Added git http requests tests for user with LDAP identity

Signed-off-by: Rémy Coutable <remy@rymai.me>

spec/requests/git_http_spec.rb

@@ -1,17 +1,19 @@
 require "spec_helper"
 
 describe 'Git HTTP requests', lib: true do
+  include GitHttpHelpers
   include WorkhorseHelpers
 
-  let(:user)    { create(:user) }
-  let(:project) { create(:project, path: 'project.git-project') }
-
   it "gives WWW-Authenticate hints" do
     clone_get('doesnt/exist.git')
 
     expect(response.header['WWW-Authenticate']).to start_with('Basic ')
   end
 
+  describe "User with no identities" do
+    let(:user)    { create(:user) }
+    let(:project) { create(:project, path: 'project.git-project') }
+
     context "when the project doesn't exist" do
       context "when no authentication is provided" do
         it "responds with status 401 (no project existence information leak)" do
@@ -458,51 +460,58 @@ describe 'Git HTTP requests', lib: true do
         end
       end
     end
-
-  def clone_get(project, options = {})
-    get "/#{project}/info/refs", { service: 'git-upload-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
   end
 
-  def clone_post(project, options = {})
-    post "/#{project}/git-upload-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
+  describe "User with LDAP identity" do
+    let(:user) { create(:omniauth_user, extern_uid: dn) }
+    let(:dn) { 'uid=john,ou=people,dc=example,dc=com' }
+
+    before do
+      allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true)
+      allow(Gitlab::LDAP::Authentication).to receive(:login).and_return(nil)
+      allow(Gitlab::LDAP::Authentication).to receive(:login).with(user.username, user.password).and_return(user)
     end
 
-  def push_get(project, options = {})
-    get "/#{project}/info/refs", { service: 'git-receive-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
+    context "when authentication fails" do
+      context "when no authentication is provided" do
+        it "responds with status 401" do
+          download('doesnt/exist.git') do |response|
+            expect(response).to have_http_status(401)
+          end
+        end
       end
 
-  def push_post(project, options = {})
-    post "/#{project}/git-receive-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
+      context "when username and invalid password are provided" do
+        it "responds with status 401" do
+          download('doesnt/exist.git', user: user.username, password: "nope") do |response|
+            expect(response).to have_http_status(401)
+          end
+        end
+      end
     end
 
-  def download(project, user: nil, password: nil, spnego_request_token: nil)
-    args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
-
-    clone_get(*args)
-    yield response
-
-    clone_post(*args)
-    yield response
+    context "when authentication succeeds" do
+      context "when the project doesn't exist" do
+        it "responds with status 404" do
+          download('/doesnt/exist.git', user: user.username, password: user.password) do |response|
+            expect(response).to have_http_status(404)
+          end
+        end
       end
 
-  def upload(project, user: nil, password: nil, spnego_request_token: nil)
-    args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
+      context "when the project exists" do
+        let(:project) { create(:project, path: 'project.git-project') }
 
-    push_get(*args)
-    yield response
-
-    push_post(*args)
-    yield response
+        before do
+          project.team << [user, :master]
         end
 
-  def auth_env(user, password, spnego_request_token)
-    env = workhorse_internal_api_request_header
-    if user && password
-      env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user, password)
-    elsif spnego_request_token
-      env['HTTP_AUTHORIZATION'] = "Negotiate #{::Base64.strict_encode64('opaque_request_token')}"
+        it "responds with status 200" do
+          clone_get(path, user: user.username, password: user.password) do |response|
+            expect(response).to have_http_status(200)
+          end
+        end
+      end
     end
-
-    env
   end
 end

spec/support/git_http_helpers.rb

@@ -0,0 +1,48 @@
+module GitHttpHelpers
+  def clone_get(project, options = {})
+    get "/#{project}/info/refs", { service: 'git-upload-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
+  end
+
+  def clone_post(project, options = {})
+    post "/#{project}/git-upload-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
+  end
+
+  def push_get(project, options = {})
+    get "/#{project}/info/refs", { service: 'git-receive-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
+  end
+
+  def push_post(project, options = {})
+    post "/#{project}/git-receive-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
+  end
+
+  def download(project, user: nil, password: nil, spnego_request_token: nil)
+    args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
+
+    clone_get(*args)
+    yield response
+
+    clone_post(*args)
+    yield response
+  end
+
+  def upload(project, user: nil, password: nil, spnego_request_token: nil)
+    args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
+
+    push_get(*args)
+    yield response
+
+    push_post(*args)
+    yield response
+  end
+
+  def auth_env(user, password, spnego_request_token)
+    env = workhorse_internal_api_request_header
+    if user && password
+      env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user, password)
+    elsif spnego_request_token
+      env['HTTP_AUTHORIZATION'] = "Negotiate #{::Base64.strict_encode64('opaque_request_token')}"
+    end
+
+    env
+  end
+end