From 3968b07d7ea1fd2ca07e427a487ea94ca0c6081d Mon Sep 17 00:00:00 2001 From: Grzegorz Bizon Date: Fri, 4 Nov 2016 13:08:58 +0100 Subject: [PATCH] Add tests for serialization entities, add user entity --- app/serializers/commit_entity.rb | 2 +- app/serializers/deployment_entity.rb | 2 +- app/serializers/user_entity.rb | 2 ++ spec/serializers/build_entity_spec.rb | 5 +++ spec/serializers/commit_entity_spec.rb | 44 ++++++++++++++++++++++++++ spec/serializers/user_entity_spec.rb | 23 ++++++++++++++ 6 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 app/serializers/user_entity.rb create mode 100644 spec/serializers/commit_entity_spec.rb create mode 100644 spec/serializers/user_entity_spec.rb diff --git a/app/serializers/commit_entity.rb b/app/serializers/commit_entity.rb index 3b6c2323e3e..827782e85bb 100644 --- a/app/serializers/commit_entity.rb +++ b/app/serializers/commit_entity.rb @@ -1,7 +1,7 @@ class CommitEntity < API::Entities::RepoCommit include RequestAwareEntity - expose :author, using: API::Entities::UserBasic + expose :author, using: UserEntity expose :commit_url do |commit| @urls.namespace_project_tree_url( diff --git a/app/serializers/deployment_entity.rb b/app/serializers/deployment_entity.rb index d3ed6a5eef4..d743b44c4a0 100644 --- a/app/serializers/deployment_entity.rb +++ b/app/serializers/deployment_entity.rb @@ -20,7 +20,7 @@ class DeploymentEntity < Grape::Entity expose :tag expose :last? - expose :user, using: API::Entities::UserBasic + expose :user, using: UserEntity expose :commit, using: CommitEntity expose :deployable, using: BuildEntity expose :manual_actions, using: BuildEntity diff --git a/app/serializers/user_entity.rb b/app/serializers/user_entity.rb new file mode 100644 index 00000000000..43754ea94f7 --- /dev/null +++ b/app/serializers/user_entity.rb @@ -0,0 +1,2 @@ +class UserEntity < API::Entities::UserBasic +end diff --git a/spec/serializers/build_entity_spec.rb b/spec/serializers/build_entity_spec.rb index 2282b560d7f..2734f5bedca 100644 --- a/spec/serializers/build_entity_spec.rb +++ b/spec/serializers/build_entity_spec.rb @@ -14,6 +14,11 @@ describe BuildEntity do expect(subject).to include(:build_url, :retry_url) expect(subject).not_to include(:play_url) end + + it 'does not contain sensitive information' do + expect(subject).not_to include(/token/) + expect(subject).not_to include(/variables/) + end end context 'when build is a manual action' do diff --git a/spec/serializers/commit_entity_spec.rb b/spec/serializers/commit_entity_spec.rb new file mode 100644 index 00000000000..628e35c9a28 --- /dev/null +++ b/spec/serializers/commit_entity_spec.rb @@ -0,0 +1,44 @@ +require 'spec_helper' + +describe CommitEntity do + let(:entity) do + described_class.new(commit, request: request) + end + + let(:request) { double('request') } + let(:project) { create(:project) } + let(:commit) { project.commit } + + subject { entity.as_json } + + before do + allow(request).to receive(:project).and_return(project) + end + + context 'when commit author is a user' do + before do + create(:user, email: commit.author_email) + end + + it 'contains information about user' do + expect(subject.fetch(:author)).not_to be_nil + end + end + + context 'when commit author is not a user' do + it 'does not contain author details' do + expect(subject.fetch(:author)).to be_nil + end + end + + it 'contains commit URL' do + expect(subject).to include(:commit_url) + end + + it 'needs to receive project in the request' do + expect(request).to receive(:project) + .and_return(project) + + subject + end +end diff --git a/spec/serializers/user_entity_spec.rb b/spec/serializers/user_entity_spec.rb new file mode 100644 index 00000000000..c5d11cbcf5e --- /dev/null +++ b/spec/serializers/user_entity_spec.rb @@ -0,0 +1,23 @@ +require 'spec_helper' + +describe UserEntity do + let(:entity) { described_class.new(user) } + let(:user) { create(:user) } + subject { entity.as_json } + + it 'exposes user name and login' do + expect(subject).to include(:username, :name) + end + + it 'does not expose passwords' do + expect(subject).not_to include(/password/) + end + + it 'does not expose tokens' do + expect(subject).not_to include(/token/) + end + + it 'does not expose 2FA OTPs' do + expect(subject).not_to include(/otp/) + end +end