gitlab-org--gitlab-foss/spec/lib/gitlab/lets_encrypt/client_spec.rb

# frozen_string_literal: true

require 'spec_helper'

describe ::Gitlab::LetsEncrypt::Client do
  include LetsEncryptHelpers

  set(:private_key) { OpenSSL::PKey::RSA.new(4096).to_pem }
  let(:client) { described_class.new }

  before do
    stub_application_setting(
      lets_encrypt_notification_email: 'myemail@test.example.com',
      lets_encrypt_terms_of_service_accepted: true,
      lets_encrypt_private_key: private_key
    )
  end

  let!(:stub_client) { stub_lets_encrypt_client }

  shared_examples 'ensures account registration' do
    it 'ensures account registration' do
      subject

      expect(stub_client).to have_received(:new_account).with(
        contact: 'mailto:myemail@test.example.com',
        terms_of_service_agreed: true
      )
    end

    context 'when acme integration is disabled' do
      before do
        stub_application_setting(lets_encrypt_terms_of_service_accepted: false)
      end

      it 'raises error' do
        expect do
          subject
        end.to raise_error('Acme integration is disabled')
      end
    end
  end

  describe '#new_order' do
    subject(:new_order) { client.new_order('example.com') }

    before do
      order_double = instance_double('Acme::Order')
      allow(stub_client).to receive(:new_order).and_return(order_double)
    end

    include_examples 'ensures account registration'

    it 'returns order' do
      is_expected.to be_a(::Gitlab::LetsEncrypt::Order)
    end
  end

  describe '#load_order' do
    let(:url) { 'https://example.com/order' }
    subject { client.load_order(url) }

    before do
      acme_order = instance_double('Acme::Client::Resources::Order')
      allow(stub_client).to receive(:order).with(url: url).and_return(acme_order)
    end

    include_examples 'ensures account registration'

    it 'loads order' do
      is_expected.to be_a(::Gitlab::LetsEncrypt::Order)
    end
  end

  describe '#load_challenge' do
    let(:url) { 'https://example.com/challenge' }
    subject { client.load_challenge(url) }

    before do
      acme_challenge = instance_double('Acme::Client::Resources::Challenge')
      allow(stub_client).to receive(:challenge).with(url: url).and_return(acme_challenge)
    end

    include_examples 'ensures account registration'

    it 'loads challenge' do
      is_expected.to be_a(::Gitlab::LetsEncrypt::Challenge)
    end
  end

  describe '#enabled?' do
    subject { client.enabled? }

    context 'when terms of service are accepted' do
      it { is_expected.to eq(true) }

      context 'when feature flag is disabled' do
        before do
          stub_feature_flags(pages_auto_ssl: false)
        end

        it { is_expected.to eq(false) }
      end
    end

    context 'when terms of service are not accepted' do
      before do
        stub_application_setting(lets_encrypt_terms_of_service_accepted: false)
      end

      it { is_expected.to eq(false) }
    end
  end

  describe '#terms_of_service_url' do
    subject { client.terms_of_service_url }

    it 'returns valid url' do
      is_expected.to eq("https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf")
    end
  end
end
Add Let's Encrypt client Part of adding Let's Encrypt certificates for pages domains Add acme-client gem Client is being initialized by private key stored in secrets.yml Let's Encrypt account is being created lazily. If it's already created, Acme::Client just gets account_kid by calling new_account method Make Let's Encrypt client an instance Wrap order and challenge classes 2019-05-16 05:32:25 -04:00			`# frozen_string_literal: true`

			`require 'spec_helper'`

			`describe ::Gitlab::LetsEncrypt::Client do`
			`include LetsEncryptHelpers`

Store Let's Encrypt private key in settings Storing this key in secrets.yml was a bad idea, it would require users using HA setups to manually replicate secrets across nodes during update, it also needed support from omnibus package * Revert "Generate Let's Encrypt private key" This reverts commit 444959bfa0b79e827a2a1a7a314acac19390f976. * Add Let's Encrypt private key to settings as encrypted attribute * Generate Let's Encrypt private key in database migration 2019-05-28 00:47:34 -04:00			`set(:private_key) { OpenSSL::PKey::RSA.new(4096).to_pem }`
Add Let's Encrypt client Part of adding Let's Encrypt certificates for pages domains Add acme-client gem Client is being initialized by private key stored in secrets.yml Let's Encrypt account is being created lazily. If it's already created, Acme::Client just gets account_kid by calling new_account method Make Let's Encrypt client an instance Wrap order and challenge classes 2019-05-16 05:32:25 -04:00			`let(:client) { described_class.new }`

			`before do`
			`stub_application_setting(`
			`lets_encrypt_notification_email: 'myemail@test.example.com',`
Store Let's Encrypt private key in settings Storing this key in secrets.yml was a bad idea, it would require users using HA setups to manually replicate secrets across nodes during update, it also needed support from omnibus package * Revert "Generate Let's Encrypt private key" This reverts commit 444959bfa0b79e827a2a1a7a314acac19390f976. * Add Let's Encrypt private key to settings as encrypted attribute * Generate Let's Encrypt private key in database migration 2019-05-28 00:47:34 -04:00			`lets_encrypt_terms_of_service_accepted: true,`
			`lets_encrypt_private_key: private_key`
Add Let's Encrypt client Part of adding Let's Encrypt certificates for pages domains Add acme-client gem Client is being initialized by private key stored in secrets.yml Let's Encrypt account is being created lazily. If it's already created, Acme::Client just gets account_kid by calling new_account method Make Let's Encrypt client an instance Wrap order and challenge classes 2019-05-16 05:32:25 -04:00			`)`
			`end`

			`let!(:stub_client) { stub_lets_encrypt_client }`

			`shared_examples 'ensures account registration' do`
			`it 'ensures account registration' do`
			`subject`

			`expect(stub_client).to have_received(:new_account).with(`
			`contact: 'mailto:myemail@test.example.com',`
			`terms_of_service_agreed: true`
			`)`
			`end`

			`context 'when acme integration is disabled' do`
			`before do`
			`stub_application_setting(lets_encrypt_terms_of_service_accepted: false)`
			`end`

			`it 'raises error' do`
			`expect do`
			`subject`
			`end.to raise_error('Acme integration is disabled')`
			`end`
			`end`
			`end`

			`describe '#new_order' do`
			`subject(:new_order) { client.new_order('example.com') }`

			`before do`
			`order_double = instance_double('Acme::Order')`
			`allow(stub_client).to receive(:new_order).and_return(order_double)`
			`end`

			`include_examples 'ensures account registration'`

			`it 'returns order' do`
			`is_expected.to be_a(::Gitlab::LetsEncrypt::Order)`
			`end`
			`end`

			`describe '#load_order' do`
			`let(:url) { 'https://example.com/order' }`
			`subject { client.load_order(url) }`

			`before do`
			`acme_order = instance_double('Acme::Client::Resources::Order')`
			`allow(stub_client).to receive(:order).with(url: url).and_return(acme_order)`
			`end`

			`include_examples 'ensures account registration'`

			`it 'loads order' do`
			`is_expected.to be_a(::Gitlab::LetsEncrypt::Order)`
			`end`
			`end`

			`describe '#load_challenge' do`
			`let(:url) { 'https://example.com/challenge' }`
			`subject { client.load_challenge(url) }`

			`before do`
			`acme_challenge = instance_double('Acme::Client::Resources::Challenge')`
			`allow(stub_client).to receive(:challenge).with(url: url).and_return(acme_challenge)`
			`end`

			`include_examples 'ensures account registration'`

			`it 'loads challenge' do`
			`is_expected.to be_a(::Gitlab::LetsEncrypt::Challenge)`
			`end`
			`end`

			`describe '#enabled?' do`
			`subject { client.enabled? }`

			`context 'when terms of service are accepted' do`
			`it { is_expected.to eq(true) }`

			`context 'when feature flag is disabled' do`
			`before do`
			`stub_feature_flags(pages_auto_ssl: false)`
			`end`

			`it { is_expected.to eq(false) }`
			`end`
			`end`

			`context 'when terms of service are not accepted' do`
			`before do`
			`stub_application_setting(lets_encrypt_terms_of_service_accepted: false)`
			`end`

			`it { is_expected.to eq(false) }`
			`end`
			`end`

			`describe '#terms_of_service_url' do`
			`subject { client.terms_of_service_url }`

			`it 'returns valid url' do`
			`is_expected.to eq("https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf")`
			`end`
			`end`
			`end`