_valid?(different_secret_token)).to be_falsey
        end
      end

      context "because it's expired" do
        it 'returns false' do
          expired_token = lfs_token.token
          # Needs to be at least 1860 seconds, because the default expiry is
          # 1800 seconds with an additional 60 second leeway.
          Timecop.freeze(Time.now + 1865) do
            expect(lfs_token.token_valid?(expired_token)).to be_falsey
          end
        end
      end

      context 'where the token is valid' do
        it 'returns true' do
          expect(lfs_token.token_valid?(lfs_token.token)).to be_truthy
        end
      end
    end
  end

  describe '#deploy_key_pushable?' do
    let(:lfs_token) { described_class.new(actor) }

    context 'when actor is not a DeployKey' do
      let(:actor) { create(:user) }
      let(:project) { create(:project) }

      it 'returns false' do
        expect(lfs_token.deploy_key_pushable?(project)).to be_falsey
      end
    end

    context 'when actor is a DeployKey' do
      let(:deploy_keys_project) { create(:deploy_keys_project, can_push: can_push) }
      let(:project) { deploy_keys_project.project }
      let(:actor) { deploy_keys_project.deploy_key }

      context 'but the DeployKey cannot push to the project' do
        let(:can_push) { false }

        it 'returns false' do
          expect(lfs_token.deploy_key_pushable?(project)).to be_falsey
        end
      end

      context 'and the DeployKey can push to the project' do
        let(:can_push) { true }

        it 'returns true' do
          expect(lfs_token.deploy_key_pushable?(project)).to be_truthy
        end
      end
    end
  end

  describe '#type' do
    let(:lfs_token) { described_class.new(actor) }

    context 'when actor is not a User' do
      let(:actor) { create(:deploy_key) }

      it 'returns false' do
        expect(lfs_token.type).to eq(:lfs_deploy_token)
      end
    end

    context 'when actor is a User' do
      let(:actor) { create(:user) }

      it 'returns false' do
        expect(lfs_token.type).to eq(:lfs_token)
      end
    end
  end

  describe '#authentication_payload' do
    it 'returns a Hash designed for gitlab-shell' do
      actor = create(:user)
      lfs_token = described_class.new(actor)
      repo_http_path = 'http://localhost/user/repo.git'
      authentication_payload = lfs_token.authentication_payload(repo_http_path)

      expect(authentication_payload[:username]).to eq(actor.username)
      expect(authentication_payload[:repository_http_path]).to eq(repo_http_path)
      expect(authentication_payload[:lfs_token]).to be_a String
      expect(authentication_payload[:expires_in]).to eq(described_class::DEFAULT_EXPIRE_TIME)
    end
  end
end
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`# frozen_string_literal: true`

Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00			`require 'spec_helper'`

Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`describe Gitlab::LfsToken, :clean_gitlab_redis_shared_state do`
Handle LFS token creation and retrieval in the same method, and in the same Redis connection. Reset expiry time of token, if token is retrieved again before it expires. 2016-09-28 12:02:31 -04:00			`describe '#token' do`
Tidy up Gitlab::LfsToken spec - Remove unnecessary encrypted_password stubbing - Remove unnecessary attr_encrypted_db_key_base stub - Rename shared_example to 'a valid LFS token' 2019-02-10 22:23:35 -05:00			`shared_examples 'a valid LFS token' do`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`it 'returns a computed token' do`
			`token = lfs_token.token`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00
			`expect(token).not_to be_nil`
			`expect(token).to be_a String`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`expect(described_class.new(actor).token_valid?(token)).to be_truthy`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00			`end`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`end`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`context 'when the actor is a user' do`
			`let(:actor) { create(:user, username: 'test_user_lfs_1') }`
			`let(:lfs_token) { described_class.new(actor) }`
LfsToken uses JSONWebToken::HMACToken by default LfsToken::HMACToken#token_valid?() will be examined and if false, look in redis via LfsToken::LegacyRedisDeviseToken#token_valid?(). 2018-10-23 06:15:56 -04:00
Tidy up Gitlab::LfsToken spec - Remove unnecessary encrypted_password stubbing - Remove unnecessary attr_encrypted_db_key_base stub - Rename shared_example to 'a valid LFS token' 2019-02-10 22:23:35 -05:00			`it_behaves_like 'a valid LFS token'`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00
			`it 'returns the correct username' do`
			`expect(lfs_token.actor_name).to eq(actor.username)`
			`end`

			`it 'returns the correct token type' do`
			`expect(lfs_token.type).to eq(:lfs_token)`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00			`end`
			`end`

Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`context 'when the actor is a key' do`
			`let(:user) { create(:user, username: 'test_user_lfs_2') }`
			`let(:actor) { create(:key, user: user) }`
			`let(:lfs_token) { described_class.new(actor) }`

Tidy up Gitlab::LfsToken spec - Remove unnecessary encrypted_password stubbing - Remove unnecessary attr_encrypted_db_key_base stub - Rename shared_example to 'a valid LFS token' 2019-02-10 22:23:35 -05:00			`it_behaves_like 'a valid LFS token'`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00
			`it 'returns the correct username' do`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`expect(lfs_token.actor_name).to eq(user.username)`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00			`end`

			`it 'returns the correct token type' do`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`expect(lfs_token.type).to eq(:lfs_token)`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00			`end`
			`end`

			`context 'when the actor is a deploy key' do`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`let(:actor_id) { 1 }`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00			`let(:actor) { create(:deploy_key) }`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`let(:project) { create(:project) }`
			`let(:lfs_token) { described_class.new(actor) }`

			`before do`
			`allow(actor).to receive(:id).and_return(actor_id)`
			`end`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00
Tidy up Gitlab::LfsToken spec - Remove unnecessary encrypted_password stubbing - Remove unnecessary attr_encrypted_db_key_base stub - Rename shared_example to 'a valid LFS token' 2019-02-10 22:23:35 -05:00			`it_behaves_like 'a valid LFS token'`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00
			`it 'returns the correct username' do`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`expect(lfs_token.actor_name).to eq("lfs+deploy-key-#{actor_id}")`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00			`end`

			`it 'returns the correct token type' do`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`expect(lfs_token.type).to eq(:lfs_deploy_token)`
			`end`
			`end`

			`context 'when the actor is invalid' do`
			`it 'raises an exception' do`
			`expect { described_class.new('invalid') }.to raise_error('Bad Actor')`
			`end`
			`end`
			`end`

			`describe '#token_valid?' do`
			`let(:actor) { create(:user, username: 'test_user_lfs_1') }`
			`let(:lfs_token) { described_class.new(actor) }`

Geo: Remove Gitlab::LfsToken::LegacyRedisDeviseToken implementation We kept it for smooth update only 2019-05-21 11:04:09 -04:00			`context 'where the token is invalid' do`
			`context "because it's junk" do`
			`it 'returns false' do`
			`expect(lfs_token.token_valid?('junk')).to be_falsey`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`end`
			`end`

Geo: Remove Gitlab::LfsToken::LegacyRedisDeviseToken implementation We kept it for smooth update only 2019-05-21 11:04:09 -04:00			`context "because it's been fiddled with" do`
			`it 'returns false' do`
			`fiddled_token = lfs_token.token.tap { \|token\| token[0] = 'E' }`
			`expect(lfs_token.token_valid?(fiddled_token)).to be_falsey`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`end`
			`end`

Geo: Remove Gitlab::LfsToken::LegacyRedisDeviseToken implementation We kept it for smooth update only 2019-05-21 11:04:09 -04:00			`context "because it was generated with a different secret" do`
			`it 'returns false' do`
			`different_actor = create(:user, username: 'test_user_lfs_2')`
			`different_secret_token = described_class.new(different_actor).token`
			`expect(lfs_token.token_valid?(different_secret_token)).to be_falsey`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`end`
Geo: Remove Gitlab::LfsToken::LegacyRedisDeviseToken implementation We kept it for smooth update only 2019-05-21 11:04:09 -04:00			`end`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00
Geo: Remove Gitlab::LfsToken::LegacyRedisDeviseToken implementation We kept it for smooth update only 2019-05-21 11:04:09 -04:00			`context "because it's expired" do`
			`it 'returns false' do`
			`expired_token = lfs_token.token`
			`# Needs to be at least 1860 seconds, because the default expiry is`
			`# 1800 seconds with an additional 60 second leeway.`
			`Timecop.freeze(Time.now + 1865) do`
			`expect(lfs_token.token_valid?(expired_token)).to be_falsey`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`end`
			`end`
			`end`

			`context 'where the token is valid' do`
			`it 'returns true' do`
Geo: Remove Gitlab::LfsToken::LegacyRedisDeviseToken implementation We kept it for smooth update only 2019-05-21 11:04:09 -04:00			`expect(lfs_token.token_valid?(lfs_token.token)).to be_truthy`
Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. 2018-12-17 01:17:39 -05:00			`end`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00			`end`
			`end`
			`end`
Add missing spec coverage for LfsToken Added specs for #deploy_key_pushable?() and #type() 2018-12-04 23:22:03 -05:00
			`describe '#deploy_key_pushable?' do`
			`let(:lfs_token) { described_class.new(actor) }`

			`context 'when actor is not a DeployKey' do`
			`let(:actor) { create(:user) }`
			`let(:project) { create(:project) }`

			`it 'returns false' do`
			`expect(lfs_token.deploy_key_pushable?(project)).to be_falsey`
			`end`
			`end`

			`context 'when actor is a DeployKey' do`
			`let(:deploy_keys_project) { create(:deploy_keys_project, can_push: can_push) }`
			`let(:project) { deploy_keys_project.project }`
			`let(:actor) { deploy_keys_project.deploy_key }`

			`context 'but the DeployKey cannot push to the project' do`
			`let(:can_push) { false }`

			`it 'returns false' do`
			`expect(lfs_token.deploy_key_pushable?(project)).to be_falsey`
			`end`
			`end`

			`context 'and the DeployKey can push to the project' do`
			`let(:can_push) { true }`

			`it 'returns true' do`
			`expect(lfs_token.deploy_key_pushable?(project)).to be_truthy`
			`end`
			`end`
			`end`
			`end`

			`describe '#type' do`
			`let(:lfs_token) { described_class.new(actor) }`

			`context 'when actor is not a User' do`
			`let(:actor) { create(:deploy_key) }`

			`it 'returns false' do`
			`expect(lfs_token.type).to eq(:lfs_deploy_token)`
			`end`
			`end`

			`context 'when actor is a User' do`
			`let(:actor) { create(:user) }`

			`it 'returns false' do`
			`expect(lfs_token.type).to eq(:lfs_token)`
			`end`
			`end`
			`end`
Move LFS auth hash creation into GitLab::LfsToken 2019-02-10 22:34:10 -05:00
Include expires_in for LFS authentication payload When using git-lfs with SSH we weren't passing in the expires_header header which is allows large transfers to succeed in the event the current default of 30 mins expires. https://github.com/git-lfs/git-lfs/blob/master/docs/api/server-discovery.md#ssh 2019-02-10 23:05:00 -05:00			`describe '#authentication_payload' do`
			`it 'returns a Hash designed for gitlab-shell' do`
			`actor = create(:user)`
			`lfs_token = described_class.new(actor)`
			`repo_http_path = 'http://localhost/user/repo.git'`
			`authentication_payload = lfs_token.authentication_payload(repo_http_path)`

			`expect(authentication_payload[:username]).to eq(actor.username)`
			`expect(authentication_payload[:repository_http_path]).to eq(repo_http_path)`
			`expect(authentication_payload[:lfs_token]).to be_a String`
			`expect(authentication_payload[:expires_in]).to eq(described_class::DEFAULT_EXPIRE_TIME)`
Move LFS auth hash creation into GitLab::LfsToken 2019-02-10 22:34:10 -05:00			`end`
			`end`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00			`end`