gitlab-org--gitlab-foss/spec/requests/api/internal_spec.rb

require 'spec_helper'

describe API::API, api: true  do
  include ApiHelpers
  let(:user) { create(:user) }
  let(:key) { create(:key, user: user) }
  let(:project) { create(:project) }
  let(:secret_token) { File.read Rails.root.join('.gitlab_shell_secret') }

  describe "GET /internal/check", no_db: true do
    it do
      get api("/internal/check"), secret_token: secret_token

      response.status.should == 200
      json_response['api_version'].should == API::API.version
    end
  end

  describe "GET /internal/discover" do
    it do
      get(api("/internal/discover"), key_id: key.id, secret_token: secret_token)

      response.status.should == 200

      json_response['name'].should == user.name
    end
  end

  describe "POST /internal/allowed" do
    context "access granted" do
      before do
        project.team << [user, :developer]
      end

      context "git pull" do
        it do
          pull(key, project)

          response.status.should == 200
          JSON.parse(response.body)["status"].should be_true
        end
      end

      context "git push" do
        it do
          push(key, project)

          response.status.should == 200
          JSON.parse(response.body)["status"].should be_true
        end
      end
    end

    context "access denied" do
      before do
        project.team << [user, :guest]
      end

      context "git pull" do
        it do
          pull(key, project)

          response.status.should == 200
          JSON.parse(response.body)["status"].should be_false
        end
      end

      context "git push" do
        it do
          push(key, project)

          response.status.should == 200
          JSON.parse(response.body)["status"].should be_false
        end
      end
    end

    context "blocked user" do
      let(:personal_project) { create(:project, namespace: user.namespace) }

      before do
        user.block
      end

      context "git pull" do
        it do
          pull(key, personal_project)

          response.status.should == 200
          JSON.parse(response.body)["status"].should be_false
        end
      end

      context "git push" do
        it do
          push(key, personal_project)

          response.status.should == 200
          JSON.parse(response.body)["status"].should be_false
        end
      end
    end

    context "archived project" do
      let(:personal_project) { create(:project, namespace: user.namespace) }

      before do
        project.team << [user, :developer]
        project.archive!
      end

      context "git pull" do
        it do
          pull(key, project)

          response.status.should == 200
          JSON.parse(response.body)["status"].should be_true
        end
      end

      context "git push" do
        it do
          push(key, project)

          response.status.should == 200
          JSON.parse(response.body)["status"].should be_false
        end
      end
    end

    context "deploy key" do
      let(:key) { create(:deploy_key) }

      context "added to project" do
        before do
          key.projects << project
        end

        it do
          archive(key, project)

          response.status.should == 200
          JSON.parse(response.body)["status"].should be_true
        end
      end

      context "not added to project" do
        it do
          archive(key, project)

          response.status.should == 200
          JSON.parse(response.body)["status"].should be_false
        end
      end
    end

    context 'project does not exist' do
      it do
        pull(key, OpenStruct.new(path_with_namespace: 'gitlab/notexists'))

        response.status.should == 200
        JSON.parse(response.body)["status"].should be_false
      end
    end

    context 'user does not exist' do
      it do
        pull(OpenStruct.new(id: 0), project)

        response.status.should == 200
        JSON.parse(response.body)["status"].should be_false
      end
    end
  end

  def pull(key, project)
    post(
      api("/internal/allowed"),
      key_id: key.id,
      project: project.path_with_namespace,
      action: 'git-upload-pack',
      secret_token: secret_token
    )
  end

  def push(key, project)
    post(
      api("/internal/allowed"),
      changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master',
      key_id: key.id,
      project: project.path_with_namespace,
      action: 'git-receive-pack',
      secret_token: secret_token
    )
  end

  def archive(key, project)
    post(
      api("/internal/allowed"),
      ref: 'master',
      key_id: key.id,
      project: project.path_with_namespace,
      action: 'git-upload-archive',
      secret_token: secret_token
    )
  end
end
specs for api/internal 2013-02-26 20:53:59 +00:00			`require 'spec_helper'`

Added API testing group 2014-04-11 19:45:56 +00:00			`describe API::API, api: true do`
specs for api/internal 2013-02-26 20:53:59 +00:00			`include ApiHelpers`
			`let(:user) { create(:user) }`
			`let(:key) { create(:key, user: user) }`
			`let(:project) { create(:project) }`
add gitlab-shell identification 2014-10-15 15:26:15 +00:00			`let(:secret_token) { File.read Rails.root.join('.gitlab_shell_secret') }`
specs for api/internal 2013-02-26 20:53:59 +00:00
			`describe "GET /internal/check", no_db: true do`
			`it do`
add gitlab-shell identification 2014-10-15 15:26:15 +00:00			`get api("/internal/check"), secret_token: secret_token`
specs for api/internal 2013-02-26 20:53:59 +00:00
			`response.status.should == 200`
Refactor API classes. So api classes like Gitlab::Issues become API::Issues 2013-05-14 12:33:31 +00:00			`json_response['api_version'].should == API::API.version`
specs for api/internal 2013-02-26 20:53:59 +00:00			`end`
			`end`

			`describe "GET /internal/discover" do`
			`it do`
add gitlab-shell identification 2014-10-15 15:26:15 +00:00			`get(api("/internal/discover"), key_id: key.id, secret_token: secret_token)`
specs for api/internal 2013-02-26 20:53:59 +00:00
			`response.status.should == 200`

fix api internal test 2013-03-11 13:47:44 +00:00			`json_response['name'].should == user.name`
specs for api/internal 2013-02-26 20:53:59 +00:00			`end`
			`end`

Fix internal API for missing project or key Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-12-01 14:55:33 +00:00			`describe "POST /internal/allowed" do`
specs for api/internal 2013-02-26 20:53:59 +00:00			`context "access granted" do`
			`before do`
			`project.team << [user, :developer]`
			`end`

			`context "git pull" do`
			`it do`
block user should not be able to push 2013-03-07 12:18:30 +00:00			`pull(key, project)`
specs for api/internal 2013-02-26 20:53:59 +00:00
			`response.status.should == 200`
Better message for failed pushes because of git hooks Conflicts: lib/gitlab/git_access.rb spec/lib/gitlab/git_access_spec.rb 2014-11-14 16:23:55 +00:00			`JSON.parse(response.body)["status"].should be_true`
specs for api/internal 2013-02-26 20:53:59 +00:00			`end`
			`end`

			`context "git push" do`
			`it do`
block user should not be able to push 2013-03-07 12:18:30 +00:00			`push(key, project)`
specs for api/internal 2013-02-26 20:53:59 +00:00
			`response.status.should == 200`
Better message for failed pushes because of git hooks Conflicts: lib/gitlab/git_access.rb spec/lib/gitlab/git_access_spec.rb 2014-11-14 16:23:55 +00:00			`JSON.parse(response.body)["status"].should be_true`
specs for api/internal 2013-02-26 20:53:59 +00:00			`end`
			`end`
			`end`

			`context "access denied" do`
			`before do`
			`project.team << [user, :guest]`
			`end`

			`context "git pull" do`
			`it do`
block user should not be able to push 2013-03-07 12:18:30 +00:00			`pull(key, project)`
specs for api/internal 2013-02-26 20:53:59 +00:00
			`response.status.should == 200`
Better message for failed pushes because of git hooks Conflicts: lib/gitlab/git_access.rb spec/lib/gitlab/git_access_spec.rb 2014-11-14 16:23:55 +00:00			`JSON.parse(response.body)["status"].should be_false`
specs for api/internal 2013-02-26 20:53:59 +00:00			`end`
			`end`

			`context "git push" do`
			`it do`
block user should not be able to push 2013-03-07 12:18:30 +00:00			`push(key, project)`
specs for api/internal 2013-02-26 20:53:59 +00:00
			`response.status.should == 200`
Better message for failed pushes because of git hooks Conflicts: lib/gitlab/git_access.rb spec/lib/gitlab/git_access_spec.rb 2014-11-14 16:23:55 +00:00			`JSON.parse(response.body)["status"].should be_false`
specs for api/internal 2013-02-26 20:53:59 +00:00			`end`
			`end`
			`end`

block user should not be able to push 2013-03-07 12:18:30 +00:00			`context "blocked user" do`
			`let(:personal_project) { create(:project, namespace: user.namespace) }`

			`before do`
			`user.block`
			`end`

			`context "git pull" do`
			`it do`
			`pull(key, personal_project)`

			`response.status.should == 200`
Better message for failed pushes because of git hooks Conflicts: lib/gitlab/git_access.rb spec/lib/gitlab/git_access_spec.rb 2014-11-14 16:23:55 +00:00			`JSON.parse(response.body)["status"].should be_false`
block user should not be able to push 2013-03-07 12:18:30 +00:00			`end`
			`end`

			`context "git push" do`
			`it do`
			`push(key, personal_project)`

			`response.status.should == 200`
Better message for failed pushes because of git hooks Conflicts: lib/gitlab/git_access.rb spec/lib/gitlab/git_access_spec.rb 2014-11-14 16:23:55 +00:00			`JSON.parse(response.body)["status"].should be_false`
block user should not be able to push 2013-03-07 12:18:30 +00:00			`end`
			`end`
			`end`
allow all git-upload-* commands for deploy keys 2013-07-29 12:25:33 +00:00
Archiving old projects; archived projects aren't shown on dashboard features for archive projects abilities for archived project other abilities for archive projects only limit commits and merges for archived projects ability changed to prohibited actions on archived projects added spec and feature tests for archive projects changed search bar not to include archived projects 2013-11-29 16:10:59 +00:00			`context "archived project" do`
			`let(:personal_project) { create(:project, namespace: user.namespace) }`

			`before do`
			`project.team << [user, :developer]`
			`project.archive!`
			`end`

			`context "git pull" do`
			`it do`
			`pull(key, project)`

			`response.status.should == 200`
Better message for failed pushes because of git hooks Conflicts: lib/gitlab/git_access.rb spec/lib/gitlab/git_access_spec.rb 2014-11-14 16:23:55 +00:00			`JSON.parse(response.body)["status"].should be_true`
Archiving old projects; archived projects aren't shown on dashboard features for archive projects abilities for archived project other abilities for archive projects only limit commits and merges for archived projects ability changed to prohibited actions on archived projects added spec and feature tests for archive projects changed search bar not to include archived projects 2013-11-29 16:10:59 +00:00			`end`
			`end`

			`context "git push" do`
			`it do`
			`push(key, project)`

			`response.status.should == 200`
Better message for failed pushes because of git hooks Conflicts: lib/gitlab/git_access.rb spec/lib/gitlab/git_access_spec.rb 2014-11-14 16:23:55 +00:00			`JSON.parse(response.body)["status"].should be_false`
Archiving old projects; archived projects aren't shown on dashboard features for archive projects abilities for archived project other abilities for archive projects only limit commits and merges for archived projects ability changed to prohibited actions on archived projects added spec and feature tests for archive projects changed search bar not to include archived projects 2013-11-29 16:10:59 +00:00			`end`
			`end`
			`end`

allow all git-upload-* commands for deploy keys 2013-07-29 12:25:33 +00:00			`context "deploy key" do`
			`let(:key) { create(:deploy_key) }`

			`context "added to project" do`
			`before do`
			`key.projects << project`
			`end`

			`it do`
			`archive(key, project)`

			`response.status.should == 200`
Fix internal API for missing project or key Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-12-01 14:55:33 +00:00			`JSON.parse(response.body)["status"].should be_true`
allow all git-upload-* commands for deploy keys 2013-07-29 12:25:33 +00:00			`end`
			`end`

			`context "not added to project" do`
			`it do`
			`archive(key, project)`

			`response.status.should == 200`
Fix internal API for missing project or key Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-12-01 14:55:33 +00:00			`JSON.parse(response.body)["status"].should be_false`
allow all git-upload-* commands for deploy keys 2013-07-29 12:25:33 +00:00			`end`
			`end`
			`end`
Fix internal API for missing project or key Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-12-01 14:55:33 +00:00
			`context 'project does not exist' do`
			`it do`
			`pull(key, OpenStruct.new(path_with_namespace: 'gitlab/notexists'))`

			`response.status.should == 200`
			`JSON.parse(response.body)["status"].should be_false`
			`end`
			`end`

			`context 'user does not exist' do`
			`it do`
			`pull(OpenStruct.new(id: 0), project)`

			`response.status.should == 200`
			`JSON.parse(response.body)["status"].should be_false`
			`end`
			`end`
block user should not be able to push 2013-03-07 12:18:30 +00:00			`end`

			`def pull(key, project)`
/api/allowed use POST now Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-03 06:06:16 +00:00			`post(`
block user should not be able to push 2013-03-07 12:18:30 +00:00			`api("/internal/allowed"),`
			`key_id: key.id,`
			`project: project.path_with_namespace,`
add gitlab-shell identification 2014-10-15 15:26:15 +00:00			`action: 'git-upload-pack',`
			`secret_token: secret_token`
block user should not be able to push 2013-03-07 12:18:30 +00:00			`)`
			`end`

			`def push(key, project)`
/api/allowed use POST now Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-03 06:06:16 +00:00			`post(`
block user should not be able to push 2013-03-07 12:18:30 +00:00			`api("/internal/allowed"),`
Fix specs for internal api Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-02 08:35:34 +00:00			`changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master',`
block user should not be able to push 2013-03-07 12:18:30 +00:00			`key_id: key.id,`
			`project: project.path_with_namespace,`
add gitlab-shell identification 2014-10-15 15:26:15 +00:00			`action: 'git-receive-pack',`
			`secret_token: secret_token`
block user should not be able to push 2013-03-07 12:18:30 +00:00			`)`
specs for api/internal 2013-02-26 20:53:59 +00:00			`end`
allow all git-upload-* commands for deploy keys 2013-07-29 12:25:33 +00:00
			`def archive(key, project)`
/api/allowed use POST now Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-03 06:06:16 +00:00			`post(`
allow all git-upload-* commands for deploy keys 2013-07-29 12:25:33 +00:00			`api("/internal/allowed"),`
			`ref: 'master',`
			`key_id: key.id,`
			`project: project.path_with_namespace,`
add gitlab-shell identification 2014-10-15 15:26:15 +00:00			`action: 'git-upload-archive',`
			`secret_token: secret_token`
allow all git-upload-* commands for deploy keys 2013-07-29 12:25:33 +00:00			`)`
			`end`
specs for api/internal 2013-02-26 20:53:59 +00:00			`end`