Check for conflict with wiki projects when creating a new project.

This fix avoids exposing the information from the wiki repository of other project.
2016-06-27 13:23:19 -05:00 · 2016-06-27 13:23:19 -05:00 · 16a0303801
commit 16a0303801
parent f0ed8930f7
3 changed files with 33 additions and 0 deletions
--- a/1
+++ b/1
@ -10,6 +10,7 @@ v 8.10.0 (unreleased)
  - Implement Subresource Integrity for CSS and JavaScript assets. This prevents malicious assets from loading in the case of a CDN compromise.
  - Fix changing issue state columns in milestone view
  - Fix user creation with stronger minimum password requirements !4054 (nathan-pmt)
+  - Check for conflicts with existing Project's wiki path when creating a new project.
  - Add API endpoint for a group issues !4520 (mahcsig)

 v 8.9.1
--- a/app/models/project.rb
+++ b/app/models/project.rb
@ -163,6 +163,7 @@ class Project < ActiveRecord::Base
  validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
  validate :visibility_level_allowed_by_group
  validate :visibility_level_allowed_as_fork
+  validate :check_wiki_path_conflict

  add_authentication_token_field :runners_token
  before_save :ensure_runners_token
@ -539,6 +540,16 @@ class Project < ActiveRecord::Base
    self.errors.add(:visibility_level, "#{level_name} is not allowed since the fork source project has lower visibility.")
  end

+  def check_wiki_path_conflict
+    return if path.blank?
+
+    path_to_check = path.ends_with?('.wiki') ? path.chomp('.wiki') : "#{path}.wiki"
+
+    if Project.where(namespace_id: namespace_id, path: path_to_check).exists?
+      errors.add(:name, 'has already been taken')
+    end
+  end
+
  def to_param
    path
  end
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@ -63,6 +63,27 @@ describe Project, models: true do
      expect(project2).not_to be_valid
      expect(project2.errors[:limit_reached].first).to match(/Personal project creation is not allowed/)
    end
+
+    describe 'wiki path conflict' do
+      context "when the new path has been used by the wiki of other Project" do
+        it 'should have an error on the name attribute' do
+          new_project = build_stubbed(:project, namespace_id: project.namespace_id, path: "#{project.path}.wiki")
+
+          expect(new_project).not_to be_valid
+          expect(new_project.errors[:name].first).to eq('has already been taken')
+        end
+      end
+
+      context "when the new wiki path has been used by the path of other Project" do
+        it 'should have an error on the name attribute' do
+          project_with_wiki_suffix = create(:project, path: 'foo.wiki')
+          new_project = build_stubbed(:project, namespace_id: project_with_wiki_suffix.namespace_id, path: 'foo')
+
+          expect(new_project).not_to be_valid
+          expect(new_project.errors[:name].first).to eq('has already been taken')
+        end
+      end
+    end
  end

  describe 'default_scope' do