debian-mirror-gitlab/spec/lib/gitlab/web_hooks/recursion_detection_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

222 lines
6.7 KiB
Ruby
Raw Permalink Normal View History

2022-03-02 08:16:31 +05:30
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::WebHooks::RecursionDetection, :clean_gitlab_redis_shared_state, :request_store do
let_it_be(:web_hook) { create(:project_hook) }
let!(:uuid_class) { described_class::UUID }
describe '.set_from_headers' do
let(:old_uuid) { SecureRandom.uuid }
let(:rack_headers) { Rack::MockRequest.env_for("/").merge(headers) }
subject(:set_from_headers) { described_class.set_from_headers(rack_headers) }
# Note, having a previous `request_uuid` value set before `.set_from_headers` is
# called is contrived and should not normally happen. However, testing with this scenario
# allows us to assert the ideal outcome if it ever were to happen.
before do
uuid_class.instance.request_uuid = old_uuid
end
context 'when the detection header is present' do
let(:new_uuid) { SecureRandom.uuid }
let(:headers) do
{ uuid_class::HEADER => new_uuid }
end
it 'sets the request UUID value from the headers' do
set_from_headers
expect(uuid_class.instance.request_uuid).to eq(new_uuid)
end
end
context 'when detection header is not present' do
let(:headers) { {} }
it 'does not set the request UUID' do
set_from_headers
expect(uuid_class.instance.request_uuid).to eq(old_uuid)
end
end
end
describe '.set_request_uuid' do
it 'sets the request UUID value' do
new_uuid = SecureRandom.uuid
described_class.set_request_uuid(new_uuid)
expect(uuid_class.instance.request_uuid).to eq(new_uuid)
end
end
describe '.register!' do
let_it_be(:second_web_hook) { create(:project_hook) }
let_it_be(:third_web_hook) { create(:project_hook) }
def cache_key(hook)
described_class.send(:cache_key_for_hook, hook)
end
it 'stores IDs in the same cache when a request UUID is set, until the request UUID changes', :aggregate_failures do
# Register web_hook and second_web_hook against the same request UUID.
uuid_class.instance.request_uuid = SecureRandom.uuid
described_class.register!(web_hook)
described_class.register!(second_web_hook)
first_cache_key = cache_key(web_hook)
second_cache_key = cache_key(second_web_hook)
# Register third_web_hook against a new request UUID.
uuid_class.instance.request_uuid = SecureRandom.uuid
described_class.register!(third_web_hook)
third_cache_key = cache_key(third_web_hook)
expect(first_cache_key).to eq(second_cache_key)
expect(second_cache_key).not_to eq(third_cache_key)
::Gitlab::Redis::SharedState.with do |redis|
members = redis.smembers(first_cache_key).map(&:to_i)
expect(members).to contain_exactly(web_hook.id, second_web_hook.id)
members = redis.smembers(third_cache_key).map(&:to_i)
expect(members).to contain_exactly(third_web_hook.id)
end
end
it 'stores IDs in unique caches when no request UUID is present', :aggregate_failures do
described_class.register!(web_hook)
described_class.register!(second_web_hook)
described_class.register!(third_web_hook)
first_cache_key = cache_key(web_hook)
second_cache_key = cache_key(second_web_hook)
third_cache_key = cache_key(third_web_hook)
expect([first_cache_key, second_cache_key, third_cache_key].compact.length).to eq(3)
::Gitlab::Redis::SharedState.with do |redis|
members = redis.smembers(first_cache_key).map(&:to_i)
expect(members).to contain_exactly(web_hook.id)
members = redis.smembers(second_cache_key).map(&:to_i)
expect(members).to contain_exactly(second_web_hook.id)
members = redis.smembers(third_cache_key).map(&:to_i)
expect(members).to contain_exactly(third_web_hook.id)
end
end
it 'touches the storage ttl each time it is called', :aggregate_failures do
freeze_time do
described_class.register!(web_hook)
::Gitlab::Redis::SharedState.with do |redis|
expect(redis.ttl(cache_key(web_hook))).to eq(described_class::TOUCH_CACHE_TTL.to_i)
end
end
travel_to(1.minute.from_now) do
described_class.register!(second_web_hook)
::Gitlab::Redis::SharedState.with do |redis|
expect(redis.ttl(cache_key(web_hook))).to eq(described_class::TOUCH_CACHE_TTL.to_i)
end
end
end
end
describe 'block?' do
let_it_be(:registered_web_hooks) { create_list(:project_hook, 2) }
subject(:block?) { described_class.block?(web_hook) }
before do
# Register some previous webhooks.
uuid_class.instance.request_uuid = SecureRandom.uuid
registered_web_hooks.each do |web_hook|
described_class.register!(web_hook)
end
end
it 'returns false if webhook should not be blocked' do
is_expected.to eq(false)
end
context 'when the webhook has previously fired' do
before do
described_class.register!(web_hook)
end
it 'returns true' do
is_expected.to eq(true)
end
context 'when the request UUID changes again' do
before do
uuid_class.instance.request_uuid = SecureRandom.uuid
end
it 'returns false' do
is_expected.to eq(false)
end
end
end
context 'when the count limit has been reached' do
let_it_be(:registered_web_hooks) { create_list(:project_hook, 2) }
before do
registered_web_hooks.each do |web_hook|
described_class.register!(web_hook)
end
stub_const("#{described_class.name}::COUNT_LIMIT", registered_web_hooks.size)
end
it 'returns true' do
is_expected.to eq(true)
end
context 'when the request UUID changes again' do
before do
uuid_class.instance.request_uuid = SecureRandom.uuid
end
it 'returns false' do
is_expected.to eq(false)
end
end
end
end
describe '.header' do
subject(:header) { described_class.header(web_hook) }
it 'returns a header with the UUID value' do
uuid = SecureRandom.uuid
allow(uuid_class.instance).to receive(:uuid_for_hook).and_return(uuid)
is_expected.to eq({ uuid_class::HEADER => uuid })
end
end
describe '.to_log' do
subject(:to_log) { described_class.to_log(web_hook) }
it 'returns the UUID value and all registered webhook IDs in a Hash' do
uuid = SecureRandom.uuid
allow(uuid_class.instance).to receive(:uuid_for_hook).and_return(uuid)
registered_web_hooks = create_list(:project_hook, 2)
registered_web_hooks.each { described_class.register!(_1) }
is_expected.to eq({ uuid: uuid, ids: registered_web_hooks.map(&:id) })
end
end
end