Added git http requests tests for user with LDAP identity
Signed-off-by: Rémy Coutable <remy@rymai.me>
This commit is contained in:
parent
3b206ccb83
commit
dc15201c0b
|
@ -1,17 +1,19 @@
|
|||
require "spec_helper"
|
||||
|
||||
describe 'Git HTTP requests', lib: true do
|
||||
include GitHttpHelpers
|
||||
include WorkhorseHelpers
|
||||
|
||||
let(:user) { create(:user) }
|
||||
let(:project) { create(:project, path: 'project.git-project') }
|
||||
|
||||
it "gives WWW-Authenticate hints" do
|
||||
clone_get('doesnt/exist.git')
|
||||
|
||||
expect(response.header['WWW-Authenticate']).to start_with('Basic ')
|
||||
end
|
||||
|
||||
describe "User with no identities" do
|
||||
let(:user) { create(:user) }
|
||||
let(:project) { create(:project, path: 'project.git-project') }
|
||||
|
||||
context "when the project doesn't exist" do
|
||||
context "when no authentication is provided" do
|
||||
it "responds with status 401 (no project existence information leak)" do
|
||||
|
@ -458,51 +460,58 @@ describe 'Git HTTP requests', lib: true do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
def clone_get(project, options = {})
|
||||
get "/#{project}/info/refs", { service: 'git-upload-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
|
||||
end
|
||||
|
||||
def clone_post(project, options = {})
|
||||
post "/#{project}/git-upload-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
|
||||
describe "User with LDAP identity" do
|
||||
let(:user) { create(:omniauth_user, extern_uid: dn) }
|
||||
let(:dn) { 'uid=john,ou=people,dc=example,dc=com' }
|
||||
|
||||
before do
|
||||
allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true)
|
||||
allow(Gitlab::LDAP::Authentication).to receive(:login).and_return(nil)
|
||||
allow(Gitlab::LDAP::Authentication).to receive(:login).with(user.username, user.password).and_return(user)
|
||||
end
|
||||
|
||||
def push_get(project, options = {})
|
||||
get "/#{project}/info/refs", { service: 'git-receive-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
|
||||
context "when authentication fails" do
|
||||
context "when no authentication is provided" do
|
||||
it "responds with status 401" do
|
||||
download('doesnt/exist.git') do |response|
|
||||
expect(response).to have_http_status(401)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def push_post(project, options = {})
|
||||
post "/#{project}/git-receive-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
|
||||
context "when username and invalid password are provided" do
|
||||
it "responds with status 401" do
|
||||
download('doesnt/exist.git', user: user.username, password: "nope") do |response|
|
||||
expect(response).to have_http_status(401)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def download(project, user: nil, password: nil, spnego_request_token: nil)
|
||||
args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
|
||||
|
||||
clone_get(*args)
|
||||
yield response
|
||||
|
||||
clone_post(*args)
|
||||
yield response
|
||||
context "when authentication succeeds" do
|
||||
context "when the project doesn't exist" do
|
||||
it "responds with status 404" do
|
||||
download('/doesnt/exist.git', user: user.username, password: user.password) do |response|
|
||||
expect(response).to have_http_status(404)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def upload(project, user: nil, password: nil, spnego_request_token: nil)
|
||||
args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
|
||||
context "when the project exists" do
|
||||
let(:project) { create(:project, path: 'project.git-project') }
|
||||
|
||||
push_get(*args)
|
||||
yield response
|
||||
|
||||
push_post(*args)
|
||||
yield response
|
||||
before do
|
||||
project.team << [user, :master]
|
||||
end
|
||||
|
||||
def auth_env(user, password, spnego_request_token)
|
||||
env = workhorse_internal_api_request_header
|
||||
if user && password
|
||||
env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user, password)
|
||||
elsif spnego_request_token
|
||||
env['HTTP_AUTHORIZATION'] = "Negotiate #{::Base64.strict_encode64('opaque_request_token')}"
|
||||
it "responds with status 200" do
|
||||
clone_get(path, user: user.username, password: user.password) do |response|
|
||||
expect(response).to have_http_status(200)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
env
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
module GitHttpHelpers
|
||||
def clone_get(project, options = {})
|
||||
get "/#{project}/info/refs", { service: 'git-upload-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
|
||||
end
|
||||
|
||||
def clone_post(project, options = {})
|
||||
post "/#{project}/git-upload-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
|
||||
end
|
||||
|
||||
def push_get(project, options = {})
|
||||
get "/#{project}/info/refs", { service: 'git-receive-pack' }, auth_env(*options.values_at(:user, :password, :spnego_request_token))
|
||||
end
|
||||
|
||||
def push_post(project, options = {})
|
||||
post "/#{project}/git-receive-pack", {}, auth_env(*options.values_at(:user, :password, :spnego_request_token))
|
||||
end
|
||||
|
||||
def download(project, user: nil, password: nil, spnego_request_token: nil)
|
||||
args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
|
||||
|
||||
clone_get(*args)
|
||||
yield response
|
||||
|
||||
clone_post(*args)
|
||||
yield response
|
||||
end
|
||||
|
||||
def upload(project, user: nil, password: nil, spnego_request_token: nil)
|
||||
args = [project, { user: user, password: password, spnego_request_token: spnego_request_token }]
|
||||
|
||||
push_get(*args)
|
||||
yield response
|
||||
|
||||
push_post(*args)
|
||||
yield response
|
||||
end
|
||||
|
||||
def auth_env(user, password, spnego_request_token)
|
||||
env = workhorse_internal_api_request_header
|
||||
if user && password
|
||||
env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user, password)
|
||||
elsif spnego_request_token
|
||||
env['HTTP_AUTHORIZATION'] = "Negotiate #{::Base64.strict_encode64('opaque_request_token')}"
|
||||
end
|
||||
|
||||
env
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue