Added builds_spec and git_http_specs
This commit is contained in:
parent
5f45ddc545
commit
ac6412d076
|
@ -117,7 +117,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController
|
|||
|
||||
case auth_result.type
|
||||
when :ci
|
||||
if download_request?
|
||||
if auth_result.project == project && download_request?
|
||||
@ci = true
|
||||
else
|
||||
return false
|
||||
|
|
|
@ -254,7 +254,8 @@ describe Ci::API::API do
|
|||
let(:get_url) { ci_api("/builds/#{build.id}/artifacts") }
|
||||
let(:jwt_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
|
||||
let(:headers) { { "GitLab-Workhorse" => "1.0", Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => jwt_token } }
|
||||
let(:headers_with_token) { headers.merge(Ci::API::Helpers::BUILD_TOKEN_HEADER => build.token) }
|
||||
let(:token) { build.token }
|
||||
let(:headers_with_token) { headers.merge(Ci::API::Helpers::BUILD_TOKEN_HEADER => token) }
|
||||
|
||||
before { build.run! }
|
||||
|
||||
|
@ -274,6 +275,13 @@ describe Ci::API::API do
|
|||
expect(json_response["TempPath"]).not_to be_nil
|
||||
end
|
||||
|
||||
it "using runners token" do
|
||||
post authorize_url, { token: build.project.runners_token }, headers
|
||||
expect(response).to have_http_status(200)
|
||||
expect(response.content_type.to_s).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
|
||||
expect(json_response["TempPath"]).not_to be_nil
|
||||
end
|
||||
|
||||
it "reject requests that did not go through gitlab-workhorse" do
|
||||
headers.delete(Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER)
|
||||
post authorize_url, { token: build.token }, headers
|
||||
|
@ -358,6 +366,16 @@ describe Ci::API::API do
|
|||
|
||||
it_behaves_like 'successful artifacts upload'
|
||||
end
|
||||
|
||||
context 'when using runners token' do
|
||||
let(:token) { build.project.runners_token }
|
||||
|
||||
before do
|
||||
upload_artifacts(file_upload, headers_with_token)
|
||||
end
|
||||
|
||||
it_behaves_like 'successful artifacts upload'
|
||||
end
|
||||
end
|
||||
|
||||
context 'posts artifacts file and metadata file' do
|
||||
|
@ -497,10 +515,12 @@ describe Ci::API::API do
|
|||
|
||||
before do
|
||||
delete delete_url, token: build.token
|
||||
build.reload
|
||||
end
|
||||
|
||||
shared_examples 'having removable artifacts' do
|
||||
it 'removes build artifacts' do
|
||||
build.reload
|
||||
|
||||
expect(response).to have_http_status(200)
|
||||
expect(build.artifacts_file.exists?).to be_falsy
|
||||
expect(build.artifacts_metadata.exists?).to be_falsy
|
||||
|
@ -508,8 +528,27 @@ describe Ci::API::API do
|
|||
end
|
||||
end
|
||||
|
||||
context 'when using build token' do
|
||||
before do
|
||||
delete delete_url, token: build.token
|
||||
end
|
||||
|
||||
it_behaves_like 'having removable artifacts'
|
||||
end
|
||||
|
||||
context 'when using runnners token' do
|
||||
before do
|
||||
delete delete_url, token: build.project.runners_token
|
||||
end
|
||||
|
||||
it_behaves_like 'having removable artifacts'
|
||||
end
|
||||
end
|
||||
|
||||
describe 'GET /builds/:id/artifacts' do
|
||||
before { get get_url, token: build.token }
|
||||
before do
|
||||
get get_url, token: token
|
||||
end
|
||||
|
||||
context 'build has artifacts' do
|
||||
let(:build) { create(:ci_build, :artifacts) }
|
||||
|
@ -518,13 +557,29 @@ describe Ci::API::API do
|
|||
'Content-Disposition' => 'attachment; filename=ci_build_artifacts.zip' }
|
||||
end
|
||||
|
||||
it 'downloads artifact' do
|
||||
shared_examples 'having downloadable artifacts' do
|
||||
it 'download artifacts' do
|
||||
expect(response).to have_http_status(200)
|
||||
expect(response.headers).to include download_headers
|
||||
end
|
||||
end
|
||||
|
||||
context 'when using build token' do
|
||||
let(:token) { build.token }
|
||||
|
||||
it_behaves_like 'having downloadable artifacts'
|
||||
end
|
||||
|
||||
context 'when using runnners token' do
|
||||
let(:token) { build.project.runners_token }
|
||||
|
||||
it_behaves_like 'having downloadable artifacts'
|
||||
end
|
||||
end
|
||||
|
||||
context 'build does not has artifacts' do
|
||||
let(:token) { build.token }
|
||||
|
||||
it 'responds with not found' do
|
||||
expect(response).to have_http_status(404)
|
||||
end
|
||||
|
|
|
@ -302,11 +302,13 @@ describe 'Git HTTP requests', lib: true do
|
|||
context "when a gitlab ci token is provided" do
|
||||
let(:build) { create(:ci_build, :running) }
|
||||
let(:project) { build.project }
|
||||
let(:other_project) { create(:empty_project) }
|
||||
|
||||
before do
|
||||
project.project_feature.update_attributes(builds_access_level: ProjectFeature::ENABLED)
|
||||
end
|
||||
|
||||
context 'when build created by system is authenticated' do
|
||||
it "downloads get status 200" do
|
||||
clone_get "#{project.path_with_namespace}.git", user: 'gitlab-ci-token', password: build.token
|
||||
|
||||
|
@ -319,6 +321,59 @@ describe 'Git HTTP requests', lib: true do
|
|||
|
||||
expect(response).to have_http_status(401)
|
||||
end
|
||||
|
||||
it "downloads from other project get status 401" do
|
||||
clone_get "#{other_project.path_with_namespace}.git", user: 'gitlab-ci-token', password: build.token
|
||||
|
||||
expect(response).to have_http_status(401)
|
||||
end
|
||||
end
|
||||
|
||||
context 'and build created by' do
|
||||
before do
|
||||
build.update(user: user)
|
||||
project.team << [user, :reporter]
|
||||
end
|
||||
|
||||
shared_examples 'can download code only from own projects' do
|
||||
it 'downloads get status 200' do
|
||||
clone_get "#{project.path_with_namespace}.git", user: 'gitlab-ci-token', password: build.token
|
||||
|
||||
expect(response).to have_http_status(200)
|
||||
expect(response.content_type.to_s).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
|
||||
end
|
||||
|
||||
it 'uploads get status 403' do
|
||||
push_get "#{project.path_with_namespace}.git", user: 'gitlab-ci-token', password: build.token
|
||||
|
||||
expect(response).to have_http_status(403)
|
||||
end
|
||||
end
|
||||
|
||||
context 'administrator' do
|
||||
let(:user) { create(:admin) }
|
||||
|
||||
it_behaves_like 'can download code only from own projects'
|
||||
|
||||
it 'downloads from other project get status 403' do
|
||||
clone_get "#{other_project.path_with_namespace}.git", user: 'gitlab-ci-token', password: build.token
|
||||
|
||||
expect(response).to have_http_status(403)
|
||||
end
|
||||
end
|
||||
|
||||
context 'regular user' do
|
||||
let(:user) { create(:user) }
|
||||
|
||||
it_behaves_like 'can download code only from own projects'
|
||||
|
||||
it 'downloads from other project get status 404' do
|
||||
clone_get "#{other_project.path_with_namespace}.git", user: 'gitlab-ci-token', password: build.token
|
||||
|
||||
expect(response).to have_http_status(404)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -45,7 +45,7 @@ describe JwtController do
|
|||
|
||||
context 'using User login' do
|
||||
let(:user) { create(:user) }
|
||||
let(:headers) { { authorization: credentials(user.username , user.password) } }
|
||||
let(:headers) { { authorization: credentials(user.username, user.password) } }
|
||||
|
||||
subject! { get '/jwt/auth', parameters, headers }
|
||||
|
||||
|
|
Loading…
Reference in New Issue