debian-mirror-gitlab/spec/lib/gitlab/middleware/compressed_json_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

208 lines
6.1 KiB
Ruby
Raw Permalink Normal View History

2021-12-11 22:18:48 +05:30
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::Middleware::CompressedJson do
let_it_be(:decompressed_input) { '{"foo": "bar"}' }
let_it_be(:input) { ActiveSupport::Gzip.compress(decompressed_input) }
let(:app) { double(:app) }
let(:middleware) { described_class.new(app) }
2022-07-23 23:45:48 +05:30
let(:content_type) { 'application/json' }
2023-03-04 22:38:38 +05:30
let(:relative_url_root) { '/gitlab' }
2021-12-11 22:18:48 +05:30
let(:env) do
{
'HTTP_CONTENT_ENCODING' => 'gzip',
'REQUEST_METHOD' => 'POST',
2022-07-23 23:45:48 +05:30
'CONTENT_TYPE' => content_type,
2021-12-11 22:18:48 +05:30
'PATH_INFO' => path,
'rack.input' => StringIO.new(input)
}
end
shared_examples 'decompress middleware' do
it 'replaces input with a decompressed content' do
expect(app).to receive(:call)
middleware.call(env)
expect(env['rack.input'].read).to eq(decompressed_input)
expect(env['CONTENT_LENGTH']).to eq(decompressed_input.length)
expect(env['HTTP_CONTENT_ENCODING']).to be_nil
end
end
2023-03-04 22:38:38 +05:30
shared_examples 'passes input' do
it 'keeps the original input' do
expect(app).to receive(:call)
middleware.call(env)
expect(env['rack.input'].read).to eq(input)
expect(env['HTTP_CONTENT_ENCODING']).to eq('gzip')
end
end
shared_context 'with relative url' do
before do
stub_config_setting(relative_url_root: relative_url_root)
end
end
2023-07-09 08:55:56 +05:30
shared_examples 'handles non integer ID' do
context 'with a URL-encoded ID' do
let(:id) { 'gitlab-org%2fgitlab' }
2023-03-04 22:38:38 +05:30
it_behaves_like 'decompress middleware'
end
2023-07-09 08:55:56 +05:30
context 'with a non URL-encoded ID' do
let(:id) { '1/repository/files/api/v4' }
2023-03-04 22:38:38 +05:30
it_behaves_like 'passes input'
end
2023-07-09 08:55:56 +05:30
context 'with a blank ID' do
let(:id) { '' }
2023-03-04 22:38:38 +05:30
it_behaves_like 'passes input'
end
end
2021-12-11 22:18:48 +05:30
describe '#call' do
context 'with collector route' do
2022-08-27 11:52:29 +05:30
let(:path) { '/api/v4/error_tracking/collector/1/store' }
2021-12-11 22:18:48 +05:30
it_behaves_like 'decompress middleware'
2022-07-23 23:45:48 +05:30
context 'with no Content-Type' do
let(:content_type) { nil }
it_behaves_like 'decompress middleware'
end
2023-03-04 22:38:38 +05:30
include_context 'with relative url' do
let(:path) { "#{relative_url_root}/api/v4/error_tracking/collector/1/store" }
it_behaves_like 'decompress middleware'
end
2021-12-11 22:18:48 +05:30
end
2023-03-04 22:38:38 +05:30
context 'with packages route' do
context 'with instance level endpoint' do
context 'with npm advisory bulk url' do
let(:path) { '/api/v4/packages/npm/-/npm/v1/security/advisories/bulk' }
it_behaves_like 'decompress middleware'
include_context 'with relative url' do
let(:path) { "#{relative_url_root}/api/v4/packages/npm/-/npm/v1/security/advisories/bulk" }
it_behaves_like 'decompress middleware'
end
end
context 'with npm quick audit url' do
let(:path) { '/api/v4/packages/npm/-/npm/v1/security/audits/quick' }
2021-12-11 22:18:48 +05:30
2023-03-04 22:38:38 +05:30
it_behaves_like 'decompress middleware'
include_context 'with relative url' do
let(:path) { "#{relative_url_root}/api/v4/packages/npm/-/npm/v1/security/audits/quick" }
it_behaves_like 'decompress middleware'
end
end
2021-12-11 22:18:48 +05:30
end
2023-03-04 22:38:38 +05:30
context 'with project level endpoint' do
2023-07-09 08:55:56 +05:30
let(:id) { 1 }
2021-12-11 22:18:48 +05:30
2023-03-04 22:38:38 +05:30
context 'with npm advisory bulk url' do
2023-07-09 08:55:56 +05:30
let(:path) { "/api/v4/projects/#{id}/packages/npm/-/npm/v1/security/advisories/bulk" }
2021-12-11 22:18:48 +05:30
2023-03-04 22:38:38 +05:30
it_behaves_like 'decompress middleware'
2021-12-11 22:18:48 +05:30
2023-03-04 22:38:38 +05:30
include_context 'with relative url' do
2023-07-09 08:55:56 +05:30
let(:path) { "#{relative_url_root}/api/v4/projects/#{id}/packages/npm/-/npm/v1/security/advisories/bulk" } # rubocop disable Layout/LineLength
2021-12-11 22:18:48 +05:30
2023-03-04 22:38:38 +05:30
it_behaves_like 'decompress middleware'
end
2023-07-09 08:55:56 +05:30
it_behaves_like 'handles non integer ID'
2023-03-04 22:38:38 +05:30
end
context 'with npm quick audit url' do
2023-07-09 08:55:56 +05:30
let(:path) { "/api/v4/projects/#{id}/packages/npm/-/npm/v1/security/audits/quick" }
2023-03-04 22:38:38 +05:30
it_behaves_like 'decompress middleware'
include_context 'with relative url' do
2023-07-09 08:55:56 +05:30
let(:path) { "#{relative_url_root}/api/v4/projects/#{id}/packages/npm/-/npm/v1/security/audits/quick" } # rubocop disable Layout/LineLength
2023-03-04 22:38:38 +05:30
it_behaves_like 'decompress middleware'
end
2023-07-09 08:55:56 +05:30
it_behaves_like 'handles non integer ID'
2023-03-04 22:38:38 +05:30
end
2021-12-11 22:18:48 +05:30
end
end
2023-07-09 08:55:56 +05:30
context 'with group level endpoint' do
let(:id) { 1 }
context 'with npm advisory bulk url' do
let(:path) { "/api/v4/groups/#{id}/-/packages/npm/-/npm/v1/security/advisories/bulk" }
it_behaves_like 'decompress middleware'
include_context 'with relative url' do
let(:path) { "#{relative_url_root}/api/v4/groups/#{id}/-/packages/npm/-/npm/v1/security/advisories/bulk" } # rubocop disable Layout/LineLength
it_behaves_like 'decompress middleware'
end
it_behaves_like 'handles non integer ID'
end
context 'with npm quick audit url' do
let(:path) { "/api/v4/groups/#{id}/-/packages/npm/-/npm/v1/security/audits/quick" }
it_behaves_like 'decompress middleware'
include_context 'with relative url' do
let(:path) { "#{relative_url_root}/api/v4/groups/#{id}/-/packages/npm/-/npm/v1/security/audits/quick" } # rubocop disable Layout/LineLength
it_behaves_like 'decompress middleware'
end
it_behaves_like 'handles non integer ID'
end
end
2023-03-04 22:38:38 +05:30
context 'with some other route' do
let(:path) { '/api/projects/123' }
it_behaves_like 'passes input'
end
2023-07-09 08:55:56 +05:30
context 'with the wrong project path' do
let(:path) { '/api/v4/projects/123/-/packages/npm/-/npm/v1/security/advisories/bulk' }
it_behaves_like 'passes input'
end
2021-12-11 22:18:48 +05:30
context 'payload is too large' do
let(:body_limit) { Gitlab::Middleware::CompressedJson::MAXIMUM_BODY_SIZE }
let(:decompressed_input) { 'a' * (body_limit + 100) }
let(:input) { ActiveSupport::Gzip.compress(decompressed_input) }
2022-08-27 11:52:29 +05:30
let(:path) { '/api/v4/error_tracking/collector/1/envelope' }
2021-12-11 22:18:48 +05:30
it 'reads only limited size' do
expect(middleware.call(env))
.to eq([413, { 'Content-Type' => 'text/plain' }, ['Payload Too Large']])
end
end
end
end