0424801ec8
Filter out sensitive fields from the project services API See merge request gitlab/gitlabhq!2281 (cherry picked from commit 476f2576444632f2a9a61b4cead9c1077f2c81d7) 2bcbbda0 Filter out sensitive fields from the project services API
317 lines
9 KiB
Ruby
317 lines
9 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe Service do
|
|
describe "Associations" do
|
|
it { is_expected.to belong_to :project }
|
|
it { is_expected.to have_one :service_hook }
|
|
end
|
|
|
|
describe 'Validations' do
|
|
it { is_expected.to validate_presence_of(:type) }
|
|
end
|
|
|
|
describe "Test Button" do
|
|
describe '#can_test?' do
|
|
let(:service) { create(:service, project: project) }
|
|
|
|
context 'when repository is not empty' do
|
|
let(:project) { create(:project, :repository) }
|
|
|
|
it 'returns true' do
|
|
expect(service.can_test?).to be true
|
|
end
|
|
end
|
|
|
|
context 'when repository is empty' do
|
|
let(:project) { create(:project) }
|
|
|
|
it 'returns true' do
|
|
expect(service.can_test?).to be true
|
|
end
|
|
end
|
|
end
|
|
|
|
describe '#test' do
|
|
let(:data) { 'test' }
|
|
let(:service) { create(:service, project: project) }
|
|
|
|
context 'when repository is not empty' do
|
|
let(:project) { create(:project, :repository) }
|
|
|
|
it 'test runs execute' do
|
|
expect(service).to receive(:execute).with(data)
|
|
|
|
service.test(data)
|
|
end
|
|
end
|
|
|
|
context 'when repository is empty' do
|
|
let(:project) { create(:project) }
|
|
|
|
it 'test runs execute' do
|
|
expect(service).to receive(:execute).with(data)
|
|
|
|
service.test(data)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "Template" do
|
|
describe "for pushover service" do
|
|
let!(:service_template) do
|
|
PushoverService.create(
|
|
template: true,
|
|
properties: {
|
|
device: 'MyDevice',
|
|
sound: 'mic',
|
|
priority: 4,
|
|
api_key: '123456789'
|
|
})
|
|
end
|
|
let(:project) { create(:project) }
|
|
|
|
describe 'is prefilled for projects pushover service' do
|
|
it "has all fields prefilled" do
|
|
service = project.find_or_initialize_service('pushover')
|
|
|
|
expect(service.template).to eq(false)
|
|
expect(service.device).to eq('MyDevice')
|
|
expect(service.sound).to eq('mic')
|
|
expect(service.priority).to eq(4)
|
|
expect(service.api_key).to eq('123456789')
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "{property}_changed?" do
|
|
let(:service) do
|
|
BambooService.create(
|
|
project: create(:project),
|
|
properties: {
|
|
bamboo_url: 'http://gitlab.com',
|
|
username: 'mic',
|
|
password: "password"
|
|
}
|
|
)
|
|
end
|
|
|
|
it "returns false when the property has not been assigned a new value" do
|
|
service.username = "key_changed"
|
|
expect(service.bamboo_url_changed?).to be_falsy
|
|
end
|
|
|
|
it "returns true when the property has been assigned a different value" do
|
|
service.bamboo_url = "http://example.com"
|
|
expect(service.bamboo_url_changed?).to be_truthy
|
|
end
|
|
|
|
it "returns true when the property has been assigned a different value twice" do
|
|
service.bamboo_url = "http://example.com"
|
|
service.bamboo_url = "http://example.com"
|
|
expect(service.bamboo_url_changed?).to be_truthy
|
|
end
|
|
|
|
it "returns false when the property has been re-assigned the same value" do
|
|
service.bamboo_url = 'http://gitlab.com'
|
|
expect(service.bamboo_url_changed?).to be_falsy
|
|
end
|
|
|
|
it "returns false when the property has been assigned a new value then saved" do
|
|
service.bamboo_url = 'http://example.com'
|
|
service.save
|
|
expect(service.bamboo_url_changed?).to be_falsy
|
|
end
|
|
end
|
|
|
|
describe "{property}_touched?" do
|
|
let(:service) do
|
|
BambooService.create(
|
|
project: create(:project),
|
|
properties: {
|
|
bamboo_url: 'http://gitlab.com',
|
|
username: 'mic',
|
|
password: "password"
|
|
}
|
|
)
|
|
end
|
|
|
|
it "returns false when the property has not been assigned a new value" do
|
|
service.username = "key_changed"
|
|
expect(service.bamboo_url_touched?).to be_falsy
|
|
end
|
|
|
|
it "returns true when the property has been assigned a different value" do
|
|
service.bamboo_url = "http://example.com"
|
|
expect(service.bamboo_url_touched?).to be_truthy
|
|
end
|
|
|
|
it "returns true when the property has been assigned a different value twice" do
|
|
service.bamboo_url = "http://example.com"
|
|
service.bamboo_url = "http://example.com"
|
|
expect(service.bamboo_url_touched?).to be_truthy
|
|
end
|
|
|
|
it "returns true when the property has been re-assigned the same value" do
|
|
service.bamboo_url = 'http://gitlab.com'
|
|
expect(service.bamboo_url_touched?).to be_truthy
|
|
end
|
|
|
|
it "returns false when the property has been assigned a new value then saved" do
|
|
service.bamboo_url = 'http://example.com'
|
|
service.save
|
|
expect(service.bamboo_url_changed?).to be_falsy
|
|
end
|
|
end
|
|
|
|
describe "{property}_was" do
|
|
let(:service) do
|
|
BambooService.create(
|
|
project: create(:project),
|
|
properties: {
|
|
bamboo_url: 'http://gitlab.com',
|
|
username: 'mic',
|
|
password: "password"
|
|
}
|
|
)
|
|
end
|
|
|
|
it "returns nil when the property has not been assigned a new value" do
|
|
service.username = "key_changed"
|
|
expect(service.bamboo_url_was).to be_nil
|
|
end
|
|
|
|
it "returns the previous value when the property has been assigned a different value" do
|
|
service.bamboo_url = "http://example.com"
|
|
expect(service.bamboo_url_was).to eq('http://gitlab.com')
|
|
end
|
|
|
|
it "returns initial value when the property has been re-assigned the same value" do
|
|
service.bamboo_url = 'http://gitlab.com'
|
|
expect(service.bamboo_url_was).to eq('http://gitlab.com')
|
|
end
|
|
|
|
it "returns initial value when the property has been assigned multiple values" do
|
|
service.bamboo_url = "http://example.com"
|
|
service.bamboo_url = "http://example2.com"
|
|
expect(service.bamboo_url_was).to eq('http://gitlab.com')
|
|
end
|
|
|
|
it "returns nil when the property has been assigned a new value then saved" do
|
|
service.bamboo_url = 'http://example.com'
|
|
service.save
|
|
expect(service.bamboo_url_was).to be_nil
|
|
end
|
|
end
|
|
|
|
describe 'initialize service with no properties' do
|
|
let(:service) do
|
|
GitlabIssueTrackerService.create(
|
|
project: create(:project),
|
|
title: 'random title'
|
|
)
|
|
end
|
|
|
|
it 'does not raise error' do
|
|
expect { service }.not_to raise_error
|
|
end
|
|
|
|
it 'creates the properties' do
|
|
expect(service.properties).to eq({ "title" => "random title" })
|
|
end
|
|
end
|
|
|
|
describe "callbacks" do
|
|
let(:project) { create(:project) }
|
|
let!(:service) do
|
|
RedmineService.new(
|
|
project: project,
|
|
active: true,
|
|
properties: {
|
|
project_url: 'http://redmine/projects/project_name_in_redmine',
|
|
issues_url: "http://redmine/#{project.id}/project_name_in_redmine/:id",
|
|
new_issue_url: 'http://redmine/projects/project_name_in_redmine/issues/new'
|
|
}
|
|
)
|
|
end
|
|
|
|
describe "on create" do
|
|
it "updates the has_external_issue_tracker boolean" do
|
|
expect do
|
|
service.save!
|
|
end.to change { service.project.has_external_issue_tracker }.from(false).to(true)
|
|
end
|
|
end
|
|
|
|
describe "on update" do
|
|
it "updates the has_external_issue_tracker boolean" do
|
|
service.save!
|
|
|
|
expect do
|
|
service.update_attributes(active: false)
|
|
end.to change { service.project.has_external_issue_tracker }.from(true).to(false)
|
|
end
|
|
end
|
|
end
|
|
|
|
<<<<<<< HEAD
|
|
describe "#deprecated?" do
|
|
let(:project) { create(:project, :repository) }
|
|
|
|
it 'should return false by default' do
|
|
service = create(:service, project: project)
|
|
expect(service.deprecated?).to be_falsy
|
|
end
|
|
end
|
|
|
|
describe "#deprecation_message" do
|
|
let(:project) { create(:project, :repository) }
|
|
|
|
it 'should be empty by default' do
|
|
service = create(:service, project: project)
|
|
expect(service.deprecation_message).to be_nil
|
|
end
|
|
end
|
|
|
|
describe '.find_by_template' do
|
|
let!(:kubernetes_service) { create(:kubernetes_service, template: true) }
|
|
|
|
it 'returns service template' do
|
|
expect(KubernetesService.find_by_template).to eq(kubernetes_service)
|
|
=======
|
|
describe '#api_field_names' do
|
|
let(:fake_service) do
|
|
Class.new(Service) do
|
|
def fields
|
|
[
|
|
{ name: 'token' },
|
|
{ name: 'api_token' },
|
|
{ name: 'key' },
|
|
{ name: 'api_key' },
|
|
{ name: 'password' },
|
|
{ name: 'password_field' },
|
|
{ name: 'safe_field' }
|
|
]
|
|
end
|
|
end
|
|
end
|
|
|
|
let(:service) do
|
|
fake_service.new(properties: [
|
|
{ token: 'token-value' },
|
|
{ api_token: 'api_token-value' },
|
|
{ key: 'key-value' },
|
|
{ api_key: 'api_key-value' },
|
|
{ password: 'password-value' },
|
|
{ password_field: 'password_field-value' },
|
|
{ safe_field: 'safe_field-value' }
|
|
])
|
|
end
|
|
|
|
it 'filters out sensitive fields' do
|
|
expect(service.api_field_names).to eq(['safe_field'])
|
|
>>>>>>> Merge branch 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-3'
|
|
end
|
|
end
|
|
end
|