debian-mirror-gitlab/spec/controllers/import/bitbucket_controller_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

461 lines
16 KiB
Ruby
Raw Permalink Normal View History

2019-07-31 22:56:46 +05:30
# frozen_string_literal: true
2015-04-26 12:48:37 +05:30
require 'spec_helper'
2023-05-27 22:25:52 +05:30
RSpec.describe Import::BitbucketController, feature_category: :importers do
2015-09-11 14:41:01 +05:30
include ImportSpecHelper
2015-09-25 12:07:36 +05:30
let(:user) { create(:user) }
let(:token) { "asdasd12345" }
let(:secret) { "sekrettt" }
2017-08-17 22:00:37 +05:30
let(:refresh_token) { SecureRandom.hex(15) }
let(:access_params) { { token: token, expires_at: nil, expires_in: nil, refresh_token: nil } }
2019-02-02 18:00:53 +05:30
let(:code) { SecureRandom.hex(8) }
2015-09-25 12:07:36 +05:30
def assign_session_tokens
2017-08-17 22:00:37 +05:30
session[:bitbucket_token] = token
2015-09-25 12:07:36 +05:30
end
2015-04-26 12:48:37 +05:30
before do
sign_in(user)
2015-09-11 14:41:01 +05:30
allow(controller).to receive(:bitbucket_import_enabled?).and_return(true)
2015-04-26 12:48:37 +05:30
end
describe "GET callback" do
before do
session[:oauth_request_token] = {}
end
2015-09-11 14:41:01 +05:30
2022-06-21 17:19:12 +05:30
context "when auth state param is invalid" do
let(:random_key) { "pure_random" }
let(:external_bitbucket_auth_url) { "http://fake.bitbucket.host/url" }
it "redirects to external auth url" do
allow(SecureRandom).to receive(:base64).and_return(random_key)
allow_next_instance_of(OAuth2::Client) do |client|
allow(client).to receive_message_chain(:auth_code, :authorize_url)
.with(redirect_uri: users_import_bitbucket_callback_url, state: random_key)
.and_return(external_bitbucket_auth_url)
end
get :callback, params: { code: code, state: "invalid-token" }
expect(controller).to redirect_to(external_bitbucket_auth_url)
end
end
context "when auth state param is valid" do
2022-08-13 15:12:31 +05:30
let(:expires_at) { Time.current + 1.day }
let(:expires_in) { 1.day }
let(:access_token) do
2023-05-27 22:25:52 +05:30
double(
token: token,
secret: secret,
expires_at: expires_at,
expires_in: expires_in,
refresh_token: refresh_token
)
2022-08-13 15:12:31 +05:30
end
2022-06-21 17:19:12 +05:30
before do
session[:bitbucket_auth_state] = 'state'
end
it "updates access token" do
allow_any_instance_of(OAuth2::Client)
.to receive(:get_token)
.with(hash_including(
2023-05-27 22:25:52 +05:30
'grant_type' => 'authorization_code',
'code' => code,
'redirect_uri' => users_import_bitbucket_callback_url),
{})
2022-06-21 17:19:12 +05:30
.and_return(access_token)
stub_omniauth_provider('bitbucket')
get :callback, params: { code: code, state: 'state' }
expect(session[:bitbucket_token]).to eq(token)
expect(session[:bitbucket_refresh_token]).to eq(refresh_token)
expect(session[:bitbucket_expires_at]).to eq(expires_at)
expect(session[:bitbucket_expires_in]).to eq(expires_in)
expect(controller).to redirect_to(status_import_bitbucket_url)
end
2022-08-13 15:12:31 +05:30
it "passes namespace_id query param to status if provided" do
namespace_id = 30
allow_any_instance_of(OAuth2::Client)
.to receive(:get_token)
.and_return(access_token)
get :callback, params: { code: code, state: 'state', namespace_id: namespace_id }
expect(controller).to redirect_to(status_import_bitbucket_url(namespace_id: namespace_id))
end
2015-04-26 12:48:37 +05:30
end
end
describe "GET status" do
before do
2020-06-23 00:09:42 +05:30
@repo = double(name: 'vim', slug: 'vim', owner: 'asd', full_name: 'asd/vim', clone_url: 'http://test.host/demo/url.git', 'valid?' => true)
@invalid_repo = double(name: 'mercurialrepo', slug: 'mercurialrepo', owner: 'asd', full_name: 'asd/mercurialrepo', clone_url: 'http://test.host/demo/mercurialrepo.git', 'valid?' => false)
2022-06-21 17:19:12 +05:30
end
context "when token does not exists" do
let(:random_key) { "pure_random" }
let(:external_bitbucket_auth_url) { "http://fake.bitbucket.host/url" }
2020-06-23 00:09:42 +05:30
2022-06-21 17:19:12 +05:30
it 'redirects to authorize url with state included' do
allow(SecureRandom).to receive(:base64).and_return(random_key)
allow_next_instance_of(OAuth2::Client) do |client|
allow(client).to receive_message_chain(:auth_code, :authorize_url)
.with(redirect_uri: users_import_bitbucket_callback_url, state: random_key)
.and_return(external_bitbucket_auth_url)
end
get :status, format: :json
expect(controller).to redirect_to(external_bitbucket_auth_url)
end
2020-06-23 00:09:42 +05:30
end
2022-06-21 17:19:12 +05:30
context "when token is valid" do
2020-06-23 00:09:42 +05:30
before do
2022-06-21 17:19:12 +05:30
assign_session_tokens
2020-06-23 00:09:42 +05:30
end
2022-06-21 17:19:12 +05:30
it_behaves_like 'import controller status' do
let(:repo) { @repo }
let(:repo_id) { @repo.full_name }
let(:import_source) { @repo.full_name }
let(:provider_name) { 'bitbucket' }
let(:client_repos_field) { :repos }
end
2015-04-26 12:48:37 +05:30
2022-06-21 17:19:12 +05:30
it 'returns invalid repos' do
allow_any_instance_of(Bitbucket::Client).to receive(:repos).and_return([@repo, @invalid_repo])
2015-04-26 12:48:37 +05:30
2022-06-21 17:19:12 +05:30
get :status, format: :json
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['incompatible_repos'].length).to eq(1)
expect(json_response.dig("incompatible_repos", 0, "id")).to eq(@invalid_repo.full_name)
expect(json_response['provider_repos'].length).to eq(1)
expect(json_response.dig("provider_repos", 0, "id")).to eq(@repo.full_name)
end
2019-12-21 20:55:43 +05:30
2022-06-21 17:19:12 +05:30
context 'when filtering' do
let(:filter) { '<html>test</html>' }
let(:expected_filter) { 'test' }
2019-12-21 20:55:43 +05:30
2022-06-21 17:19:12 +05:30
subject { get :status, params: { filter: filter }, as: :json }
2019-12-21 20:55:43 +05:30
2022-06-21 17:19:12 +05:30
it 'passes sanitized filter param to bitbucket client' do
expect_next_instance_of(Bitbucket::Client) do |client|
expect(client).to receive(:repos).with(filter: expected_filter).and_return([@repo])
end
2019-12-21 20:55:43 +05:30
2022-06-21 17:19:12 +05:30
subject
end
2019-12-21 20:55:43 +05:30
end
end
2015-04-26 12:48:37 +05:30
end
describe "POST create" do
let(:bitbucket_username) { user.username }
2015-09-11 14:41:01 +05:30
let(:bitbucket_user) do
2017-08-17 22:00:37 +05:30
double(username: bitbucket_username)
2015-09-11 14:41:01 +05:30
end
let(:bitbucket_repo) do
2017-08-17 22:00:37 +05:30
double(slug: "vim", owner: bitbucket_username, name: 'vim')
2015-09-11 14:41:01 +05:30
end
2015-04-26 12:48:37 +05:30
2018-03-27 19:54:05 +05:30
let(:project) { create(:project) }
2015-04-26 12:48:37 +05:30
before do
2017-08-17 22:00:37 +05:30
allow_any_instance_of(Bitbucket::Client).to receive(:repo).and_return(bitbucket_repo)
allow_any_instance_of(Bitbucket::Client).to receive(:user).and_return(bitbucket_user)
2015-09-25 12:07:36 +05:30
assign_session_tokens
2015-04-26 12:48:37 +05:30
end
2018-03-27 19:54:05 +05:30
it 'returns 200 response when the project is imported successfully' do
allow(Gitlab::BitbucketImport::ProjectCreator)
.to receive(:new).with(bitbucket_repo, bitbucket_repo.name, user.namespace, user, access_params)
.and_return(double(execute: project))
post :create, format: :json
2023-03-04 22:38:38 +05:30
expect_snowplow_event(
category: 'Import::BitbucketController',
action: 'create',
label: 'import_access_level',
user: user,
extra: { user_role: 'Owner', import_type: 'bitbucket' }
)
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2018-03-27 19:54:05 +05:30
end
it 'returns 422 response when the project could not be imported' do
allow(Gitlab::BitbucketImport::ProjectCreator)
.to receive(:new).with(bitbucket_repo, bitbucket_repo.name, user.namespace, user, access_params)
.and_return(double(execute: build(:project)))
post :create, format: :json
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:unprocessable_entity)
2018-03-27 19:54:05 +05:30
end
2020-03-13 15:44:24 +05:30
it_behaves_like 'project import rate limiter'
2015-04-26 12:48:37 +05:30
context "when the repository owner is the Bitbucket user" do
context "when the Bitbucket user and GitLab user's usernames match" do
it "takes the current user's namespace" do
2017-09-10 17:25:29 +05:30
expect(Gitlab::BitbucketImport::ProjectCreator)
.to receive(:new).with(bitbucket_repo, bitbucket_repo.name, user.namespace, user, access_params)
2018-03-27 19:54:05 +05:30
.and_return(double(execute: project))
2015-04-26 12:48:37 +05:30
2018-03-27 19:54:05 +05:30
post :create, format: :json
2015-04-26 12:48:37 +05:30
end
end
context "when the Bitbucket user and GitLab user's usernames don't match" do
let(:bitbucket_username) { "someone_else" }
it "takes the current user's namespace" do
2017-09-10 17:25:29 +05:30
expect(Gitlab::BitbucketImport::ProjectCreator)
.to receive(:new).with(bitbucket_repo, bitbucket_repo.name, user.namespace, user, access_params)
2018-03-27 19:54:05 +05:30
.and_return(double(execute: project))
2015-04-26 12:48:37 +05:30
2018-03-27 19:54:05 +05:30
post :create, format: :json
2015-04-26 12:48:37 +05:30
end
end
2017-08-17 22:00:37 +05:30
context 'when the Bitbucket user is unauthorized' do
render_views
it 'returns unauthorized' do
allow(controller).to receive(:current_user).and_return(user)
allow(user).to receive(:can?).and_return(false)
2018-03-27 19:54:05 +05:30
post :create, format: :json
2017-08-17 22:00:37 +05:30
end
end
2015-04-26 12:48:37 +05:30
end
context "when the repository owner is not the Bitbucket user" do
let(:other_username) { "someone_else" }
before do
2017-08-17 22:00:37 +05:30
allow(bitbucket_repo).to receive(:owner).and_return(other_username)
2015-04-26 12:48:37 +05:30
end
context "when a namespace with the Bitbucket user's username already exists" do
2017-09-10 17:25:29 +05:30
let!(:existing_namespace) { create(:group, name: other_username) }
2015-04-26 12:48:37 +05:30
context "when the namespace is owned by the GitLab user" do
2017-09-10 17:25:29 +05:30
before do
existing_namespace.add_owner(user)
end
2015-04-26 12:48:37 +05:30
it "takes the existing namespace" do
2017-09-10 17:25:29 +05:30
expect(Gitlab::BitbucketImport::ProjectCreator)
.to receive(:new).with(bitbucket_repo, bitbucket_repo.name, existing_namespace, user, access_params)
2018-03-27 19:54:05 +05:30
.and_return(double(execute: project))
2015-04-26 12:48:37 +05:30
2018-03-27 19:54:05 +05:30
post :create, format: :json
2015-04-26 12:48:37 +05:30
end
end
context "when the namespace is not owned by the GitLab user" do
it "doesn't create a project" do
2017-09-10 17:25:29 +05:30
expect(Gitlab::BitbucketImport::ProjectCreator)
.not_to receive(:new)
2015-04-26 12:48:37 +05:30
2018-03-27 19:54:05 +05:30
post :create, format: :json
2015-04-26 12:48:37 +05:30
end
end
end
context "when a namespace with the Bitbucket user's username doesn't exist" do
2016-09-29 09:46:39 +05:30
context "when current user can create namespaces" do
it "creates the namespace" do
2017-09-10 17:25:29 +05:30
expect(Gitlab::BitbucketImport::ProjectCreator)
2018-03-27 19:54:05 +05:30
.to receive(:new).and_return(double(execute: project))
2015-04-26 12:48:37 +05:30
2018-03-27 19:54:05 +05:30
expect { post :create, format: :json }.to change(Namespace, :count).by(1)
2016-09-29 09:46:39 +05:30
end
it "takes the new namespace" do
2017-09-10 17:25:29 +05:30
expect(Gitlab::BitbucketImport::ProjectCreator)
.to receive(:new).with(bitbucket_repo, bitbucket_repo.name, an_instance_of(Group), user, access_params)
2018-03-27 19:54:05 +05:30
.and_return(double(execute: project))
2015-04-26 12:48:37 +05:30
2018-03-27 19:54:05 +05:30
post :create, format: :json
2016-09-29 09:46:39 +05:30
end
2015-04-26 12:48:37 +05:30
end
2016-09-29 09:46:39 +05:30
context "when current user can't create namespaces" do
before do
user.update_attribute(:can_create_group, false)
end
2015-04-26 12:48:37 +05:30
2016-09-29 09:46:39 +05:30
it "doesn't create the namespace" do
2017-09-10 17:25:29 +05:30
expect(Gitlab::BitbucketImport::ProjectCreator)
2018-03-27 19:54:05 +05:30
.to receive(:new).and_return(double(execute: project))
2016-09-29 09:46:39 +05:30
2018-03-27 19:54:05 +05:30
expect { post :create, format: :json }.not_to change(Namespace, :count)
2023-03-04 22:38:38 +05:30
expect_snowplow_event(
category: 'Import::BitbucketController',
action: 'create',
label: 'import_access_level',
user: user,
extra: { user_role: 'Owner', import_type: 'bitbucket' }
)
2016-09-29 09:46:39 +05:30
end
it "takes the current user's namespace" do
2017-09-10 17:25:29 +05:30
expect(Gitlab::BitbucketImport::ProjectCreator)
.to receive(:new).with(bitbucket_repo, bitbucket_repo.name, user.namespace, user, access_params)
2018-03-27 19:54:05 +05:30
.and_return(double(execute: project))
2016-09-29 09:46:39 +05:30
2018-03-27 19:54:05 +05:30
post :create, format: :json
2016-09-29 09:46:39 +05:30
end
2015-04-26 12:48:37 +05:30
end
end
2021-12-11 22:18:48 +05:30
context "when exceptions occur" do
shared_examples "handles exceptions" do
it "logs an exception" do
expect(Bitbucket::Client).to receive(:new).and_raise(error)
expect(controller).to receive(:log_exception)
post :create, format: :json
end
end
context "for OAuth2 errors" do
let(:fake_response) { double('Faraday::Response', headers: {}, body: '', status: 403) }
let(:error) { OAuth2::Error.new(OAuth2::Response.new(fake_response)) }
it_behaves_like "handles exceptions"
end
context "for Bitbucket errors" do
let(:error) { Bitbucket::Error::Unauthorized.new("error") }
it_behaves_like "handles exceptions"
end
end
2015-04-26 12:48:37 +05:30
end
2017-08-17 22:00:37 +05:30
2019-10-12 21:52:04 +05:30
context 'user has chosen an existing nested namespace and name for the project' do
2018-10-15 14:42:47 +05:30
let(:parent_namespace) { create(:group, name: 'foo') }
2017-09-10 17:25:29 +05:30
let(:nested_namespace) { create(:group, name: 'bar', parent: parent_namespace) }
2017-08-17 22:00:37 +05:30
let(:test_name) { 'test_name' }
2017-09-10 17:25:29 +05:30
before do
2018-10-15 14:42:47 +05:30
parent_namespace.add_owner(user)
2017-09-10 17:25:29 +05:30
nested_namespace.add_owner(user)
end
2017-08-17 22:00:37 +05:30
it 'takes the selected namespace and name' do
2017-09-10 17:25:29 +05:30
expect(Gitlab::BitbucketImport::ProjectCreator)
.to receive(:new).with(bitbucket_repo, test_name, nested_namespace, user, access_params)
2018-03-27 19:54:05 +05:30
.and_return(double(execute: project))
2017-08-17 22:00:37 +05:30
2019-02-15 15:39:39 +05:30
post :create, params: { target_namespace: nested_namespace.full_path, new_name: test_name }, format: :json
2017-08-17 22:00:37 +05:30
end
end
2019-10-12 21:52:04 +05:30
context 'user has chosen a non-existent nested namespaces and name for the project' do
2017-08-17 22:00:37 +05:30
let(:test_name) { 'test_name' }
it 'takes the selected namespace and name' do
2017-09-10 17:25:29 +05:30
expect(Gitlab::BitbucketImport::ProjectCreator)
.to receive(:new).with(bitbucket_repo, test_name, kind_of(Namespace), user, access_params)
2018-03-27 19:54:05 +05:30
.and_return(double(execute: project))
2017-08-17 22:00:37 +05:30
2019-02-15 15:39:39 +05:30
post :create, params: { target_namespace: 'foo/bar', new_name: test_name }, format: :json
2017-08-17 22:00:37 +05:30
end
it 'creates the namespaces' do
2017-09-10 17:25:29 +05:30
allow(Gitlab::BitbucketImport::ProjectCreator)
.to receive(:new).with(bitbucket_repo, test_name, kind_of(Namespace), user, access_params)
2018-03-27 19:54:05 +05:30
.and_return(double(execute: project))
2017-08-17 22:00:37 +05:30
2019-02-15 15:39:39 +05:30
expect { post :create, params: { target_namespace: 'foo/bar', new_name: test_name }, format: :json }
2017-08-17 22:00:37 +05:30
.to change { Namespace.count }.by(2)
end
it 'new namespace has the right parent' do
2017-09-10 17:25:29 +05:30
allow(Gitlab::BitbucketImport::ProjectCreator)
.to receive(:new).with(bitbucket_repo, test_name, kind_of(Namespace), user, access_params)
2018-03-27 19:54:05 +05:30
.and_return(double(execute: project))
2017-08-17 22:00:37 +05:30
2019-02-15 15:39:39 +05:30
post :create, params: { target_namespace: 'foo/bar', new_name: test_name }, format: :json
2017-08-17 22:00:37 +05:30
expect(Namespace.find_by_path_or_name('bar').parent.path).to eq('foo')
end
end
2019-10-12 21:52:04 +05:30
context 'user has chosen existent and non-existent nested namespaces and name for the project' do
2017-08-17 22:00:37 +05:30
let(:test_name) { 'test_name' }
2018-10-15 14:42:47 +05:30
let!(:parent_namespace) { create(:group, name: 'foo') }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
before do
parent_namespace.add_owner(user)
end
2017-08-17 22:00:37 +05:30
it 'takes the selected namespace and name' do
2017-09-10 17:25:29 +05:30
expect(Gitlab::BitbucketImport::ProjectCreator)
.to receive(:new).with(bitbucket_repo, test_name, kind_of(Namespace), user, access_params)
2018-03-27 19:54:05 +05:30
.and_return(double(execute: project))
2017-08-17 22:00:37 +05:30
2019-02-15 15:39:39 +05:30
post :create, params: { target_namespace: 'foo/foobar/bar', new_name: test_name }, format: :json
2017-08-17 22:00:37 +05:30
end
it 'creates the namespaces' do
2017-09-10 17:25:29 +05:30
allow(Gitlab::BitbucketImport::ProjectCreator)
.to receive(:new).with(bitbucket_repo, test_name, kind_of(Namespace), user, access_params)
2018-03-27 19:54:05 +05:30
.and_return(double(execute: project))
2017-08-17 22:00:37 +05:30
2019-02-15 15:39:39 +05:30
expect { post :create, params: { target_namespace: 'foo/foobar/bar', new_name: test_name }, format: :json }
2017-08-17 22:00:37 +05:30
.to change { Namespace.count }.by(2)
end
end
2018-03-27 19:54:05 +05:30
context 'when user can not create projects in the chosen namespace' do
it 'returns 422 response' do
other_namespace = create(:group, name: 'other_namespace')
2019-02-15 15:39:39 +05:30
post :create, params: { target_namespace: other_namespace.name }, format: :json
2018-03-27 19:54:05 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:unprocessable_entity)
2023-03-04 22:38:38 +05:30
expect_snowplow_event(
category: 'Import::BitbucketController',
action: 'create',
label: 'import_access_level',
user: user,
extra: { user_role: 'Not a member', import_type: 'bitbucket' }
)
2018-03-27 19:54:05 +05:30
end
end
2023-05-27 22:25:52 +05:30
context 'when user can not import projects' do
let!(:other_namespace) { create(:group, name: 'other_namespace').tap { |other_namespace| other_namespace.add_developer(user) } }
it 'returns 422 response' do
post :create, params: { target_namespace: other_namespace.name }, format: :json
expect(response).to have_gitlab_http_status(:unprocessable_entity)
expect(response.parsed_body['errors']).to eq('You are not allowed to import projects in this namespace.')
end
end
2015-04-26 12:48:37 +05:30
end
end